"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.4.2/src/man/po/br.po" (19 Feb 2021, 711331 Bytes) of package /linux/misc/sssd-2.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PO translation source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # SOME DESCRIPTIVE TITLE
    2 # Copyright (C) YEAR Red Hat
    3 # This file is distributed under the same license as the sssd-docs package.
    4 #
    5 # Translators:
    6 # Fulup <fulup.jakez@gmail.com>, 2012
    7 msgid ""
    8 msgstr ""
    9 "Project-Id-Version: sssd-docs 2.3.0\n"
   10 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
   11 "POT-Creation-Date: 2021-02-19 16:49+0100\n"
   12 "PO-Revision-Date: 2014-12-14 11:51-0500\n"
   13 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
   14 "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
   15 "br/)\n"
   16 "Language: br\n"
   17 "MIME-Version: 1.0\n"
   18 "Content-Type: text/plain; charset=UTF-8\n"
   19 "Content-Transfer-Encoding: 8bit\n"
   20 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
   21 "X-Generator: Zanata 4.6.2\n"
   22 
   23 #. type: Content of: <reference><title>
   24 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
   25 #: pam_sss_gss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5
   26 #: sss-certmap.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5
   27 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
   28 #: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
   29 #: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
   30 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
   31 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
   32 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
   33 #: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
   34 #: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5
   35 msgid "SSSD Manual pages"
   36 msgstr "Dornlevr SSSD"
   37 
   38 #. type: Content of: <reference><refentry><refnamediv><refname>
   39 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
   40 msgid "sss_groupmod"
   41 msgstr "sss_groupmod"
   42 
   43 #. type: Content of: <reference><refentry><refmeta><manvolnum>
   44 #: sss_groupmod.8.xml:11 pam_sss.8.xml:12 pam_sss_gss.8.xml:12
   45 #: sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11
   46 #: sss_override.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11
   47 #: sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11
   48 #: sss_usermod.8.xml:11 sss_cache.8.xml:11 sss_debuglevel.8.xml:11
   49 #: sss_seed.8.xml:11 idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
   50 msgid "8"
   51 msgstr "8"
   52 
   53 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
   54 #: sss_groupmod.8.xml:16
   55 msgid "modify a group"
   56 msgstr "Kemmañur strollad"
   57 
   58 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
   59 #: sss_groupmod.8.xml:21
   60 msgid ""
   61 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
   62 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
   63 "arg>"
   64 msgstr ""
   65 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
   66 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
   67 "arg>"
   68 
   69 #. type: Content of: <reference><refentry><refsect1><title>
   70 #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:63
   71 #: pam_sss_gss.8.xml:30 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22
   72 #: sss-certmap.5.xml:21 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21
   73 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30
   74 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
   75 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
   76 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
   77 #: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
   78 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
   79 #: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
   80 #: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21
   81 msgid "DESCRIPTION"
   82 msgstr "DESKRIVADUR"
   83 
   84 #. type: Content of: <reference><refentry><refsect1><para>
   85 #: sss_groupmod.8.xml:32
   86 msgid ""
   87 "<command>sss_groupmod</command> modifies the group to reflect the changes "
   88 "that are specified on the command line."
   89 msgstr ""
   90 
   91 #. type: Content of: <reference><refentry><refsect1><title>
   92 #: sss_groupmod.8.xml:39 pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42
   93 #: sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39
   94 #: sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39
   95 #: sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42
   96 #: sss_ssh_authorizedkeys.1.xml:123 sss_ssh_knownhostsproxy.1.xml:62
   97 msgid "OPTIONS"
   98 msgstr "DIBARZHIOÙ"
   99 
  100 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  101 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
  102 msgid ""
  103 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
  104 "replaceable>"
  105 msgstr ""
  106 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
  107 "replaceable>"
  108 
  109 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  110 #: sss_groupmod.8.xml:48
  111 msgid ""
  112 "Append this group to groups specified by the <replaceable>GROUPS</"
  113 "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
  114 "a comma separated list of group names."
  115 msgstr ""
  116 
  117 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  118 #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
  119 msgid ""
  120 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
  121 "replaceable>"
  122 msgstr ""
  123 
  124 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  125 #: sss_groupmod.8.xml:62
  126 msgid ""
  127 "Remove this group from groups specified by the <replaceable>GROUPS</"
  128 "replaceable> parameter."
  129 msgstr ""
  130 
  131 #. type: Content of: <reference><refentry><refnamediv><refname>
  132 #: sssd.conf.5.xml:10 sssd.conf.5.xml:16
  133 msgid "sssd.conf"
  134 msgstr "sssd.conf"
  135 
  136 #. type: Content of: <reference><refentry><refmeta><manvolnum>
  137 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
  138 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
  139 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
  140 #: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
  141 #: sssd-systemtap.5.xml:11 sssd-ldap-attributes.5.xml:11
  142 msgid "5"
  143 msgstr "5"
  144 
  145 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
  146 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
  147 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
  148 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
  149 #: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
  150 #: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12
  151 msgid "File Formats and Conventions"
  152 msgstr ""
  153 
  154 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
  155 #: sssd.conf.5.xml:17
  156 msgid "the configuration file for SSSD"
  157 msgstr "Ar restr gefluniañ evit SSSD"
  158 
  159 #. type: Content of: <reference><refentry><refsect1><title>
  160 #: sssd.conf.5.xml:21
  161 msgid "FILE FORMAT"
  162 msgstr "FURMAD RESTR"
  163 
  164 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
  165 #: sssd.conf.5.xml:29
  166 #, no-wrap
  167 msgid ""
  168 "<replaceable>[section]</replaceable>\n"
  169 "<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
  170 "<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
  171 "            "
  172 msgstr ""
  173 
  174 #. type: Content of: <reference><refentry><refsect1><para>
  175 #: sssd.conf.5.xml:24
  176 msgid ""
  177 "The file has an ini-style syntax and consists of sections and parameters. A "
  178 "section begins with the name of the section in square brackets and continues "
  179 "until the next section begins. An example of section with single and multi-"
  180 "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
  181 msgstr ""
  182 
  183 #. type: Content of: <reference><refentry><refsect1><para>
  184 #: sssd.conf.5.xml:36
  185 msgid ""
  186 "The data types used are string (no quotes needed), integer and bool (with "
  187 "values of <quote>TRUE/FALSE</quote>)."
  188 msgstr ""
  189 
  190 #. type: Content of: <reference><refentry><refsect1><para>
  191 #: sssd.conf.5.xml:41
  192 msgid ""
  193 "A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
  194 "(<quote>;</quote>).  Inline comments are not supported."
  195 msgstr ""
  196 
  197 #. type: Content of: <reference><refentry><refsect1><para>
  198 #: sssd.conf.5.xml:47
  199 msgid ""
  200 "All sections can have an optional <replaceable>description</replaceable> "
  201 "parameter. Its function is only as a label for the section."
  202 msgstr ""
  203 
  204 #. type: Content of: <reference><refentry><refsect1><para>
  205 #: sssd.conf.5.xml:53
  206 msgid ""
  207 "<filename>sssd.conf</filename> must be a regular file, owned by root and "
  208 "only root may read from or write to the file."
  209 msgstr ""
  210 
  211 #. type: Content of: <reference><refentry><refsect1><title>
  212 #: sssd.conf.5.xml:59
  213 msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
  214 msgstr ""
  215 
  216 #. type: Content of: <reference><refentry><refsect1><para>
  217 #: sssd.conf.5.xml:62
  218 msgid ""
  219 "The configuration file <filename>sssd.conf</filename> will include "
  220 "configuration snippets using the include directory <filename>conf.d</"
  221 "filename>. This feature is available if SSSD was compiled with libini "
  222 "version 1.3.0 or later."
  223 msgstr ""
  224 
  225 #. type: Content of: <reference><refentry><refsect1><para>
  226 #: sssd.conf.5.xml:69
  227 msgid ""
  228 "Any file placed in <filename>conf.d</filename> that ends in "
  229 "<quote><filename>.conf</filename></quote> and does not begin with a dot "
  230 "(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
  231 "to configure SSSD."
  232 msgstr ""
  233 
  234 #. type: Content of: <reference><refentry><refsect1><para>
  235 #: sssd.conf.5.xml:77
  236 msgid ""
  237 "The configuration snippets from <filename>conf.d</filename> have higher "
  238 "priority than <filename>sssd.conf</filename> and will override "
  239 "<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
  240 "present in <filename>conf.d</filename>, then they are included in "
  241 "alphabetical order (based on locale).  Files included later have higher "
  242 "priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
  243 "<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
  244 "(higher number means higher priority)."
  245 msgstr ""
  246 
  247 #. type: Content of: <reference><refentry><refsect1><para>
  248 #: sssd.conf.5.xml:91
  249 msgid ""
  250 "The snippet files require the same owner and permissions as <filename>sssd."
  251 "conf</filename>. Which are by default root:root and 0600."
  252 msgstr ""
  253 
  254 #. type: Content of: <reference><refentry><refsect1><title>
  255 #: sssd.conf.5.xml:98
  256 msgid "GENERAL OPTIONS"
  257 msgstr ""
  258 
  259 #. type: Content of: <reference><refentry><refsect1><para>
  260 #: sssd.conf.5.xml:100
  261 msgid "Following options are usable in more than one configuration sections."
  262 msgstr ""
  263 
  264 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  265 #: sssd.conf.5.xml:104
  266 msgid "Options usable in all sections"
  267 msgstr ""
  268 
  269 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  270 #: sssd.conf.5.xml:108
  271 msgid "debug_level (integer)"
  272 msgstr ""
  273 
  274 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  275 #: sssd.conf.5.xml:112
  276 msgid "debug (integer)"
  277 msgstr ""
  278 
  279 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  280 #: sssd.conf.5.xml:115
  281 msgid ""
  282 "SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
  283 "for <replaceable>debug_level</replaceable> as a convenience feature. If both "
  284 "are specified, the value of <replaceable>debug_level</replaceable> will be "
  285 "used."
  286 msgstr ""
  287 
  288 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  289 #: sssd.conf.5.xml:125
  290 msgid "debug_timestamps (bool)"
  291 msgstr ""
  292 
  293 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  294 #: sssd.conf.5.xml:128
  295 msgid ""
  296 "Add a timestamp to the debug messages.  If journald is enabled for SSSD "
  297 "debug logging this option is ignored."
  298 msgstr ""
  299 
  300 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  301 #: sssd.conf.5.xml:133 sssd.conf.5.xml:331 sssd.conf.5.xml:612
  302 #: sssd.conf.5.xml:941 sssd.conf.5.xml:1936 sssd.conf.5.xml:1966
  303 #: sssd-ldap.5.xml:962 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1127
  304 #: sssd-ldap.5.xml:1579 sssd-ldap.5.xml:1644 sssd-ipa.5.xml:341
  305 #: sssd-ad.5.xml:229 sssd-ad.5.xml:343 sssd-ad.5.xml:1177 sssd-ad.5.xml:1325
  306 #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
  307 msgid "Default: true"
  308 msgstr "Dre ziouer : true"
  309 
  310 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  311 #: sssd.conf.5.xml:138
  312 msgid "debug_microseconds (bool)"
  313 msgstr ""
  314 
  315 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  316 #: sssd.conf.5.xml:141
  317 msgid ""
  318 "Add microseconds to the timestamp in debug messages.  If journald is enabled "
  319 "for SSSD debug logging this option is ignored."
  320 msgstr ""
  321 
  322 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  323 #: sssd.conf.5.xml:146 sssd.conf.5.xml:609 sssd.conf.5.xml:823
  324 #: sssd.conf.5.xml:1869 sssd.conf.5.xml:3686 sssd-ldap.5.xml:312
  325 #: sssd-ldap.5.xml:813 sssd-ldap.5.xml:832 sssd-ldap.5.xml:1032
  326 #: sssd-ldap.5.xml:1463 sssd-ldap.5.xml:1668 sssd-ipa.5.xml:151
  327 #: sssd-ipa.5.xml:253 sssd-ipa.5.xml:589 sssd-ad.5.xml:1083 sssd-krb5.5.xml:266
  328 #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 sssd-krb5.5.xml:573
  329 msgid "Default: false"
  330 msgstr ""
  331 
  332 #. type: Content of: outside any tag (error?)
  333 #: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1520
  334 #: sssd-ldap.5.xml:1691 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
  335 #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
  336 #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
  337 #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
  338 #: sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028
  339 #: sssd-ldap-attributes.5.xml:1186 sssd-ldap-attributes.5.xml:1231
  340 #: include/autofs_attributes.xml:1
  341 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
  342 msgstr ""
  343 
  344 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  345 #: sssd.conf.5.xml:155
  346 msgid "Options usable in SERVICE and DOMAIN sections"
  347 msgstr ""
  348 
  349 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  350 #: sssd.conf.5.xml:159
  351 msgid "timeout (integer)"
  352 msgstr ""
  353 
  354 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  355 #: sssd.conf.5.xml:162
  356 msgid ""
  357 "Timeout in seconds between heartbeats for this service. This is used to "
  358 "ensure that the process is alive and capable of answering requests. Note "
  359 "that after three missed heartbeats the process will terminate itself."
  360 msgstr ""
  361 
  362 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  363 #: sssd.conf.5.xml:169 sssd.conf.5.xml:1161 sssd.conf.5.xml:1550
  364 #: sssd.conf.5.xml:3702 sssd-ldap.5.xml:684 include/ldap_id_mapping.xml:264
  365 msgid "Default: 10"
  366 msgstr ""
  367 
  368 #. type: Content of: <reference><refentry><refsect1><title>
  369 #: sssd.conf.5.xml:179
  370 msgid "SPECIAL SECTIONS"
  371 msgstr "RANNOÙ DIBAR"
  372 
  373 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  374 #: sssd.conf.5.xml:182
  375 msgid "The [sssd] section"
  376 msgstr "Ar rann [sssd]"
  377 
  378 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
  379 #: sssd.conf.5.xml:191 sssd.conf.5.xml:3791
  380 msgid "Section parameters"
  381 msgstr "Arventennoù ar rann"
  382 
  383 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  384 #: sssd.conf.5.xml:193
  385 msgid "config_file_version (integer)"
  386 msgstr ""
  387 
  388 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  389 #: sssd.conf.5.xml:196
  390 msgid ""
  391 "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
  392 "version 2."
  393 msgstr ""
  394 
  395 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  396 #: sssd.conf.5.xml:202
  397 msgid "services"
  398 msgstr ""
  399 
  400 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  401 #: sssd.conf.5.xml:205
  402 msgid ""
  403 "Comma separated list of services that are started when sssd itself starts.  "
  404 "<phrase condition=\"have_systemd\"> The services' list is optional on "
  405 "platforms where systemd is supported, as they will either be socket or D-Bus "
  406 "activated when needed.  </phrase>"
  407 msgstr ""
  408 
  409 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  410 #: sssd.conf.5.xml:214
  411 msgid ""
  412 "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
  413 "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
  414 "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
  415 "phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
  416 msgstr ""
  417 
  418 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  419 #: sssd.conf.5.xml:222
  420 msgid ""
  421 "<phrase condition=\"have_systemd\"> By default, all services are disabled "
  422 "and the administrator must enable the ones allowed to be used by executing: "
  423 "\"systemctl enable sssd-@service@.socket\".  </phrase>"
  424 msgstr ""
  425 
  426 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  427 #: sssd.conf.5.xml:231 sssd.conf.5.xml:683
  428 msgid "reconnection_retries (integer)"
  429 msgstr ""
  430 
  431 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  432 #: sssd.conf.5.xml:234 sssd.conf.5.xml:686
  433 msgid ""
  434 "Number of times services should attempt to reconnect in the event of a Data "
  435 "Provider crash or restart before they give up"
  436 msgstr ""
  437 
  438 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  439 #: sssd.conf.5.xml:239 sssd.conf.5.xml:691 include/failover.xml:100
  440 msgid "Default: 3"
  441 msgstr "Dre ziouer : 3"
  442 
  443 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  444 #: sssd.conf.5.xml:244
  445 msgid "domains"
  446 msgstr "domanioù"
  447 
  448 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  449 #: sssd.conf.5.xml:247
  450 msgid ""
  451 "A domain is a database containing user information. SSSD can use more "
  452 "domains at the same time, but at least one must be configured or SSSD won't "
  453 "start.  This parameter describes the list of domains in the order you want "
  454 "them to be queried.  A domain name is recommended to contain only "
  455 "alphanumeric ASCII characters, dashes, dots and underscores. '/' character "
  456 "is forbidden."
  457 msgstr ""
  458 
  459 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  460 #: sssd.conf.5.xml:260 sssd.conf.5.xml:3203
  461 msgid "re_expression (string)"
  462 msgstr "re_expression (neudennad)"
  463 
  464 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  465 #: sssd.conf.5.xml:263
  466 msgid ""
  467 "Default regular expression that describes how to parse the string containing "
  468 "user name and domain into these components."
  469 msgstr ""
  470 
  471 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  472 #: sssd.conf.5.xml:268
  473 msgid ""
  474 "Each domain can have an individual regular expression configured. For some "
  475 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
  476 "for more info on these regular expressions."
  477 msgstr ""
  478 
  479 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  480 #: sssd.conf.5.xml:277 sssd.conf.5.xml:3251
  481 msgid "full_name_format (string)"
  482 msgstr "full_name_format (neudennad)"
  483 
  484 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  485 #: sssd.conf.5.xml:280 sssd.conf.5.xml:3254
  486 msgid ""
  487 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
  488 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
  489 "fully qualified name from user name and domain name components."
  490 msgstr ""
  491 
  492 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  493 #: sssd.conf.5.xml:291 sssd.conf.5.xml:3265
  494 msgid "%1$s"
  495 msgstr ""
  496 
  497 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  498 #: sssd.conf.5.xml:292 sssd.conf.5.xml:3266
  499 msgid "user name"
  500 msgstr ""
  501 
  502 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  503 #: sssd.conf.5.xml:295 sssd.conf.5.xml:3269
  504 msgid "%2$s"
  505 msgstr ""
  506 
  507 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  508 #: sssd.conf.5.xml:298 sssd.conf.5.xml:3272
  509 msgid "domain name as specified in the SSSD config file."
  510 msgstr ""
  511 
  512 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  513 #: sssd.conf.5.xml:304 sssd.conf.5.xml:3278
  514 msgid "%3$s"
  515 msgstr ""
  516 
  517 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  518 #: sssd.conf.5.xml:307 sssd.conf.5.xml:3281
  519 msgid ""
  520 "domain flat name. Mostly usable for Active Directory domains, both directly "
  521 "configured or discovered via IPA trusts."
  522 msgstr ""
  523 
  524 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  525 #: sssd.conf.5.xml:288 sssd.conf.5.xml:3262
  526 msgid ""
  527 "The following expansions are supported: <placeholder type=\"variablelist\" "
  528 "id=\"0\"/>"
  529 msgstr ""
  530 
  531 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  532 #: sssd.conf.5.xml:317
  533 msgid ""
  534 "Each domain can have an individual format string configured.  See DOMAIN "
  535 "SECTIONS for more info on this option."
  536 msgstr ""
  537 
  538 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  539 #: sssd.conf.5.xml:323
  540 msgid "monitor_resolv_conf (boolean)"
  541 msgstr ""
  542 
  543 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  544 #: sssd.conf.5.xml:326
  545 msgid ""
  546 "Controls if SSSD should monitor the state of resolv.conf to identify when it "
  547 "needs to update its internal DNS resolver."
  548 msgstr ""
  549 
  550 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  551 #: sssd.conf.5.xml:336
  552 msgid "try_inotify (boolean)"
  553 msgstr ""
  554 
  555 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  556 #: sssd.conf.5.xml:339
  557 msgid ""
  558 "By default, SSSD will attempt to use inotify to monitor configuration files "
  559 "changes and will fall back to polling every five seconds if inotify cannot "
  560 "be used."
  561 msgstr ""
  562 
  563 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  564 #: sssd.conf.5.xml:345
  565 msgid ""
  566 "There are some limited situations where it is preferred that we should skip "
  567 "even trying to use inotify. In these rare cases, this option should be set "
  568 "to 'false'"
  569 msgstr ""
  570 
  571 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  572 #: sssd.conf.5.xml:351
  573 msgid ""
  574 "Default: true on platforms where inotify is supported. False on other "
  575 "platforms."
  576 msgstr ""
  577 
  578 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  579 #: sssd.conf.5.xml:355
  580 msgid ""
  581 "Note: this option will have no effect on platforms where inotify is "
  582 "unavailable. On these platforms, polling will always be used."
  583 msgstr ""
  584 
  585 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  586 #: sssd.conf.5.xml:362
  587 msgid "krb5_rcache_dir (string)"
  588 msgstr ""
  589 
  590 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  591 #: sssd.conf.5.xml:365
  592 msgid ""
  593 "Directory on the filesystem where SSSD should store Kerberos replay cache "
  594 "files."
  595 msgstr ""
  596 
  597 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  598 #: sssd.conf.5.xml:369
  599 msgid ""
  600 "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
  601 "SSSD to let libkrb5 decide the appropriate location for the replay cache."
  602 msgstr ""
  603 
  604 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  605 #: sssd.conf.5.xml:375
  606 msgid ""
  607 "Default: Distribution-specific and specified at build-time. "
  608 "(__LIBKRB5_DEFAULTS__ if not configured)"
  609 msgstr ""
  610 
  611 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  612 #: sssd.conf.5.xml:382
  613 msgid "user (string)"
  614 msgstr ""
  615 
  616 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  617 #: sssd.conf.5.xml:385
  618 msgid ""
  619 "The user to drop the privileges to where appropriate to avoid running as the "
  620 "root user.  <phrase condition=\"have_systemd\"> This option does not work "
  621 "when running socket-activated services, as the user set up to run the "
  622 "processes is set up during compilation time.  The way to override the "
  623 "systemd unit files is by creating the appropriate files in /etc/systemd/"
  624 "system/.  Keep in mind that any change in the socket user, group or "
  625 "permissions may result in a non-usable SSSD. The same may occur in case of "
  626 "changes of the user running the NSS responder.  </phrase>"
  627 msgstr ""
  628 
  629 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  630 #: sssd.conf.5.xml:403
  631 msgid "Default: not set, process will run as root"
  632 msgstr ""
  633 
  634 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  635 #: sssd.conf.5.xml:408
  636 msgid "default_domain_suffix (string)"
  637 msgstr ""
  638 
  639 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  640 #: sssd.conf.5.xml:411
  641 msgid ""
  642 "This string will be used as a default domain name for all names without a "
  643 "domain name component. The main use case is environments where the primary "
  644 "domain is intended for managing host policies and all users are located in a "
  645 "trusted domain.  The option allows those users to log in just with their "
  646 "user name without giving a domain name as well."
  647 msgstr ""
  648 
  649 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  650 #: sssd.conf.5.xml:421
  651 msgid ""
  652 "Please note that if this option is set all users from the primary domain "
  653 "have to use their fully qualified name, e.g. user@domain.name, to log in. "
  654 "Setting this option changes default of use_fully_qualified_names to True. It "
  655 "is not allowed to use this option together with use_fully_qualified_names "
  656 "set to False. One exception from this rule are domains with "
  657 "<quote>id_provider=files</quote> that always try to match the behaviour of "
  658 "nss_files and therefore their output is not qualified even when the "
  659 "default_domain_suffix option is used."
  660 msgstr ""
  661 
  662 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  663 #: sssd.conf.5.xml:436 sssd.conf.5.xml:1348 sssd-ldap.5.xml:772
  664 #: sssd-ldap.5.xml:784 sssd-ldap.5.xml:876 sssd-ad.5.xml:897 sssd-ad.5.xml:972
  665 #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:609
  666 #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
  667 #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
  668 #: sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205
  669 #: include/ldap_id_mapping.xml:216
  670 msgid "Default: not set"
  671 msgstr ""
  672 
  673 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  674 #: sssd.conf.5.xml:441
  675 msgid "override_space (string)"
  676 msgstr ""
  677 
  678 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  679 #: sssd.conf.5.xml:444
  680 msgid ""
  681 "This parameter will replace spaces (space bar)  with the given character for "
  682 "user and group names.  e.g. (_). User name &quot;john doe&quot; will be "
  683 "&quot;john_doe&quot; This feature was added to help compatibility with shell "
  684 "scripts that have difficulty handling spaces, due to the default field "
  685 "separator in the shell."
  686 msgstr ""
  687 
  688 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  689 #: sssd.conf.5.xml:453
  690 msgid ""
  691 "Please note it is a configuration error to use a replacement character that "
  692 "might be used in user or group names. If a name contains the replacement "
  693 "character SSSD tries to return the unmodified name but in general the result "
  694 "of a lookup is undefined."
  695 msgstr ""
  696 
  697 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  698 #: sssd.conf.5.xml:461
  699 msgid "Default: not set (spaces will not be replaced)"
  700 msgstr ""
  701 
  702 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  703 #: sssd.conf.5.xml:466
  704 msgid "certificate_verification (string)"
  705 msgstr ""
  706 
  707 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  708 #: sssd.conf.5.xml:474
  709 msgid "no_ocsp"
  710 msgstr ""
  711 
  712 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  713 #: sssd.conf.5.xml:476
  714 msgid ""
  715 "Disables Online Certificate Status Protocol (OCSP) checks. This might be "
  716 "needed if the OCSP servers defined in the certificate are not reachable from "
  717 "the client."
  718 msgstr ""
  719 
  720 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  721 #: sssd.conf.5.xml:484
  722 msgid "soft_ocsp"
  723 msgstr ""
  724 
  725 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  726 #: sssd.conf.5.xml:486
  727 msgid ""
  728 "If a connection cannot be established to an OCSP responder the OCSP check is "
  729 "skipped.  This option should be used to allow authentication when the system "
  730 "is offline and the OCSP responder cannot be reached."
  731 msgstr ""
  732 
  733 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  734 #: sssd.conf.5.xml:496
  735 msgid "ocsp_dgst"
  736 msgstr ""
  737 
  738 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  739 #: sssd.conf.5.xml:498
  740 msgid ""
  741 "Digest (hash) function used to create the certificate ID for the OCSP "
  742 "request. Allowed values are:"
  743 msgstr ""
  744 
  745 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  746 #: sssd.conf.5.xml:502
  747 msgid "sha1"
  748 msgstr ""
  749 
  750 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  751 #: sssd.conf.5.xml:503
  752 msgid "sha256"
  753 msgstr ""
  754 
  755 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  756 #: sssd.conf.5.xml:504
  757 msgid "sha384"
  758 msgstr ""
  759 
  760 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  761 #: sssd.conf.5.xml:505
  762 msgid "sha512"
  763 msgstr ""
  764 
  765 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  766 #: sssd.conf.5.xml:508
  767 msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)"
  768 msgstr ""
  769 
  770 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  771 #: sssd.conf.5.xml:514
  772 msgid "no_verification"
  773 msgstr ""
  774 
  775 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  776 #: sssd.conf.5.xml:516
  777 msgid ""
  778 "Disables verification completely.  This option should only be used for "
  779 "testing."
  780 msgstr ""
  781 
  782 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  783 #: sssd.conf.5.xml:522
  784 msgid "ocsp_default_responder=URL"
  785 msgstr ""
  786 
  787 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  788 #: sssd.conf.5.xml:524
  789 msgid ""
  790 "Sets the OCSP default responder which should be used instead of the one "
  791 "mentioned in the certificate. URL must be replaced with the URL of the OCSP "
  792 "default responder e.g.  http://example.com:80/ocsp."
  793 msgstr ""
  794 
  795 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  796 #: sssd.conf.5.xml:534
  797 msgid "ocsp_default_responder_signing_cert=NAME"
  798 msgstr ""
  799 
  800 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  801 #: sssd.conf.5.xml:536
  802 msgid ""
  803 "This option is currently ignored. All needed certificates must be available "
  804 "in the PEM file given by pam_cert_db_path."
  805 msgstr ""
  806 
  807 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  808 #: sssd.conf.5.xml:544
  809 msgid "crl_file=/PATH/TO/CRL/FILE"
  810 msgstr ""
  811 
  812 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  813 #: sssd.conf.5.xml:546
  814 msgid ""
  815 "Use the Certificate Revocation List (CRL) from the given file during the "
  816 "verification of the certificate. The CRL must be given in PEM format, see "
  817 "<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</"
  818 "manvolnum> </citerefentry> for details."
  819 msgstr ""
  820 
  821 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  822 #: sssd.conf.5.xml:559
  823 msgid "soft_crl"
  824 msgstr ""
  825 
  826 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  827 #: sssd.conf.5.xml:562
  828 msgid ""
  829 "If a Certificate Revocation List (CRL)  is expired ignore the CRL checks for "
  830 "the related certificates. This option should be used to allow authentication "
  831 "when the system is offline and the CRL cannot be renewed."
  832 msgstr ""
  833 
  834 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  835 #: sssd.conf.5.xml:469
  836 msgid ""
  837 "With this parameter the certificate verification can be tuned with a comma "
  838 "separated list of options. Supported options are: <placeholder type="
  839 "\"variablelist\" id=\"0\"/>"
  840 msgstr ""
  841 
  842 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  843 #: sssd.conf.5.xml:573
  844 msgid "Unknown options are reported but ignored."
  845 msgstr ""
  846 
  847 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  848 #: sssd.conf.5.xml:576
  849 msgid "Default: not set, i.e. do not restrict certificate verification"
  850 msgstr ""
  851 
  852 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  853 #: sssd.conf.5.xml:582
  854 msgid "disable_netlink (boolean)"
  855 msgstr ""
  856 
  857 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  858 #: sssd.conf.5.xml:585
  859 msgid ""
  860 "SSSD hooks into the netlink interface to monitor changes to routes, "
  861 "addresses, links and trigger certain actions."
  862 msgstr ""
  863 
  864 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  865 #: sssd.conf.5.xml:590
  866 msgid ""
  867 "The SSSD state changes caused by netlink events may be undesirable and can "
  868 "be disabled by setting this option to 'true'"
  869 msgstr ""
  870 
  871 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  872 #: sssd.conf.5.xml:595
  873 msgid "Default: false (netlink changes are detected)"
  874 msgstr ""
  875 
  876 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  877 #: sssd.conf.5.xml:600
  878 msgid "enable_files_domain (boolean)"
  879 msgstr ""
  880 
  881 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  882 #: sssd.conf.5.xml:603
  883 msgid ""
  884 "When this option is enabled, SSSD prepends an implicit domain with "
  885 "<quote>id_provider=files</quote> before any explicitly configured domains."
  886 msgstr ""
  887 
  888 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  889 #: sssd.conf.5.xml:617
  890 msgid "domain_resolution_order"
  891 msgstr ""
  892 
  893 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  894 #: sssd.conf.5.xml:620
  895 msgid ""
  896 "Comma separated list of domains and subdomains representing the lookup order "
  897 "that will be followed.  The list doesn't have to include all possible "
  898 "domains as the missing domains will be looked up based on the order they're "
  899 "presented in the <quote>domains</quote> configuration option.  The "
  900 "subdomains which are not listed as part of <quote>lookup_order</quote> will "
  901 "be looked up in a random order for each parent domain."
  902 msgstr ""
  903 
  904 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  905 #: sssd.conf.5.xml:632
  906 msgid ""
  907 "Please, note that when this option is set the output format of all commands "
  908 "is always fully-qualified even when using short names for input, for all "
  909 "users but the ones managed by the files provider.  In case the administrator "
  910 "wants the output not fully-qualified, the full_name_format option can be "
  911 "used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
  912 "mind that during login, login applications often canonicalize the username "
  913 "by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
  914 "<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
  915 "for a qualified input (while trying to reach a user which exists in multiple "
  916 "domains) might re-route the login attempt into the domain which uses "
  917 "shortnames, making this workaround totally not recommended in cases where "
  918 "usernames may overlap between domains."
  919 msgstr ""
  920 
  921 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  922 #: sssd.conf.5.xml:657 sssd.conf.5.xml:1562 sssd.conf.5.xml:3752
  923 #: sssd-ad.5.xml:164 sssd-ad.5.xml:304 sssd-ad.5.xml:318
  924 msgid "Default: Not set"
  925 msgstr ""
  926 
  927 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  928 #: sssd.conf.5.xml:184
  929 msgid ""
  930 "Individual pieces of SSSD functionality are provided by special SSSD "
  931 "services that are started and stopped together with SSSD.  The services are "
  932 "managed by a special service frequently called <quote>monitor</quote>. The "
  933 "<quote>[sssd]</quote> section is used to configure the monitor as well as "
  934 "some other important options like the identity domains.  <placeholder type="
  935 "\"variablelist\" id=\"0\"/>"
  936 msgstr ""
  937 
  938 #. type: Content of: <reference><refentry><refsect1><title>
  939 #: sssd.conf.5.xml:668
  940 msgid "SERVICES SECTIONS"
  941 msgstr "RANNOÙ SERVIJOÙ"
  942 
  943 #. type: Content of: <reference><refentry><refsect1><para>
  944 #: sssd.conf.5.xml:670
  945 msgid ""
  946 "Settings that can be used to configure different services are described in "
  947 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
  948 "section, for example, for NSS service, the section would be <quote>[nss]</"
  949 "quote>"
  950 msgstr ""
  951 
  952 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  953 #: sssd.conf.5.xml:677
  954 msgid "General service configuration options"
  955 msgstr ""
  956 
  957 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  958 #: sssd.conf.5.xml:679
  959 msgid "These options can be used to configure any service."
  960 msgstr ""
  961 
  962 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  963 #: sssd.conf.5.xml:696
  964 msgid "fd_limit"
  965 msgstr ""
  966 
  967 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  968 #: sssd.conf.5.xml:699
  969 msgid ""
  970 "This option specifies the maximum number of file descriptors that may be "
  971 "opened at one time by this SSSD process. On systems where SSSD is granted "
  972 "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
  973 "systems without this capability, the resulting value will be the lower value "
  974 "of this or the limits.conf \"hard\" limit."
  975 msgstr ""
  976 
  977 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  978 #: sssd.conf.5.xml:708
  979 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
  980 msgstr ""
  981 
  982 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  983 #: sssd.conf.5.xml:713
  984 msgid "client_idle_timeout"
  985 msgstr ""
  986 
  987 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  988 #: sssd.conf.5.xml:716
  989 msgid ""
  990 "This option specifies the number of seconds that a client of an SSSD process "
  991 "can hold onto a file descriptor without communicating on it. This value is "
  992 "limited in order to avoid resource exhaustion on the system. The timeout "
  993 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
  994 "adjusted to 10 seconds."
  995 msgstr ""
  996 
  997 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  998 #: sssd.conf.5.xml:725
  999 #, fuzzy
 1000 #| msgid "Default: 3"
 1001 msgid "Default: 60, KCM: 300"
 1002 msgstr "Dre ziouer : 3"
 1003 
 1004 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1005 #: sssd.conf.5.xml:730
 1006 msgid "offline_timeout (integer)"
 1007 msgstr ""
 1008 
 1009 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1010 #: sssd.conf.5.xml:733
 1011 msgid ""
 1012 "When SSSD switches to offline mode the amount of time before it tries to go "
 1013 "back online will increase based upon the time spent disconnected.  This "
 1014 "value is in seconds and calculated by the following:"
 1015 msgstr ""
 1016 
 1017 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1018 #: sssd.conf.5.xml:740
 1019 msgid "offline_timeout + random_offset"
 1020 msgstr ""
 1021 
 1022 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1023 #: sssd.conf.5.xml:743
 1024 msgid ""
 1025 "The random offset value is from 0 to 30.  After each unsuccessful attempt to "
 1026 "go online, the new interval is recalculated by the following:"
 1027 msgstr ""
 1028 
 1029 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1030 #: sssd.conf.5.xml:748
 1031 msgid "new_interval = (old_interval * 2) + random_offset"
 1032 msgstr ""
 1033 
 1034 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1035 #: sssd.conf.5.xml:751
 1036 msgid ""
 1037 "Note that the maximum length of each interval is defined by "
 1038 "offline_timeout_max, which defaults to one hour. If the calculated length of "
 1039 "new_interval is greater than offline_timeout_max, it will be forced to the "
 1040 "offline_timeout_max value."
 1041 msgstr ""
 1042 
 1043 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1044 #: sssd.conf.5.xml:758 sssd.conf.5.xml:1072 sssd.conf.5.xml:1414
 1045 #: sssd.conf.5.xml:1651 sssd-ldap.5.xml:469
 1046 msgid "Default: 60"
 1047 msgstr ""
 1048 
 1049 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1050 #: sssd.conf.5.xml:763
 1051 msgid "offline_timeout_max (integer)"
 1052 msgstr ""
 1053 
 1054 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1055 #: sssd.conf.5.xml:766
 1056 msgid ""
 1057 "Controls by how much the time between attempts to go online can be "
 1058 "incremented following unsuccessful attempts to go online."
 1059 msgstr ""
 1060 
 1061 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1062 #: sssd.conf.5.xml:771
 1063 msgid "A value of 0 disables the incrementing behaviour."
 1064 msgstr ""
 1065 
 1066 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1067 #: sssd.conf.5.xml:774
 1068 msgid ""
 1069 "The value of this parameter should be set in correlation to offline_timeout "
 1070 "parameter value."
 1071 msgstr ""
 1072 
 1073 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1074 #: sssd.conf.5.xml:778
 1075 msgid ""
 1076 "With offline_timeout set to 60 (default value) there is no point in setting "
 1077 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
 1078 "rule here should be to set offline_timeout_max to at least 4 times "
 1079 "offline_timeout."
 1080 msgstr ""
 1081 
 1082 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1083 #: sssd.conf.5.xml:784
 1084 msgid ""
 1085 "Although a value between 0 and offline_timeout may be specified, it has the "
 1086 "effect of overriding the offline_timeout value so is of little use."
 1087 msgstr ""
 1088 
 1089 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1090 #: sssd.conf.5.xml:789
 1091 #, fuzzy
 1092 #| msgid "Default: 3"
 1093 msgid "Default: 3600"
 1094 msgstr "Dre ziouer : 3"
 1095 
 1096 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1097 #: sssd.conf.5.xml:794
 1098 msgid "responder_idle_timeout"
 1099 msgstr ""
 1100 
 1101 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1102 #: sssd.conf.5.xml:797
 1103 msgid ""
 1104 "This option specifies the number of seconds that an SSSD responder process "
 1105 "can be up without being used. This value is limited in order to avoid "
 1106 "resource exhaustion on the system.  The minimum acceptable value for this "
 1107 "option is 60 seconds.  Setting this option to 0 (zero) means that no timeout "
 1108 "will be set up to the responder.  This option only has effect when SSSD is "
 1109 "built with systemd support and when services are either socket or D-Bus "
 1110 "activated."
 1111 msgstr ""
 1112 
 1113 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1114 #: sssd.conf.5.xml:811 sssd.conf.5.xml:1085 sssd.conf.5.xml:2090
 1115 #: sssd-ldap.5.xml:326
 1116 msgid "Default: 300"
 1117 msgstr ""
 1118 
 1119 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1120 #: sssd.conf.5.xml:816
 1121 msgid "cache_first"
 1122 msgstr ""
 1123 
 1124 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1125 #: sssd.conf.5.xml:819
 1126 msgid ""
 1127 "This option specifies whether the responder should query all caches before "
 1128 "querying the Data Providers."
 1129 msgstr ""
 1130 
 1131 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1132 #: sssd.conf.5.xml:831
 1133 msgid "NSS configuration options"
 1134 msgstr ""
 1135 
 1136 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1137 #: sssd.conf.5.xml:833
 1138 msgid ""
 1139 "These options can be used to configure the Name Service Switch (NSS) service."
 1140 msgstr ""
 1141 
 1142 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1143 #: sssd.conf.5.xml:838
 1144 msgid "enum_cache_timeout (integer)"
 1145 msgstr ""
 1146 
 1147 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1148 #: sssd.conf.5.xml:841
 1149 msgid ""
 1150 "How many seconds should nss_sss cache enumerations (requests for info about "
 1151 "all users)"
 1152 msgstr ""
 1153 
 1154 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1155 #: sssd.conf.5.xml:845
 1156 msgid "Default: 120"
 1157 msgstr "Dre ziouer : 120"
 1158 
 1159 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1160 #: sssd.conf.5.xml:850
 1161 msgid "entry_cache_nowait_percentage (integer)"
 1162 msgstr ""
 1163 
 1164 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1165 #: sssd.conf.5.xml:853
 1166 msgid ""
 1167 "The entry cache can be set to automatically update entries in the background "
 1168 "if they are requested beyond a percentage of the entry_cache_timeout value "
 1169 "for the domain."
 1170 msgstr ""
 1171 
 1172 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1173 #: sssd.conf.5.xml:859
 1174 msgid ""
 1175 "For example, if the domain's entry_cache_timeout is set to 30s and "
 1176 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 1177 "after 15 seconds past the last cache update will be returned immediately, "
 1178 "but the SSSD will go and update the cache on its own, so that future "
 1179 "requests will not need to block waiting for a cache update."
 1180 msgstr ""
 1181 
 1182 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1183 #: sssd.conf.5.xml:869
 1184 msgid ""
 1185 "Valid values for this option are 0-99 and represent a percentage of the "
 1186 "entry_cache_timeout for each domain. For performance reasons, this "
 1187 "percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
 1188 "disables this feature)"
 1189 msgstr ""
 1190 
 1191 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1192 #: sssd.conf.5.xml:877 sssd.conf.5.xml:1890
 1193 msgid "Default: 50"
 1194 msgstr ""
 1195 
 1196 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1197 #: sssd.conf.5.xml:882
 1198 msgid "entry_negative_timeout (integer)"
 1199 msgstr ""
 1200 
 1201 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1202 #: sssd.conf.5.xml:885
 1203 msgid ""
 1204 "Specifies for how many seconds nss_sss should cache negative cache hits "
 1205 "(that is, queries for invalid database entries, like nonexistent ones)  "
 1206 "before asking the back end again."
 1207 msgstr ""
 1208 
 1209 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1210 #: sssd.conf.5.xml:891 sssd.conf.5.xml:1914
 1211 msgid "Default: 15"
 1212 msgstr "Dre ziouer : 15"
 1213 
 1214 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1215 #: sssd.conf.5.xml:896
 1216 msgid "local_negative_timeout (integer)"
 1217 msgstr ""
 1218 
 1219 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1220 #: sssd.conf.5.xml:899
 1221 msgid ""
 1222 "Specifies for how many seconds nss_sss should keep local users and groups in "
 1223 "negative cache before trying to look it up in the back end again. Setting "
 1224 "the option to 0 disables this feature."
 1225 msgstr ""
 1226 
 1227 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1228 #: sssd.conf.5.xml:905
 1229 msgid "Default: 14400 (4 hours)"
 1230 msgstr ""
 1231 
 1232 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1233 #: sssd.conf.5.xml:910
 1234 msgid "filter_users, filter_groups (string)"
 1235 msgstr "filter_users, filter_groups (neudennad)"
 1236 
 1237 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1238 #: sssd.conf.5.xml:913
 1239 msgid ""
 1240 "Exclude certain users or groups from being fetched from the sss NSS "
 1241 "database. This is particularly useful for system accounts. This option can "
 1242 "also be set per-domain or include fully-qualified names to filter only users "
 1243 "from the particular domain or by a user principal name (UPN)."
 1244 msgstr ""
 1245 
 1246 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1247 #: sssd.conf.5.xml:921
 1248 msgid ""
 1249 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 1250 "members, since filtering happens after they are propagated for returning via "
 1251 "NSS. E.g. a group having a member group filtered out will still have the "
 1252 "member users of the latter listed."
 1253 msgstr ""
 1254 
 1255 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1256 #: sssd.conf.5.xml:929
 1257 msgid "Default: root"
 1258 msgstr "Dre zoiuer : root"
 1259 
 1260 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1261 #: sssd.conf.5.xml:934
 1262 msgid "filter_users_in_groups (bool)"
 1263 msgstr ""
 1264 
 1265 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1266 #: sssd.conf.5.xml:937
 1267 msgid ""
 1268 "If you want filtered user still be group members set this option to false."
 1269 msgstr ""
 1270 
 1271 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1272 #: sssd.conf.5.xml:948
 1273 msgid "fallback_homedir (string)"
 1274 msgstr ""
 1275 
 1276 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1277 #: sssd.conf.5.xml:951
 1278 msgid ""
 1279 "Set a default template for a user's home directory if one is not specified "
 1280 "explicitly by the domain's data provider."
 1281 msgstr ""
 1282 
 1283 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1284 #: sssd.conf.5.xml:956
 1285 msgid ""
 1286 "The available values for this option are the same as for override_homedir."
 1287 msgstr ""
 1288 
 1289 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1290 #: sssd.conf.5.xml:962
 1291 #, no-wrap
 1292 msgid ""
 1293 "fallback_homedir = /home/%u\n"
 1294 "                            "
 1295 msgstr ""
 1296 
 1297 #. type: Content of: <varlistentry><listitem><para>
 1298 #: sssd.conf.5.xml:960 sssd.conf.5.xml:1481 sssd.conf.5.xml:1500
 1299 #: sssd-krb5.5.xml:592 include/override_homedir.xml:59
 1300 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 1301 msgstr ""
 1302 
 1303 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1304 #: sssd.conf.5.xml:966
 1305 msgid "Default: not set (no substitution for unset home directories)"
 1306 msgstr ""
 1307 
 1308 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1309 #: sssd.conf.5.xml:972
 1310 msgid "override_shell (string)"
 1311 msgstr ""
 1312 
 1313 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1314 #: sssd.conf.5.xml:975
 1315 msgid ""
 1316 "Override the login shell for all users. This option supersedes any other "
 1317 "shell options if it takes effect and can be set either in the [nss] section "
 1318 "or per-domain."
 1319 msgstr ""
 1320 
 1321 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1322 #: sssd.conf.5.xml:981
 1323 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 1324 msgstr ""
 1325 
 1326 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1327 #: sssd.conf.5.xml:987
 1328 msgid "allowed_shells (string)"
 1329 msgstr ""
 1330 
 1331 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1332 #: sssd.conf.5.xml:990
 1333 msgid ""
 1334 "Restrict user shell to one of the listed values. The order of evaluation is:"
 1335 msgstr ""
 1336 
 1337 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1338 #: sssd.conf.5.xml:993
 1339 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 1340 msgstr ""
 1341 
 1342 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1343 #: sssd.conf.5.xml:997
 1344 msgid ""
 1345 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 1346 "quote>, use the value of the shell_fallback parameter."
 1347 msgstr ""
 1348 
 1349 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1350 #: sssd.conf.5.xml:1002
 1351 msgid ""
 1352 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 1353 "shells</quote>, a nologin shell is used."
 1354 msgstr ""
 1355 
 1356 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1357 #: sssd.conf.5.xml:1007
 1358 msgid "The wildcard (*) can be used to allow any shell."
 1359 msgstr ""
 1360 
 1361 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1362 #: sssd.conf.5.xml:1010
 1363 msgid ""
 1364 "The (*) is useful if you want to use shell_fallback in case that user's "
 1365 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
 1366 "allowed shells in allowed_shells would be to much overhead."
 1367 msgstr ""
 1368 
 1369 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1370 #: sssd.conf.5.xml:1017
 1371 msgid "An empty string for shell is passed as-is to libc."
 1372 msgstr ""
 1373 
 1374 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1375 #: sssd.conf.5.xml:1020
 1376 msgid ""
 1377 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 1378 "that a restart of the SSSD is required in case a new shell is installed."
 1379 msgstr ""
 1380 
 1381 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1382 #: sssd.conf.5.xml:1024
 1383 msgid "Default: Not set. The user shell is automatically used."
 1384 msgstr ""
 1385 
 1386 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1387 #: sssd.conf.5.xml:1029
 1388 msgid "vetoed_shells (string)"
 1389 msgstr ""
 1390 
 1391 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1392 #: sssd.conf.5.xml:1032
 1393 msgid "Replace any instance of these shells with the shell_fallback"
 1394 msgstr ""
 1395 
 1396 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1397 #: sssd.conf.5.xml:1037
 1398 msgid "shell_fallback (string)"
 1399 msgstr ""
 1400 
 1401 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1402 #: sssd.conf.5.xml:1040
 1403 msgid ""
 1404 "The default shell to use if an allowed shell is not installed on the machine."
 1405 msgstr ""
 1406 
 1407 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1408 #: sssd.conf.5.xml:1044
 1409 msgid "Default: /bin/sh"
 1410 msgstr ""
 1411 
 1412 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1413 #: sssd.conf.5.xml:1049
 1414 msgid "default_shell"
 1415 msgstr ""
 1416 
 1417 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1418 #: sssd.conf.5.xml:1052
 1419 msgid ""
 1420 "The default shell to use if the provider does not return one during lookup. "
 1421 "This option can be specified globally in the [nss] section or per-domain."
 1422 msgstr ""
 1423 
 1424 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1425 #: sssd.conf.5.xml:1058
 1426 msgid ""
 1427 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 1428 "substitute something sensible when necessary, usually /bin/sh)"
 1429 msgstr ""
 1430 
 1431 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1432 #: sssd.conf.5.xml:1065 sssd.conf.5.xml:1407
 1433 msgid "get_domains_timeout (int)"
 1434 msgstr ""
 1435 
 1436 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1437 #: sssd.conf.5.xml:1068 sssd.conf.5.xml:1410
 1438 msgid ""
 1439 "Specifies time in seconds for which the list of subdomains will be "
 1440 "considered valid."
 1441 msgstr ""
 1442 
 1443 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1444 #: sssd.conf.5.xml:1077
 1445 msgid "memcache_timeout (integer)"
 1446 msgstr ""
 1447 
 1448 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1449 #: sssd.conf.5.xml:1080
 1450 msgid ""
 1451 "Specifies time in seconds for which records in the in-memory cache will be "
 1452 "valid. Setting this option to zero will disable the in-memory cache."
 1453 msgstr ""
 1454 
 1455 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1456 #: sssd.conf.5.xml:1088
 1457 msgid ""
 1458 "WARNING: Disabling the in-memory cache will have significant negative impact "
 1459 "on SSSD's performance and should only be used for testing."
 1460 msgstr ""
 1461 
 1462 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1463 #: sssd.conf.5.xml:1094 sssd.conf.5.xml:1119 sssd.conf.5.xml:1144
 1464 #: sssd.conf.5.xml:1169
 1465 msgid ""
 1466 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 1467 "client applications will not use the fast in-memory cache."
 1468 msgstr ""
 1469 
 1470 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1471 #: sssd.conf.5.xml:1102
 1472 msgid "memcache_size_passwd (integer)"
 1473 msgstr ""
 1474 
 1475 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1476 #: sssd.conf.5.xml:1105
 1477 msgid ""
 1478 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1479 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
 1480 "memory cache."
 1481 msgstr ""
 1482 
 1483 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1484 #: sssd.conf.5.xml:1111 sssd.conf.5.xml:2623 sssd-ldap.5.xml:513
 1485 msgid "Default: 8"
 1486 msgstr ""
 1487 
 1488 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1489 #: sssd.conf.5.xml:1114 sssd.conf.5.xml:1139 sssd.conf.5.xml:1164
 1490 msgid ""
 1491 "WARNING: Disabled or too small in-memory cache can have significant negative "
 1492 "impact on SSSD's performance."
 1493 msgstr ""
 1494 
 1495 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1496 #: sssd.conf.5.xml:1127
 1497 msgid "memcache_size_group (integer)"
 1498 msgstr ""
 1499 
 1500 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1501 #: sssd.conf.5.xml:1130
 1502 msgid ""
 1503 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1504 "for group requests.  Setting the size to 0 will disable the group in-memory "
 1505 "cache."
 1506 msgstr ""
 1507 
 1508 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 1509 #: sssd.conf.5.xml:1136 sssd.conf.5.xml:3340 sssd-ldap.5.xml:453
 1510 #: sssd-ldap.5.xml:495 sssd-krb5.5.xml:248 include/failover.xml:116
 1511 msgid "Default: 6"
 1512 msgstr ""
 1513 
 1514 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1515 #: sssd.conf.5.xml:1152
 1516 msgid "memcache_size_initgroups (integer)"
 1517 msgstr ""
 1518 
 1519 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1520 #: sssd.conf.5.xml:1155
 1521 msgid ""
 1522 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1523 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
 1524 "in-memory cache."
 1525 msgstr ""
 1526 
 1527 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 1528 #: sssd.conf.5.xml:1177 sssd-ifp.5.xml:74
 1529 msgid "user_attributes (string)"
 1530 msgstr ""
 1531 
 1532 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1533 #: sssd.conf.5.xml:1180
 1534 msgid ""
 1535 "Some of the additional NSS responder requests can return more attributes "
 1536 "than just the POSIX ones defined by the NSS interface. The list of "
 1537 "attributes is controlled by this option. It is handled the same way as the "
 1538 "<quote>user_attributes</quote> option of the InfoPipe responder (see "
 1539 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 1540 "manvolnum> </citerefentry> for details) but with no default values."
 1541 msgstr ""
 1542 
 1543 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1544 #: sssd.conf.5.xml:1193
 1545 msgid ""
 1546 "To make configuration more easy the NSS responder will check the InfoPipe "
 1547 "option if it is not set for the NSS responder."
 1548 msgstr ""
 1549 
 1550 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1551 #: sssd.conf.5.xml:1198
 1552 msgid "Default: not set, fallback to InfoPipe option"
 1553 msgstr ""
 1554 
 1555 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1556 #: sssd.conf.5.xml:1203
 1557 msgid "pwfield (string)"
 1558 msgstr ""
 1559 
 1560 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1561 #: sssd.conf.5.xml:1206
 1562 msgid ""
 1563 "The value that NSS operations that return users or groups will return for "
 1564 "the <quote>password</quote> field."
 1565 msgstr ""
 1566 
 1567 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1568 #: sssd.conf.5.xml:1211
 1569 #, fuzzy
 1570 #| msgid "Default: true"
 1571 msgid "Default: <quote>*</quote>"
 1572 msgstr "Dre ziouer : true"
 1573 
 1574 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1575 #: sssd.conf.5.xml:1214
 1576 msgid ""
 1577 "Note: This option can also be set per-domain which overwrites the value in "
 1578 "[nss] section."
 1579 msgstr ""
 1580 
 1581 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1582 #: sssd.conf.5.xml:1218
 1583 msgid ""
 1584 "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the "
 1585 "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-"
 1586 "shadowutils target)"
 1587 msgstr ""
 1588 
 1589 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1590 #: sssd.conf.5.xml:1228
 1591 msgid "PAM configuration options"
 1592 msgstr ""
 1593 
 1594 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1595 #: sssd.conf.5.xml:1230
 1596 msgid ""
 1597 "These options can be used to configure the Pluggable Authentication Module "
 1598 "(PAM) service."
 1599 msgstr ""
 1600 
 1601 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1602 #: sssd.conf.5.xml:1235
 1603 msgid "offline_credentials_expiration (integer)"
 1604 msgstr ""
 1605 
 1606 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1607 #: sssd.conf.5.xml:1238
 1608 msgid ""
 1609 "If the authentication provider is offline, how long should we allow cached "
 1610 "logins (in days since the last successful online login)."
 1611 msgstr ""
 1612 
 1613 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1614 #: sssd.conf.5.xml:1243 sssd.conf.5.xml:1256
 1615 msgid "Default: 0 (No limit)"
 1616 msgstr ""
 1617 
 1618 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1619 #: sssd.conf.5.xml:1249
 1620 msgid "offline_failed_login_attempts (integer)"
 1621 msgstr ""
 1622 
 1623 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1624 #: sssd.conf.5.xml:1252
 1625 msgid ""
 1626 "If the authentication provider is offline, how many failed login attempts "
 1627 "are allowed."
 1628 msgstr ""
 1629 
 1630 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1631 #: sssd.conf.5.xml:1262
 1632 msgid "offline_failed_login_delay (integer)"
 1633 msgstr ""
 1634 
 1635 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1636 #: sssd.conf.5.xml:1265
 1637 msgid ""
 1638 "The time in minutes which has to pass after offline_failed_login_attempts "
 1639 "has been reached before a new login attempt is possible."
 1640 msgstr ""
 1641 
 1642 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1643 #: sssd.conf.5.xml:1270
 1644 msgid ""
 1645 "If set to 0 the user cannot authenticate offline if "
 1646 "offline_failed_login_attempts has been reached. Only a successful online "
 1647 "authentication can enable offline authentication again."
 1648 msgstr ""
 1649 
 1650 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1651 #: sssd.conf.5.xml:1276 sssd.conf.5.xml:1374
 1652 msgid "Default: 5"
 1653 msgstr "Dre zoiuer : 5"
 1654 
 1655 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1656 #: sssd.conf.5.xml:1282
 1657 msgid "pam_verbosity (integer)"
 1658 msgstr ""
 1659 
 1660 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1661 #: sssd.conf.5.xml:1285
 1662 msgid ""
 1663 "Controls what kind of messages are shown to the user during authentication. "
 1664 "The higher the number to more messages are displayed."
 1665 msgstr ""
 1666 
 1667 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1668 #: sssd.conf.5.xml:1290
 1669 msgid "Currently sssd supports the following values:"
 1670 msgstr ""
 1671 
 1672 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1673 #: sssd.conf.5.xml:1293
 1674 msgid "<emphasis>0</emphasis>: do not show any message"
 1675 msgstr ""
 1676 
 1677 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1678 #: sssd.conf.5.xml:1296
 1679 msgid "<emphasis>1</emphasis>: show only important messages"
 1680 msgstr ""
 1681 
 1682 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1683 #: sssd.conf.5.xml:1300
 1684 msgid "<emphasis>2</emphasis>: show informational messages"
 1685 msgstr ""
 1686 
 1687 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1688 #: sssd.conf.5.xml:1303
 1689 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 1690 msgstr ""
 1691 
 1692 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1693 #: sssd.conf.5.xml:1307 sssd.8.xml:63
 1694 msgid "Default: 1"
 1695 msgstr ""
 1696 
 1697 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1698 #: sssd.conf.5.xml:1313
 1699 #, fuzzy
 1700 #| msgid "re_expression (string)"
 1701 msgid "pam_response_filter (string)"
 1702 msgstr "re_expression (neudennad)"
 1703 
 1704 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1705 #: sssd.conf.5.xml:1316
 1706 msgid ""
 1707 "A comma separated list of strings which allows to remove (filter) data sent "
 1708 "by the PAM responder to pam_sss PAM module. There are different kind of "
 1709 "responses sent to pam_sss e.g. messages displayed to the user or environment "
 1710 "variables which should be set by pam_sss."
 1711 msgstr ""
 1712 
 1713 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1714 #: sssd.conf.5.xml:1324
 1715 msgid ""
 1716 "While messages already can be controlled with the help of the pam_verbosity "
 1717 "option this option allows to filter out other kind of responses as well."
 1718 msgstr ""
 1719 
 1720 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1721 #: sssd.conf.5.xml:1331
 1722 msgid "ENV"
 1723 msgstr ""
 1724 
 1725 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1726 #: sssd.conf.5.xml:1332
 1727 msgid "Do not send any environment variables to any service."
 1728 msgstr ""
 1729 
 1730 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1731 #: sssd.conf.5.xml:1335
 1732 msgid "ENV:var_name"
 1733 msgstr ""
 1734 
 1735 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1736 #: sssd.conf.5.xml:1336
 1737 msgid "Do not send environment variable var_name to any service."
 1738 msgstr ""
 1739 
 1740 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1741 #: sssd.conf.5.xml:1340
 1742 msgid "ENV:var_name:service"
 1743 msgstr ""
 1744 
 1745 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1746 #: sssd.conf.5.xml:1341
 1747 msgid "Do not send environment variable var_name to service."
 1748 msgstr ""
 1749 
 1750 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1751 #: sssd.conf.5.xml:1329
 1752 msgid ""
 1753 "Currently the following filters are supported: <placeholder type="
 1754 "\"variablelist\" id=\"0\"/>"
 1755 msgstr ""
 1756 
 1757 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1758 #: sssd.conf.5.xml:1351
 1759 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 1760 msgstr ""
 1761 
 1762 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1763 #: sssd.conf.5.xml:1357
 1764 msgid "pam_id_timeout (integer)"
 1765 msgstr ""
 1766 
 1767 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1768 #: sssd.conf.5.xml:1360
 1769 msgid ""
 1770 "For any PAM request while SSSD is online, the SSSD will attempt to "
 1771 "immediately update the cached identity information for the user in order to "
 1772 "ensure that authentication takes place with the latest information."
 1773 msgstr ""
 1774 
 1775 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1776 #: sssd.conf.5.xml:1366
 1777 msgid ""
 1778 "A complete PAM conversation may perform multiple PAM requests, such as "
 1779 "account management and session opening. This option controls (on a per-"
 1780 "client-application basis) how long (in seconds) we can cache the identity "
 1781 "information to avoid excessive round-trips to the identity provider."
 1782 msgstr ""
 1783 
 1784 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1785 #: sssd.conf.5.xml:1380
 1786 msgid "pam_pwd_expiration_warning (integer)"
 1787 msgstr ""
 1788 
 1789 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1790 #: sssd.conf.5.xml:1383 sssd.conf.5.xml:2647
 1791 msgid "Display a warning N days before the password expires."
 1792 msgstr ""
 1793 
 1794 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1795 #: sssd.conf.5.xml:1386
 1796 msgid ""
 1797 "Please note that the backend server has to provide information about the "
 1798 "expiration time of the password.  If this information is missing, sssd "
 1799 "cannot display a warning."
 1800 msgstr ""
 1801 
 1802 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1803 #: sssd.conf.5.xml:1392 sssd.conf.5.xml:2650
 1804 msgid ""
 1805 "If zero is set, then this filter is not applied, i.e. if the expiration "
 1806 "warning was received from backend server, it will automatically be displayed."
 1807 msgstr ""
 1808 
 1809 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1810 #: sssd.conf.5.xml:1397
 1811 msgid ""
 1812 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 1813 "emphasis> for a particular domain."
 1814 msgstr ""
 1815 
 1816 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1817 #: sssd.conf.5.xml:1402 sssd.conf.5.xml:3534 sssd-ldap.5.xml:549 sssd.8.xml:79
 1818 msgid "Default: 0"
 1819 msgstr "Dre ziouer : 0"
 1820 
 1821 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1822 #: sssd.conf.5.xml:1419
 1823 msgid "pam_trusted_users (string)"
 1824 msgstr ""
 1825 
 1826 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1827 #: sssd.conf.5.xml:1422
 1828 msgid ""
 1829 "Specifies the comma-separated list of UID values or user names that are "
 1830 "allowed to run PAM conversations against trusted domains.  Users not "
 1831 "included in this list can only access domains marked as public with "
 1832 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 1833 "startup."
 1834 msgstr ""
 1835 
 1836 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1837 #: sssd.conf.5.xml:1432
 1838 msgid "Default: All users are considered trusted by default"
 1839 msgstr ""
 1840 
 1841 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1842 #: sssd.conf.5.xml:1436
 1843 msgid ""
 1844 "Please note that UID 0 is always allowed to access the PAM responder even in "
 1845 "case it is not in the pam_trusted_users list."
 1846 msgstr ""
 1847 
 1848 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1849 #: sssd.conf.5.xml:1443
 1850 msgid "pam_public_domains (string)"
 1851 msgstr ""
 1852 
 1853 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1854 #: sssd.conf.5.xml:1446
 1855 msgid ""
 1856 "Specifies the comma-separated list of domain names that are accessible even "
 1857 "to untrusted users."
 1858 msgstr ""
 1859 
 1860 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1861 #: sssd.conf.5.xml:1450
 1862 msgid "Two special values for pam_public_domains option are defined:"
 1863 msgstr ""
 1864 
 1865 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1866 #: sssd.conf.5.xml:1454
 1867 msgid ""
 1868 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 1869 msgstr ""
 1870 
 1871 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1872 #: sssd.conf.5.xml:1458
 1873 msgid ""
 1874 "none (Untrusted users are not allowed to access any domains PAM in "
 1875 "responder.)"
 1876 msgstr ""
 1877 
 1878 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1879 #: sssd.conf.5.xml:1462 sssd.conf.5.xml:1487 sssd.conf.5.xml:1506
 1880 #: sssd.conf.5.xml:1684 sssd.conf.5.xml:2396 sssd.conf.5.xml:3463
 1881 #: sssd-ldap.5.xml:1091
 1882 msgid "Default: none"
 1883 msgstr ""
 1884 
 1885 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1886 #: sssd.conf.5.xml:1467
 1887 msgid "pam_account_expired_message (string)"
 1888 msgstr ""
 1889 
 1890 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1891 #: sssd.conf.5.xml:1470
 1892 msgid ""
 1893 "Allows a custom expiration message to be set, replacing the default "
 1894 "'Permission denied' message."
 1895 msgstr ""
 1896 
 1897 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1898 #: sssd.conf.5.xml:1475
 1899 msgid ""
 1900 "Note: Please be aware that message is only printed for the SSH service "
 1901 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 1902 msgstr ""
 1903 
 1904 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1905 #: sssd.conf.5.xml:1483
 1906 #, no-wrap
 1907 msgid ""
 1908 "pam_account_expired_message = Account expired, please contact help desk.\n"
 1909 "                            "
 1910 msgstr ""
 1911 
 1912 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1913 #: sssd.conf.5.xml:1492
 1914 msgid "pam_account_locked_message (string)"
 1915 msgstr ""
 1916 
 1917 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1918 #: sssd.conf.5.xml:1495
 1919 msgid ""
 1920 "Allows a custom lockout message to be set, replacing the default 'Permission "
 1921 "denied' message."
 1922 msgstr ""
 1923 
 1924 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1925 #: sssd.conf.5.xml:1502
 1926 #, no-wrap
 1927 msgid ""
 1928 "pam_account_locked_message = Account locked, please contact help desk.\n"
 1929 "                            "
 1930 msgstr ""
 1931 
 1932 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1933 #: sssd.conf.5.xml:1511
 1934 msgid "pam_cert_auth (bool)"
 1935 msgstr ""
 1936 
 1937 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1938 #: sssd.conf.5.xml:1514
 1939 msgid ""
 1940 "Enable certificate based Smartcard authentication.  Since this requires "
 1941 "additional communication with the Smartcard which will delay the "
 1942 "authentication process this option is disabled by default."
 1943 msgstr ""
 1944 
 1945 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 1946 #: sssd.conf.5.xml:1520 sssd-ldap.5.xml:590 sssd-ldap.5.xml:611
 1947 #: sssd-ldap.5.xml:1169 sssd-ad.5.xml:482 sssd-ad.5.xml:558 sssd-ad.5.xml:1103
 1948 #: sssd-ad.5.xml:1152 include/ldap_id_mapping.xml:244
 1949 msgid "Default: False"
 1950 msgstr ""
 1951 
 1952 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1953 #: sssd.conf.5.xml:1525
 1954 msgid "pam_cert_db_path (string)"
 1955 msgstr ""
 1956 
 1957 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1958 #: sssd.conf.5.xml:1528
 1959 msgid "The path to the certificate database."
 1960 msgstr ""
 1961 
 1962 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1963 #: sssd.conf.5.xml:1531 sssd.conf.5.xml:2016 sssd.conf.5.xml:3990
 1964 msgid "Default:"
 1965 msgstr ""
 1966 
 1967 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 1968 #: sssd.conf.5.xml:1533 sssd.conf.5.xml:2018
 1969 msgid ""
 1970 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 1971 "certificates in PEM format)"
 1972 msgstr ""
 1973 
 1974 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1975 #: sssd.conf.5.xml:1543
 1976 msgid "p11_child_timeout (integer)"
 1977 msgstr ""
 1978 
 1979 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1980 #: sssd.conf.5.xml:1546
 1981 msgid "How many seconds will pam_sss wait for p11_child to finish."
 1982 msgstr ""
 1983 
 1984 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1985 #: sssd.conf.5.xml:1555
 1986 msgid "pam_app_services (string)"
 1987 msgstr ""
 1988 
 1989 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1990 #: sssd.conf.5.xml:1558
 1991 msgid ""
 1992 "Which PAM services are permitted to contact domains of type "
 1993 "<quote>application</quote>"
 1994 msgstr ""
 1995 
 1996 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1997 #: sssd.conf.5.xml:1567
 1998 msgid "pam_p11_allowed_services (integer)"
 1999 msgstr ""
 2000 
 2001 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2002 #: sssd.conf.5.xml:1570
 2003 msgid ""
 2004 "A comma-separated list of PAM service names for which it will be allowed to "
 2005 "use Smartcards."
 2006 msgstr ""
 2007 
 2008 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2009 #: sssd.conf.5.xml:1585
 2010 #, no-wrap
 2011 msgid ""
 2012 "pam_p11_allowed_services = +my_pam_service, -login\n"
 2013 "                            "
 2014 msgstr ""
 2015 
 2016 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2017 #: sssd.conf.5.xml:1574
 2018 msgid ""
 2019 "It is possible to add another PAM service name to the default set by using "
 2020 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
 2021 "the default set by using <quote>-service_name</quote>. For example, in order "
 2022 "to replace a default PAM service name for authentication with Smartcards (e."
 2023 "g. <quote>login</quote>) with a custom PAM service name (e.g. "
 2024 "<quote>my_pam_service</quote>), you would use the following configuration: "
 2025 "<placeholder type=\"programlisting\" id=\"0\"/>"
 2026 msgstr ""
 2027 
 2028 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2029 #: sssd.conf.5.xml:1589 sssd-ad.5.xml:621 sssd-ad.5.xml:730 sssd-ad.5.xml:788
 2030 #: sssd-ad.5.xml:846 sssd-ad.5.xml:924
 2031 msgid "Default: the default set of PAM service names includes:"
 2032 msgstr ""
 2033 
 2034 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2035 #: sssd.conf.5.xml:1594 sssd-ad.5.xml:625
 2036 msgid "login"
 2037 msgstr ""
 2038 
 2039 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2040 #: sssd.conf.5.xml:1599 sssd-ad.5.xml:630
 2041 msgid "su"
 2042 msgstr ""
 2043 
 2044 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2045 #: sssd.conf.5.xml:1604 sssd-ad.5.xml:635
 2046 msgid "su-l"
 2047 msgstr ""
 2048 
 2049 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2050 #: sssd.conf.5.xml:1609 sssd-ad.5.xml:650
 2051 msgid "gdm-smartcard"
 2052 msgstr ""
 2053 
 2054 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2055 #: sssd.conf.5.xml:1614 sssd-ad.5.xml:645
 2056 msgid "gdm-password"
 2057 msgstr ""
 2058 
 2059 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2060 #: sssd.conf.5.xml:1619 sssd-ad.5.xml:655
 2061 msgid "kdm"
 2062 msgstr ""
 2063 
 2064 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2065 #: sssd.conf.5.xml:1624 sssd-ad.5.xml:933
 2066 msgid "sudo"
 2067 msgstr ""
 2068 
 2069 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2070 #: sssd.conf.5.xml:1629 sssd-ad.5.xml:938
 2071 msgid "sudo-i"
 2072 msgstr ""
 2073 
 2074 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2075 #: sssd.conf.5.xml:1634
 2076 msgid "gnome-screensaver"
 2077 msgstr ""
 2078 
 2079 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2080 #: sssd.conf.5.xml:1642
 2081 msgid "p11_wait_for_card_timeout (integer)"
 2082 msgstr ""
 2083 
 2084 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2085 #: sssd.conf.5.xml:1645
 2086 msgid ""
 2087 "If Smartcard authentication is required how many extra seconds in addition "
 2088 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
 2089 "inserted."
 2090 msgstr ""
 2091 
 2092 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2093 #: sssd.conf.5.xml:1656
 2094 msgid "p11_uri (string)"
 2095 msgstr ""
 2096 
 2097 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2098 #: sssd.conf.5.xml:1659
 2099 msgid ""
 2100 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 2101 "selection of devices used for Smartcard authentication. By default SSSD's "
 2102 "p11_child will search for a PKCS#11 slot (reader)  where the 'removable' "
 2103 "flags is set and read the certificates from the inserted token from the "
 2104 "first slot found. If multiple readers are connected p11_uri can be used to "
 2105 "tell p11_child to use a specific reader."
 2106 msgstr ""
 2107 
 2108 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2109 #: sssd.conf.5.xml:1672
 2110 #, no-wrap
 2111 msgid ""
 2112 "p11_uri = slot-description=My%20Smartcard%20Reader\n"
 2113 "                            "
 2114 msgstr ""
 2115 
 2116 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2117 #: sssd.conf.5.xml:1676
 2118 #, no-wrap
 2119 msgid ""
 2120 "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
 2121 "                            "
 2122 msgstr ""
 2123 
 2124 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2125 #: sssd.conf.5.xml:1670
 2126 msgid ""
 2127 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 2128 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
 2129 "debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' "
 2130 "with e.g. the '--list-all' will show PKCS#11 URIs as well."
 2131 msgstr ""
 2132 
 2133 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2134 #: sssd.conf.5.xml:1689
 2135 msgid "pam_initgroups_scheme"
 2136 msgstr ""
 2137 
 2138 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2139 #: sssd.conf.5.xml:1697
 2140 msgid "always"
 2141 msgstr ""
 2142 
 2143 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2144 #: sssd.conf.5.xml:1698
 2145 msgid ""
 2146 "Always do an online lookup, please note that pam_id_timeout still applies"
 2147 msgstr ""
 2148 
 2149 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2150 #: sssd.conf.5.xml:1702
 2151 msgid "no_session"
 2152 msgstr ""
 2153 
 2154 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2155 #: sssd.conf.5.xml:1703
 2156 msgid ""
 2157 "Only do an online lookup if there is no active session of the user, i.e. if "
 2158 "the user is currently not logged in"
 2159 msgstr ""
 2160 
 2161 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2162 #: sssd.conf.5.xml:1708
 2163 msgid "never"
 2164 msgstr ""
 2165 
 2166 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2167 #: sssd.conf.5.xml:1709
 2168 msgid ""
 2169 "Never force an online lookup, use the data from the cache as long as they "
 2170 "are not expired"
 2171 msgstr ""
 2172 
 2173 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2174 #: sssd.conf.5.xml:1692
 2175 msgid ""
 2176 "The PAM responder can force an online lookup to get the current group "
 2177 "memberships of the user trying to log in. This option controls when this "
 2178 "should be done and the following values are allowed: <placeholder type="
 2179 "\"variablelist\" id=\"0\"/>"
 2180 msgstr ""
 2181 
 2182 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2183 #: sssd.conf.5.xml:1716
 2184 msgid "Default: no_session"
 2185 msgstr ""
 2186 
 2187 #. type: Content of: <reference><refentry><refsect1><para>
 2188 #: sssd.conf.5.xml:1721 sssd.conf.5.xml:3929
 2189 msgid "pam_gssapi_services"
 2190 msgstr ""
 2191 
 2192 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2193 #: sssd.conf.5.xml:1724
 2194 msgid ""
 2195 "Comma separated list of PAM services that are allowed to try GSSAPI "
 2196 "authentication using pam_sss_gss.so module."
 2197 msgstr ""
 2198 
 2199 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2200 #: sssd.conf.5.xml:1729
 2201 msgid ""
 2202 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 2203 msgstr ""
 2204 
 2205 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2206 #: sssd.conf.5.xml:1733 sssd.conf.5.xml:1764 sssd.conf.5.xml:1802
 2207 msgid ""
 2208 "Note: This option can also be set per-domain which overwrites the value in "
 2209 "[pam] section. It can also be set for trusted domain which overwrites the "
 2210 "value in the domain section."
 2211 msgstr ""
 2212 
 2213 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2214 #: sssd.conf.5.xml:1741
 2215 #, no-wrap
 2216 msgid ""
 2217 "pam_gssapi_services = sudo, sudo-i\n"
 2218 "                            "
 2219 msgstr ""
 2220 
 2221 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2222 #: sssd.conf.5.xml:1739 sssd.conf.5.xml:3457 sssd-secrets.5.xml:448
 2223 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 2224 msgstr ""
 2225 
 2226 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2227 #: sssd.conf.5.xml:1745
 2228 msgid "Default: - (GSSAPI authentication is disabled)"
 2229 msgstr ""
 2230 
 2231 #. type: Content of: <reference><refentry><refsect1><para>
 2232 #: sssd.conf.5.xml:1750 sssd.conf.5.xml:3930
 2233 msgid "pam_gssapi_check_upn"
 2234 msgstr ""
 2235 
 2236 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2237 #: sssd.conf.5.xml:1753
 2238 msgid ""
 2239 "If True, SSSD will require that the Kerberos user principal that "
 2240 "successfully authenticated through GSSAPI can be associated with the user "
 2241 "who is being authenticated. Authentication will fail if the check fails."
 2242 msgstr ""
 2243 
 2244 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2245 #: sssd.conf.5.xml:1760
 2246 msgid ""
 2247 "If False, every user that is able to obtained required service ticket will "
 2248 "be authenticated."
 2249 msgstr ""
 2250 
 2251 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2252 #: sssd.conf.5.xml:1770 sssd-ad.5.xml:1243 sss_rpcidmapd.5.xml:76
 2253 msgid "Default: True"
 2254 msgstr ""
 2255 
 2256 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2257 #: sssd.conf.5.xml:1775
 2258 msgid "pam_gssapi_indicators_map"
 2259 msgstr ""
 2260 
 2261 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2262 #: sssd.conf.5.xml:1778
 2263 msgid ""
 2264 "Comma separated list of authentication indicators required to be present in "
 2265 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
 2266 "authentication using pam_sss_gss.so module."
 2267 msgstr ""
 2268 
 2269 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2270 #: sssd.conf.5.xml:1784
 2271 msgid ""
 2272 "Each element of the list can be either an authentication indicator name or a "
 2273 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
 2274 "service name will be required to access any PAM service configured to be "
 2275 "used with <option>pam_gssapi_services</option>. A resulting list of "
 2276 "indicators per PAM service is then checked against indicators in the "
 2277 "Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from "
 2278 "the ticket that matches the resulting list of indicators for the PAM service "
 2279 "would grant access. If none of the indicators in the list match, access will "
 2280 "be denied. If the resulting list of indicators for the PAM service is empty, "
 2281 "the check will not prevent the access."
 2282 msgstr ""
 2283 
 2284 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2285 #: sssd.conf.5.xml:1797
 2286 msgid ""
 2287 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 2288 "</quote> (dash). To disable the check for a specific PAM service, add "
 2289 "<quote>service:-</quote>."
 2290 msgstr ""
 2291 
 2292 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2293 #: sssd.conf.5.xml:1808
 2294 msgid ""
 2295 "Following authentication indicators are supported by IPA Kerberos "
 2296 "deployments:"
 2297 msgstr ""
 2298 
 2299 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2300 #: sssd.conf.5.xml:1811
 2301 msgid ""
 2302 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 2303 "files or on smart cards."
 2304 msgstr ""
 2305 
 2306 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2307 #: sssd.conf.5.xml:1814
 2308 msgid ""
 2309 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 2310 "FAST channel."
 2311 msgstr ""
 2312 
 2313 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2314 #: sssd.conf.5.xml:1817
 2315 msgid "radius -- pre-authentication with the help of a RADIUS server."
 2316 msgstr ""
 2317 
 2318 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2319 #: sssd.conf.5.xml:1820
 2320 msgid ""
 2321 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 2322 "one-time password, OTP) in IPA."
 2323 msgstr ""
 2324 
 2325 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2326 #: sssd.conf.5.xml:1830
 2327 #, no-wrap
 2328 msgid ""
 2329 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
 2330 "                            "
 2331 msgstr ""
 2332 
 2333 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2334 #: sssd.conf.5.xml:1825
 2335 msgid ""
 2336 "Example: to require access to SUDO services only for users which obtained "
 2337 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
 2338 "set <placeholder type=\"programlisting\" id=\"0\"/>"
 2339 msgstr ""
 2340 
 2341 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2342 #: sssd.conf.5.xml:1834
 2343 msgid "Default: not set (use of authentication indicators is not required)"
 2344 msgstr ""
 2345 
 2346 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2347 #: sssd.conf.5.xml:1842
 2348 msgid "SUDO configuration options"
 2349 msgstr ""
 2350 
 2351 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2352 #: sssd.conf.5.xml:1844
 2353 msgid ""
 2354 "These options can be used to configure the sudo service.  The detailed "
 2355 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
 2356 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
 2357 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 2358 "</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
 2359 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2360 msgstr ""
 2361 
 2362 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2363 #: sssd.conf.5.xml:1861
 2364 msgid "sudo_timed (bool)"
 2365 msgstr ""
 2366 
 2367 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2368 #: sssd.conf.5.xml:1864
 2369 msgid ""
 2370 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 2371 "that implement time-dependent sudoers entries."
 2372 msgstr ""
 2373 
 2374 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2375 #: sssd.conf.5.xml:1876
 2376 msgid "sudo_threshold (integer)"
 2377 msgstr ""
 2378 
 2379 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2380 #: sssd.conf.5.xml:1879
 2381 msgid ""
 2382 "Maximum number of expired rules that can be refreshed at once. If number of "
 2383 "expired rules is below threshold, those rules are refreshed with "
 2384 "<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
 2385 "<quote>full refresh</quote> of sudo rules is triggered instead. This "
 2386 "threshold number also applies to IPA sudo command and command group searches."
 2387 msgstr ""
 2388 
 2389 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2390 #: sssd.conf.5.xml:1898
 2391 msgid "AUTOFS configuration options"
 2392 msgstr ""
 2393 
 2394 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2395 #: sssd.conf.5.xml:1900
 2396 msgid "These options can be used to configure the autofs service."
 2397 msgstr ""
 2398 
 2399 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2400 #: sssd.conf.5.xml:1904
 2401 msgid "autofs_negative_timeout (integer)"
 2402 msgstr ""
 2403 
 2404 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2405 #: sssd.conf.5.xml:1907
 2406 msgid ""
 2407 "Specifies for how many seconds should the autofs responder negative cache "
 2408 "hits (that is, queries for invalid map entries, like nonexistent ones) "
 2409 "before asking the back end again."
 2410 msgstr ""
 2411 
 2412 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2413 #: sssd.conf.5.xml:1923
 2414 msgid "SSH configuration options"
 2415 msgstr ""
 2416 
 2417 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2418 #: sssd.conf.5.xml:1925
 2419 msgid "These options can be used to configure the SSH service."
 2420 msgstr ""
 2421 
 2422 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2423 #: sssd.conf.5.xml:1929
 2424 msgid "ssh_hash_known_hosts (bool)"
 2425 msgstr ""
 2426 
 2427 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2428 #: sssd.conf.5.xml:1932
 2429 msgid ""
 2430 "Whether or not to hash host names and addresses in the managed known_hosts "
 2431 "file."
 2432 msgstr ""
 2433 
 2434 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2435 #: sssd.conf.5.xml:1941
 2436 msgid "ssh_known_hosts_timeout (integer)"
 2437 msgstr ""
 2438 
 2439 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2440 #: sssd.conf.5.xml:1944
 2441 msgid ""
 2442 "How many seconds to keep a host in the managed known_hosts file after its "
 2443 "host keys were requested."
 2444 msgstr ""
 2445 
 2446 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2447 #: sssd.conf.5.xml:1948
 2448 msgid "Default: 180"
 2449 msgstr ""
 2450 
 2451 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2452 #: sssd.conf.5.xml:1953
 2453 msgid "ssh_use_certificate_keys (bool)"
 2454 msgstr ""
 2455 
 2456 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2457 #: sssd.conf.5.xml:1956
 2458 msgid ""
 2459 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 2460 "keys derived from the public key of X.509 certificates stored in the user "
 2461 "entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 2462 "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
 2463 msgstr ""
 2464 
 2465 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2466 #: sssd.conf.5.xml:1971
 2467 msgid "ssh_use_certificate_matching_rules (string)"
 2468 msgstr ""
 2469 
 2470 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2471 #: sssd.conf.5.xml:1974
 2472 msgid ""
 2473 "By default the ssh responder will use all available certificate matching "
 2474 "rules to filter the certificates so that ssh keys are only derived from the "
 2475 "matching ones. With this option the used rules can be restricted with a "
 2476 "comma separated list of mapping and matching rule names. All other rules "
 2477 "will be ignored."
 2478 msgstr ""
 2479 
 2480 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2481 #: sssd.conf.5.xml:1983
 2482 msgid ""
 2483 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 2484 "all or no rules, respectively. The latter means that no certificates will be "
 2485 "filtered out and ssh keys will be generated from all valid certificates."
 2486 msgstr ""
 2487 
 2488 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2489 #: sssd.conf.5.xml:1990
 2490 msgid ""
 2491 "If no rules are configured using 'all_rules' will enable a default rule "
 2492 "which enables all certificates suitable for client authentication.  This is "
 2493 "the same behavior as for the PAM responder if certificate authentication is "
 2494 "enabled."
 2495 msgstr ""
 2496 
 2497 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2498 #: sssd.conf.5.xml:1997
 2499 msgid ""
 2500 "A non-existing rule name is considered an error.  If as a result no rule is "
 2501 "selected all certificates will be ignored."
 2502 msgstr ""
 2503 
 2504 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2505 #: sssd.conf.5.xml:2002
 2506 msgid ""
 2507 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 2508 "rule are used"
 2509 msgstr ""
 2510 
 2511 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2512 #: sssd.conf.5.xml:2008
 2513 msgid "ca_db (string)"
 2514 msgstr ""
 2515 
 2516 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2517 #: sssd.conf.5.xml:2011
 2518 msgid ""
 2519 "Path to a storage of trusted CA certificates. The option is used to validate "
 2520 "user certificates before deriving public ssh keys from them."
 2521 msgstr ""
 2522 
 2523 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2524 #: sssd.conf.5.xml:2031
 2525 msgid "PAC responder configuration options"
 2526 msgstr ""
 2527 
 2528 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2529 #: sssd.conf.5.xml:2033
 2530 msgid ""
 2531 "The PAC responder works together with the authorization data plugin for MIT "
 2532 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
 2533 "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
 2534 "provider collects domain SID and ID ranges of the domain the client is "
 2535 "joined to and of remote trusted domains from the local domain controller. If "
 2536 "the PAC is decoded and evaluated some of the following operations are done:"
 2537 msgstr ""
 2538 
 2539 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2540 #: sssd.conf.5.xml:2042
 2541 msgid ""
 2542 "If the remote user does not exist in the cache, it is created. The UID is "
 2543 "determined with the help of the SID, trusted domains will have UPGs and the "
 2544 "GID will have the same value as the UID. The home directory is set based on "
 2545 "the subdomain_homedir parameter. The shell will be empty by default, i.e. "
 2546 "the system defaults are used, but can be overwritten with the default_shell "
 2547 "parameter."
 2548 msgstr ""
 2549 
 2550 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2551 #: sssd.conf.5.xml:2050
 2552 msgid ""
 2553 "If there are SIDs of groups from domains sssd knows about, the user will be "
 2554 "added to those groups."
 2555 msgstr ""
 2556 
 2557 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2558 #: sssd.conf.5.xml:2056
 2559 msgid "These options can be used to configure the PAC responder."
 2560 msgstr ""
 2561 
 2562 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2563 #: sssd.conf.5.xml:2060 sssd-ifp.5.xml:50
 2564 msgid "allowed_uids (string)"
 2565 msgstr ""
 2566 
 2567 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2568 #: sssd.conf.5.xml:2063
 2569 msgid ""
 2570 "Specifies the comma-separated list of UID values or user names that are "
 2571 "allowed to access the PAC responder. User names are resolved to UIDs at "
 2572 "startup."
 2573 msgstr ""
 2574 
 2575 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2576 #: sssd.conf.5.xml:2069
 2577 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 2578 msgstr ""
 2579 
 2580 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2581 #: sssd.conf.5.xml:2073
 2582 msgid ""
 2583 "Please note that although the UID 0 is used as the default it will be "
 2584 "overwritten with this option. If you still want to allow the root user to "
 2585 "access the PAC responder, which would be the typical case, you have to add 0 "
 2586 "to the list of allowed UIDs as well."
 2587 msgstr ""
 2588 
 2589 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2590 #: sssd.conf.5.xml:2082
 2591 msgid "pac_lifetime (integer)"
 2592 msgstr ""
 2593 
 2594 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2595 #: sssd.conf.5.xml:2085
 2596 msgid ""
 2597 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 2598 "data can be used to determine the group memberships of a user."
 2599 msgstr ""
 2600 
 2601 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2602 #: sssd.conf.5.xml:2098
 2603 msgid "Session recording configuration options"
 2604 msgstr ""
 2605 
 2606 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2607 #: sssd.conf.5.xml:2100
 2608 msgid ""
 2609 "Session recording works in conjunction with <citerefentry> "
 2610 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
 2611 "citerefentry>, a part of tlog package, to log what users see and type when "
 2612 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 2613 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2614 msgstr ""
 2615 
 2616 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2617 #: sssd.conf.5.xml:2113
 2618 msgid "These options can be used to configure session recording."
 2619 msgstr ""
 2620 
 2621 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2622 #: sssd.conf.5.xml:2117 sssd-session-recording.5.xml:64
 2623 msgid "scope (string)"
 2624 msgstr ""
 2625 
 2626 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2627 #: sssd.conf.5.xml:2124 sssd-session-recording.5.xml:71
 2628 msgid "\"none\""
 2629 msgstr ""
 2630 
 2631 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2632 #: sssd.conf.5.xml:2127 sssd-session-recording.5.xml:74
 2633 msgid "No users are recorded."
 2634 msgstr ""
 2635 
 2636 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2637 #: sssd.conf.5.xml:2132 sssd-session-recording.5.xml:79
 2638 msgid "\"some\""
 2639 msgstr ""
 2640 
 2641 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2642 #: sssd.conf.5.xml:2135 sssd-session-recording.5.xml:82
 2643 msgid ""
 2644 "Users/groups specified by <replaceable>users</replaceable> and "
 2645 "<replaceable>groups</replaceable> options are recorded."
 2646 msgstr ""
 2647 
 2648 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2649 #: sssd.conf.5.xml:2144 sssd-session-recording.5.xml:91
 2650 msgid "\"all\""
 2651 msgstr ""
 2652 
 2653 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2654 #: sssd.conf.5.xml:2147 sssd-session-recording.5.xml:94
 2655 msgid "All users are recorded."
 2656 msgstr ""
 2657 
 2658 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2659 #: sssd.conf.5.xml:2120 sssd-session-recording.5.xml:67
 2660 msgid ""
 2661 "One of the following strings specifying the scope of session recording: "
 2662 "<placeholder type=\"variablelist\" id=\"0\"/>"
 2663 msgstr ""
 2664 
 2665 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2666 #: sssd.conf.5.xml:2154 sssd-session-recording.5.xml:101
 2667 msgid "Default: \"none\""
 2668 msgstr ""
 2669 
 2670 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2671 #: sssd.conf.5.xml:2159 sssd-session-recording.5.xml:106
 2672 msgid "users (string)"
 2673 msgstr ""
 2674 
 2675 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2676 #: sssd.conf.5.xml:2162 sssd-session-recording.5.xml:109
 2677 msgid ""
 2678 "A comma-separated list of users which should have session recording enabled. "
 2679 "Matches user names as returned by NSS. I.e. after the possible space "
 2680 "replacement, case changes, etc."
 2681 msgstr ""
 2682 
 2683 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2684 #: sssd.conf.5.xml:2168 sssd-session-recording.5.xml:115
 2685 msgid "Default: Empty. Matches no users."
 2686 msgstr ""
 2687 
 2688 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2689 #: sssd.conf.5.xml:2173 sssd-session-recording.5.xml:120
 2690 msgid "groups (string)"
 2691 msgstr ""
 2692 
 2693 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2694 #: sssd.conf.5.xml:2176 sssd-session-recording.5.xml:123
 2695 msgid ""
 2696 "A comma-separated list of groups, members of which should have session "
 2697 "recording enabled. Matches group names as returned by NSS. I.e. after the "
 2698 "possible space replacement, case changes, etc."
 2699 msgstr ""
 2700 
 2701 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2702 #: sssd.conf.5.xml:2182 sssd.conf.5.xml:2214 sssd-session-recording.5.xml:129
 2703 #: sssd-session-recording.5.xml:161
 2704 msgid ""
 2705 "NOTE: using this option (having it set to anything) has a considerable "
 2706 "performance cost, because each uncached request for a user requires "
 2707 "retrieving and matching the groups the user is member of."
 2708 msgstr ""
 2709 
 2710 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2711 #: sssd.conf.5.xml:2189 sssd-session-recording.5.xml:136
 2712 msgid "Default: Empty. Matches no groups."
 2713 msgstr ""
 2714 
 2715 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2716 #: sssd.conf.5.xml:2194 sssd-session-recording.5.xml:141
 2717 #, fuzzy
 2718 #| msgid "re_expression (string)"
 2719 msgid "exclude_users (string)"
 2720 msgstr "re_expression (neudennad)"
 2721 
 2722 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2723 #: sssd.conf.5.xml:2197 sssd-session-recording.5.xml:144
 2724 msgid ""
 2725 "A comma-separated list of users to be excluded from recording, only "
 2726 "applicable with 'scope=all'."
 2727 msgstr ""
 2728 
 2729 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2730 #: sssd.conf.5.xml:2201 sssd-session-recording.5.xml:148
 2731 msgid "Default: Empty. No users excluded."
 2732 msgstr ""
 2733 
 2734 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2735 #: sssd.conf.5.xml:2206 sssd-session-recording.5.xml:153
 2736 #, fuzzy
 2737 #| msgid "filter_users, filter_groups (string)"
 2738 msgid "exclude_groups (string)"
 2739 msgstr "filter_users, filter_groups (neudennad)"
 2740 
 2741 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2742 #: sssd.conf.5.xml:2209 sssd-session-recording.5.xml:156
 2743 msgid ""
 2744 "A comma-separated list of groups, members of which should be excluded from "
 2745 "recording. Only applicable with 'scope=all'."
 2746 msgstr ""
 2747 
 2748 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2749 #: sssd.conf.5.xml:2221 sssd-session-recording.5.xml:168
 2750 msgid "Default: Empty. No groups excluded."
 2751 msgstr ""
 2752 
 2753 #. type: Content of: <reference><refentry><refsect1><title>
 2754 #: sssd.conf.5.xml:2231
 2755 msgid "DOMAIN SECTIONS"
 2756 msgstr "RANNOÙ DOMANI"
 2757 
 2758 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2759 #: sssd.conf.5.xml:2238
 2760 msgid "enabled"
 2761 msgstr ""
 2762 
 2763 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2764 #: sssd.conf.5.xml:2241
 2765 msgid ""
 2766 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 2767 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
 2768 "always <quote>disabled</quote>. If this option is not set, the domain is "
 2769 "enabled only if it is listed in the domains option in the <quote>[sssd]</"
 2770 "quote> section."
 2771 msgstr ""
 2772 
 2773 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2774 #: sssd.conf.5.xml:2253
 2775 msgid "domain_type (string)"
 2776 msgstr ""
 2777 
 2778 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2779 #: sssd.conf.5.xml:2256
 2780 msgid ""
 2781 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 2782 "as the Name Service Switch or by applications that do not need POSIX data to "
 2783 "be present or generated. Only objects from POSIX domains are available to "
 2784 "the operating system interfaces and utilities."
 2785 msgstr ""
 2786 
 2787 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2788 #: sssd.conf.5.xml:2264
 2789 msgid ""
 2790 "Allowed values for this option are <quote>posix</quote> and "
 2791 "<quote>application</quote>."
 2792 msgstr ""
 2793 
 2794 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2795 #: sssd.conf.5.xml:2268
 2796 msgid ""
 2797 "POSIX domains are reachable by all services. Application domains are only "
 2798 "reachable from the InfoPipe responder (see <citerefentry> "
 2799 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 2800 "citerefentry>) and the PAM responder."
 2801 msgstr ""
 2802 
 2803 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2804 #: sssd.conf.5.xml:2276
 2805 msgid ""
 2806 "NOTE: The application domains are currently well tested with "
 2807 "<quote>id_provider=ldap</quote> only."
 2808 msgstr ""
 2809 
 2810 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2811 #: sssd.conf.5.xml:2280
 2812 msgid ""
 2813 "For an easy way to configure a non-POSIX domains, please see the "
 2814 "<quote>Application domains</quote> section."
 2815 msgstr ""
 2816 
 2817 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2818 #: sssd.conf.5.xml:2284
 2819 msgid "Default: posix"
 2820 msgstr ""
 2821 
 2822 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2823 #: sssd.conf.5.xml:2290
 2824 msgid "min_id,max_id (integer)"
 2825 msgstr ""
 2826 
 2827 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2828 #: sssd.conf.5.xml:2293
 2829 msgid ""
 2830 "UID and GID limits for the domain. If a domain contains an entry that is "
 2831 "outside these limits, it is ignored."
 2832 msgstr ""
 2833 
 2834 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2835 #: sssd.conf.5.xml:2298
 2836 msgid ""
 2837 "For users, this affects the primary GID limit. The user will not be returned "
 2838 "to NSS if either the UID or the primary GID is outside the range. For non-"
 2839 "primary group memberships, those that are in range will be reported as "
 2840 "expected."
 2841 msgstr ""
 2842 
 2843 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2844 #: sssd.conf.5.xml:2305
 2845 msgid ""
 2846 "These ID limits affect even saving entries to cache, not only returning them "
 2847 "by name or ID."
 2848 msgstr ""
 2849 
 2850 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2851 #: sssd.conf.5.xml:2309
 2852 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 2853 msgstr ""
 2854 
 2855 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2856 #: sssd.conf.5.xml:2315
 2857 msgid "enumerate (bool)"
 2858 msgstr ""
 2859 
 2860 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2861 #: sssd.conf.5.xml:2318
 2862 msgid ""
 2863 "Determines if a domain can be enumerated, that is, whether the domain can "
 2864 "list all the users and group it contains. Note that it is not required to "
 2865 "enable enumeration in order for secondary groups to be displayed. This "
 2866 "parameter can have one of the following values:"
 2867 msgstr ""
 2868 
 2869 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2870 #: sssd.conf.5.xml:2326
 2871 msgid "TRUE = Users and groups are enumerated"
 2872 msgstr ""
 2873 
 2874 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2875 #: sssd.conf.5.xml:2329
 2876 msgid "FALSE = No enumerations for this domain"
 2877 msgstr ""
 2878 
 2879 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2880 #: sssd.conf.5.xml:2332 sssd.conf.5.xml:2602 sssd.conf.5.xml:2778
 2881 msgid "Default: FALSE"
 2882 msgstr ""
 2883 
 2884 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2885 #: sssd.conf.5.xml:2335
 2886 msgid ""
 2887 "Enumerating a domain requires SSSD to download and store ALL user and group "
 2888 "entries from the remote server."
 2889 msgstr ""
 2890 
 2891 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2892 #: sssd.conf.5.xml:2340
 2893 msgid ""
 2894 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 2895 "enumeration is running. It may take up to several minutes after SSSD startup "
 2896 "to fully complete enumerations.  During this time, individual requests for "
 2897 "information will go directly to LDAP, though it may be slow, due to the "
 2898 "heavy enumeration processing. Saving a large number of entries to cache "
 2899 "after the enumeration completes might also be CPU intensive as the "
 2900 "memberships have to be recomputed. This can lead to the <quote>sssd_be</"
 2901 "quote> process becoming unresponsive or even restarted by the internal "
 2902 "watchdog."
 2903 msgstr ""
 2904 
 2905 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2906 #: sssd.conf.5.xml:2355
 2907 msgid ""
 2908 "While the first enumeration is running, requests for the complete user or "
 2909 "group lists may return no results until it completes."
 2910 msgstr ""
 2911 
 2912 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2913 #: sssd.conf.5.xml:2360
 2914 msgid ""
 2915 "Further, enabling enumeration may increase the time necessary to detect "
 2916 "network disconnection, as longer timeouts are required to ensure that "
 2917 "enumeration lookups are completed successfully.  For more information, refer "
 2918 "to the man pages for the specific id_provider in use."
 2919 msgstr ""
 2920 
 2921 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2922 #: sssd.conf.5.xml:2368
 2923 msgid ""
 2924 "For the reasons cited above, enabling enumeration is not recommended, "
 2925 "especially in large environments."
 2926 msgstr ""
 2927 
 2928 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2929 #: sssd.conf.5.xml:2376
 2930 msgid "subdomain_enumerate (string)"
 2931 msgstr ""
 2932 
 2933 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2934 #: sssd.conf.5.xml:2383
 2935 msgid "all"
 2936 msgstr ""
 2937 
 2938 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2939 #: sssd.conf.5.xml:2384
 2940 msgid "All discovered trusted domains will be enumerated"
 2941 msgstr ""
 2942 
 2943 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2944 #: sssd.conf.5.xml:2387
 2945 msgid "none"
 2946 msgstr ""
 2947 
 2948 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2949 #: sssd.conf.5.xml:2388
 2950 msgid "No discovered trusted domains will be enumerated"
 2951 msgstr ""
 2952 
 2953 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2954 #: sssd.conf.5.xml:2379
 2955 msgid ""
 2956 "Whether any of autodetected trusted domains should be enumerated. The "
 2957 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
 2958 "Optionally, a list of one or more domain names can enable enumeration just "
 2959 "for these trusted domains."
 2960 msgstr ""
 2961 
 2962 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2963 #: sssd.conf.5.xml:2402
 2964 msgid "entry_cache_timeout (integer)"
 2965 msgstr ""
 2966 
 2967 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2968 #: sssd.conf.5.xml:2405
 2969 msgid ""
 2970 "How many seconds should nss_sss consider entries valid before asking the "
 2971 "backend again"
 2972 msgstr ""
 2973 
 2974 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2975 #: sssd.conf.5.xml:2409
 2976 msgid ""
 2977 "The cache expiration timestamps are stored as attributes of individual "
 2978 "objects in the cache. Therefore, changing the cache timeout only has effect "
 2979 "for newly added or expired entries.  You should run the <citerefentry> "
 2980 "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
 2981 "citerefentry> tool in order to force refresh of entries that have already "
 2982 "been cached."
 2983 msgstr ""
 2984 
 2985 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2986 #: sssd.conf.5.xml:2422
 2987 msgid "Default: 5400"
 2988 msgstr ""
 2989 
 2990 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2991 #: sssd.conf.5.xml:2428
 2992 msgid "entry_cache_user_timeout (integer)"
 2993 msgstr ""
 2994 
 2995 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2996 #: sssd.conf.5.xml:2431
 2997 msgid ""
 2998 "How many seconds should nss_sss consider user entries valid before asking "
 2999 "the backend again"
 3000 msgstr ""
 3001 
 3002 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3003 #: sssd.conf.5.xml:2435 sssd.conf.5.xml:2448 sssd.conf.5.xml:2461
 3004 #: sssd.conf.5.xml:2474 sssd.conf.5.xml:2488 sssd.conf.5.xml:2501
 3005 #: sssd.conf.5.xml:2515 sssd.conf.5.xml:2529 sssd.conf.5.xml:2542
 3006 msgid "Default: entry_cache_timeout"
 3007 msgstr ""
 3008 
 3009 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3010 #: sssd.conf.5.xml:2441
 3011 msgid "entry_cache_group_timeout (integer)"
 3012 msgstr ""
 3013 
 3014 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3015 #: sssd.conf.5.xml:2444
 3016 msgid ""
 3017 "How many seconds should nss_sss consider group entries valid before asking "
 3018 "the backend again"
 3019 msgstr ""
 3020 
 3021 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3022 #: sssd.conf.5.xml:2454
 3023 msgid "entry_cache_netgroup_timeout (integer)"
 3024 msgstr ""
 3025 
 3026 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3027 #: sssd.conf.5.xml:2457
 3028 msgid ""
 3029 "How many seconds should nss_sss consider netgroup entries valid before "
 3030 "asking the backend again"
 3031 msgstr ""
 3032 
 3033 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3034 #: sssd.conf.5.xml:2467
 3035 msgid "entry_cache_service_timeout (integer)"
 3036 msgstr ""
 3037 
 3038 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3039 #: sssd.conf.5.xml:2470
 3040 msgid ""
 3041 "How many seconds should nss_sss consider service entries valid before asking "
 3042 "the backend again"
 3043 msgstr ""
 3044 
 3045 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3046 #: sssd.conf.5.xml:2480
 3047 msgid "entry_cache_resolver_timeout (integer)"
 3048 msgstr ""
 3049 
 3050 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3051 #: sssd.conf.5.xml:2483
 3052 msgid ""
 3053 "How many seconds should nss_sss consider hosts and networks entries valid "
 3054 "before asking the backend again"
 3055 msgstr ""
 3056 
 3057 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3058 #: sssd.conf.5.xml:2494
 3059 msgid "entry_cache_sudo_timeout (integer)"
 3060 msgstr ""
 3061 
 3062 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3063 #: sssd.conf.5.xml:2497
 3064 msgid ""
 3065 "How many seconds should sudo consider rules valid before asking the backend "
 3066 "again"
 3067 msgstr ""
 3068 
 3069 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3070 #: sssd.conf.5.xml:2507
 3071 msgid "entry_cache_autofs_timeout (integer)"
 3072 msgstr ""
 3073 
 3074 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3075 #: sssd.conf.5.xml:2510
 3076 msgid ""
 3077 "How many seconds should the autofs service consider automounter maps valid "
 3078 "before asking the backend again"
 3079 msgstr ""
 3080 
 3081 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3082 #: sssd.conf.5.xml:2521
 3083 msgid "entry_cache_ssh_host_timeout (integer)"
 3084 msgstr ""
 3085 
 3086 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3087 #: sssd.conf.5.xml:2524
 3088 msgid ""
 3089 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 3090 "the host key for."
 3091 msgstr ""
 3092 
 3093 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3094 #: sssd.conf.5.xml:2535
 3095 msgid "entry_cache_computer_timeout (integer)"
 3096 msgstr ""
 3097 
 3098 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3099 #: sssd.conf.5.xml:2538
 3100 msgid ""
 3101 "How many seconds to keep the local computer entry before asking the backend "
 3102 "again"
 3103 msgstr ""
 3104 
 3105 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3106 #: sssd.conf.5.xml:2548
 3107 msgid "refresh_expired_interval (integer)"
 3108 msgstr ""
 3109 
 3110 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3111 #: sssd.conf.5.xml:2551
 3112 msgid ""
 3113 "Specifies how many seconds SSSD has to wait before triggering a background "
 3114 "refresh task which will refresh all expired or nearly expired records."
 3115 msgstr ""
 3116 
 3117 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3118 #: sssd.conf.5.xml:2556
 3119 msgid ""
 3120 "The background refresh will process users, groups and netgroups in the "
 3121 "cache. For users who have performed the initgroups (get group membership for "
 3122 "user, typically ran at login)  operation in the past, both the user entry "
 3123 "and the group membership are updated."
 3124 msgstr ""
 3125 
 3126 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3127 #: sssd.conf.5.xml:2564
 3128 msgid "This option is automatically inherited for all trusted domains."
 3129 msgstr ""
 3130 
 3131 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3132 #: sssd.conf.5.xml:2568
 3133 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 3134 msgstr ""
 3135 
 3136 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3137 #: sssd.conf.5.xml:2572
 3138 msgid ""
 3139 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 3140 "has already passed.  If there are existing cached entries, the background "
 3141 "task will refer to their original cache timeout values instead of current "
 3142 "configuration value.  This may lead to a situation in which background "
 3143 "refresh task appears to not be working. This is done by design to improve "
 3144 "offline mode operation and reuse of existing valid cache entries.  To make "
 3145 "this change instant the user may want to manually invalidate existing cache."
 3146 msgstr ""
 3147 
 3148 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3149 #: sssd.conf.5.xml:2585 sssd-ldap.5.xml:350 sssd-ipa.5.xml:269
 3150 msgid "Default: 0 (disabled)"
 3151 msgstr ""
 3152 
 3153 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3154 #: sssd.conf.5.xml:2591
 3155 msgid "cache_credentials (bool)"
 3156 msgstr ""
 3157 
 3158 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3159 #: sssd.conf.5.xml:2594
 3160 msgid "Determines if user credentials are also cached in the local LDB cache"
 3161 msgstr ""
 3162 
 3163 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3164 #: sssd.conf.5.xml:2598
 3165 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 3166 msgstr ""
 3167 
 3168 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3169 #: sssd.conf.5.xml:2608
 3170 msgid "cache_credentials_minimal_first_factor_length (int)"
 3171 msgstr ""
 3172 
 3173 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3174 #: sssd.conf.5.xml:2611
 3175 msgid ""
 3176 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 3177 "this value determines the minimal length the first authentication factor "
 3178 "(long term password) must have to be saved as SHA512 hash into the cache."
 3179 msgstr ""
 3180 
 3181 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3182 #: sssd.conf.5.xml:2618
 3183 msgid ""
 3184 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 3185 "the cache which would make them easy targets for brute-force attacks."
 3186 msgstr ""
 3187 
 3188 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3189 #: sssd.conf.5.xml:2629
 3190 msgid "account_cache_expiration (integer)"
 3191 msgstr ""
 3192 
 3193 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3194 #: sssd.conf.5.xml:2632
 3195 msgid ""
 3196 "Number of days entries are left in cache after last successful login before "
 3197 "being removed during a cleanup of the cache. 0 means keep forever.  The "
 3198 "value of this parameter must be greater than or equal to "
 3199 "offline_credentials_expiration."
 3200 msgstr ""
 3201 
 3202 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3203 #: sssd.conf.5.xml:2639
 3204 msgid "Default: 0 (unlimited)"
 3205 msgstr ""
 3206 
 3207 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3208 #: sssd.conf.5.xml:2644
 3209 msgid "pwd_expiration_warning (integer)"
 3210 msgstr ""
 3211 
 3212 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3213 #: sssd.conf.5.xml:2655
 3214 msgid ""
 3215 "Please note that the backend server has to provide information about the "
 3216 "expiration time of the password.  If this information is missing, sssd "
 3217 "cannot display a warning. Also an auth provider has to be configured for the "
 3218 "backend."
 3219 msgstr ""
 3220 
 3221 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3222 #: sssd.conf.5.xml:2662
 3223 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 3224 msgstr ""
 3225 
 3226 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3227 #: sssd.conf.5.xml:2668
 3228 msgid "id_provider (string)"
 3229 msgstr ""
 3230 
 3231 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3232 #: sssd.conf.5.xml:2671
 3233 msgid ""
 3234 "The identification provider used for the domain.  Supported ID providers are:"
 3235 msgstr ""
 3236 
 3237 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3238 #: sssd.conf.5.xml:2675
 3239 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 3240 msgstr ""
 3241 
 3242 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3243 #: sssd.conf.5.xml:2678
 3244 msgid ""
 3245 "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 3246 msgstr ""
 3247 
 3248 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3249 #: sssd.conf.5.xml:2682
 3250 msgid ""
 3251 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 3252 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3253 "information on how to mirror local users and groups into SSSD."
 3254 msgstr ""
 3255 
 3256 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3257 #: sssd.conf.5.xml:2690
 3258 msgid ""
 3259 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 3260 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3261 "information on configuring LDAP."
 3262 msgstr ""
 3263 
 3264 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3265 #: sssd.conf.5.xml:2698 sssd.conf.5.xml:2804 sssd.conf.5.xml:2859
 3266 #: sssd.conf.5.xml:2922
 3267 msgid ""
 3268 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 3269 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
 3270 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3271 "FreeIPA."
 3272 msgstr ""
 3273 
 3274 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3275 #: sssd.conf.5.xml:2707 sssd.conf.5.xml:2813 sssd.conf.5.xml:2868
 3276 #: sssd.conf.5.xml:2931
 3277 msgid ""
 3278 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 3279 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3280 "citerefentry> for more information on configuring Active Directory."
 3281 msgstr ""
 3282 
 3283 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3284 #: sssd.conf.5.xml:2718
 3285 msgid "use_fully_qualified_names (bool)"
 3286 msgstr ""
 3287 
 3288 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3289 #: sssd.conf.5.xml:2721
 3290 msgid ""
 3291 "Use the full name and domain (as formatted by the domain's full_name_format) "
 3292 "as the user's login name reported to NSS."
 3293 msgstr ""
 3294 
 3295 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3296 #: sssd.conf.5.xml:2726
 3297 msgid ""
 3298 "If set to TRUE, all requests to this domain must use fully qualified names. "
 3299 "For example, if used in LOCAL domain that contains a \"test\" user, "
 3300 "<command>getent passwd test</command> wouldn't find the user while "
 3301 "<command>getent passwd test@LOCAL</command> would."
 3302 msgstr ""
 3303 
 3304 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3305 #: sssd.conf.5.xml:2734
 3306 msgid ""
 3307 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 3308 "include nested netgroups without qualified names. For netgroups, all domains "
 3309 "will be searched when an unqualified name is requested."
 3310 msgstr ""
 3311 
 3312 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3313 #: sssd.conf.5.xml:2741
 3314 msgid ""
 3315 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 3316 "default_domain_suffix is used)"
 3317 msgstr ""
 3318 
 3319 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3320 #: sssd.conf.5.xml:2748
 3321 msgid "ignore_group_members (bool)"
 3322 msgstr ""
 3323 
 3324 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3325 #: sssd.conf.5.xml:2751
 3326 msgid "Do not return group members for group lookups."
 3327 msgstr ""
 3328 
 3329 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3330 #: sssd.conf.5.xml:2754
 3331 msgid ""
 3332 "If set to TRUE, the group membership attribute is not requested from the "
 3333 "ldap server, and group members are not returned when processing group lookup "
 3334 "calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
 3335 "<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
 3336 "<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
 3337 "citerefentry>.  As an effect, <quote>getent group $groupname</quote> would "
 3338 "return the requested group as if it was empty."
 3339 msgstr ""
 3340 
 3341 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3342 #: sssd.conf.5.xml:2772
 3343 msgid ""
 3344 "Enabling this option can also make access provider checks for group "
 3345 "membership significantly faster, especially for groups containing many "
 3346 "members."
 3347 msgstr ""
 3348 
 3349 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3350 #: sssd.conf.5.xml:2783
 3351 msgid "auth_provider (string)"
 3352 msgstr ""
 3353 
 3354 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3355 #: sssd.conf.5.xml:2786
 3356 msgid ""
 3357 "The authentication provider used for the domain.  Supported auth providers "
 3358 "are:"
 3359 msgstr ""
 3360 
 3361 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3362 #: sssd.conf.5.xml:2790 sssd.conf.5.xml:2852
 3363 msgid ""
 3364 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 3365 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3366 "citerefentry> for more information on configuring LDAP."
 3367 msgstr ""
 3368 
 3369 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3370 #: sssd.conf.5.xml:2797
 3371 msgid ""
 3372 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 3373 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3374 "citerefentry> for more information on configuring Kerberos."
 3375 msgstr ""
 3376 
 3377 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3378 #: sssd.conf.5.xml:2821
 3379 msgid ""
 3380 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 3381 msgstr ""
 3382 
 3383 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3384 #: sssd.conf.5.xml:2824
 3385 msgid "<quote>local</quote>: SSSD internal provider for local users"
 3386 msgstr ""
 3387 
 3388 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3389 #: sssd.conf.5.xml:2828
 3390 msgid "<quote>none</quote> disables authentication explicitly."
 3391 msgstr ""
 3392 
 3393 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3394 #: sssd.conf.5.xml:2831
 3395 msgid ""
 3396 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3397 "authentication requests."
 3398 msgstr ""
 3399 
 3400 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3401 #: sssd.conf.5.xml:2837
 3402 msgid "access_provider (string)"
 3403 msgstr ""
 3404 
 3405 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3406 #: sssd.conf.5.xml:2840
 3407 msgid ""
 3408 "The access control provider used for the domain.  There are two built-in "
 3409 "access providers (in addition to any included in installed backends)  "
 3410 "Internal special providers are:"
 3411 msgstr ""
 3412 
 3413 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3414 #: sssd.conf.5.xml:2846
 3415 msgid ""
 3416 "<quote>permit</quote> always allow access. It's the only permitted access "
 3417 "provider for a local domain."
 3418 msgstr ""
 3419 
 3420 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3421 #: sssd.conf.5.xml:2849
 3422 msgid "<quote>deny</quote> always deny access."
 3423 msgstr ""
 3424 
 3425 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3426 #: sssd.conf.5.xml:2876
 3427 msgid ""
 3428 "<quote>simple</quote> access control based on access or deny lists. See "
 3429 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 3430 "manvolnum></citerefentry> for more information on configuring the simple "
 3431 "access module."
 3432 msgstr ""
 3433 
 3434 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3435 #: sssd.conf.5.xml:2883
 3436 msgid ""
 3437 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 3438 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 3439 "citerefentry> for more information on configuring Kerberos."
 3440 msgstr ""
 3441 
 3442 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3443 #: sssd.conf.5.xml:2890
 3444 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 3445 msgstr ""
 3446 
 3447 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3448 #: sssd.conf.5.xml:2893
 3449 msgid "Default: <quote>permit</quote>"
 3450 msgstr ""
 3451 
 3452 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3453 #: sssd.conf.5.xml:2898
 3454 msgid "chpass_provider (string)"
 3455 msgstr ""
 3456 
 3457 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3458 #: sssd.conf.5.xml:2901
 3459 msgid ""
 3460 "The provider which should handle change password operations for the domain.  "
 3461 "Supported change password providers are:"
 3462 msgstr ""
 3463 
 3464 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3465 #: sssd.conf.5.xml:2906
 3466 msgid ""
 3467 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 3468 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3469 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3470 msgstr ""
 3471 
 3472 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3473 #: sssd.conf.5.xml:2914
 3474 msgid ""
 3475 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 3476 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3477 "citerefentry> for more information on configuring Kerberos."
 3478 msgstr ""
 3479 
 3480 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3481 #: sssd.conf.5.xml:2939
 3482 msgid ""
 3483 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 3484 msgstr ""
 3485 
 3486 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3487 #: sssd.conf.5.xml:2943
 3488 msgid "<quote>none</quote> disallows password changes explicitly."
 3489 msgstr ""
 3490 
 3491 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3492 #: sssd.conf.5.xml:2946
 3493 msgid ""
 3494 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 3495 "change password requests."
 3496 msgstr ""
 3497 
 3498 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3499 #: sssd.conf.5.xml:2953
 3500 msgid "sudo_provider (string)"
 3501 msgstr ""
 3502 
 3503 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3504 #: sssd.conf.5.xml:2956
 3505 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 3506 msgstr ""
 3507 
 3508 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3509 #: sssd.conf.5.xml:2960
 3510 msgid ""
 3511 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 3512 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3513 "citerefentry> for more information on configuring LDAP."
 3514 msgstr ""
 3515 
 3516 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3517 #: sssd.conf.5.xml:2968
 3518 msgid ""
 3519 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 3520 "settings."
 3521 msgstr ""
 3522 
 3523 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3524 #: sssd.conf.5.xml:2972
 3525 msgid ""
 3526 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 3527 "settings."
 3528 msgstr ""
 3529 
 3530 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3531 #: sssd.conf.5.xml:2976
 3532 msgid "<quote>none</quote> disables SUDO explicitly."
 3533 msgstr ""
 3534 
 3535 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3536 #: sssd.conf.5.xml:2979 sssd.conf.5.xml:3065 sssd.conf.5.xml:3135
 3537 #: sssd.conf.5.xml:3160 sssd.conf.5.xml:3196
 3538 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 3539 msgstr ""
 3540 
 3541 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3542 #: sssd.conf.5.xml:2983
 3543 msgid ""
 3544 "The detailed instructions for configuration of sudo_provider are in the "
 3545 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
 3546 "<manvolnum>5</manvolnum> </citerefentry>.  There are many configuration "
 3547 "options that can be used to adjust the behavior. Please refer to "
 3548 "\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
 3549 "<manvolnum>5</manvolnum> </citerefentry>."
 3550 msgstr ""
 3551 
 3552 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3553 #: sssd.conf.5.xml:2998
 3554 msgid ""
 3555 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 3556 "background unless the sudo provider is explicitly disabled. Set "
 3557 "<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
 3558 "activity in SSSD if you do not want to use sudo with SSSD at all."
 3559 msgstr ""
 3560 
 3561 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3562 #: sssd.conf.5.xml:3008
 3563 msgid "selinux_provider (string)"
 3564 msgstr ""
 3565 
 3566 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3567 #: sssd.conf.5.xml:3011
 3568 msgid ""
 3569 "The provider which should handle loading of selinux settings. Note that this "
 3570 "provider will be called right after access provider ends.  Supported selinux "
 3571 "providers are:"
 3572 msgstr ""
 3573 
 3574 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3575 #: sssd.conf.5.xml:3017
 3576 msgid ""
 3577 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 3578 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3579 "manvolnum> </citerefentry> for more information on configuring IPA."
 3580 msgstr ""
 3581 
 3582 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3583 #: sssd.conf.5.xml:3025
 3584 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 3585 msgstr ""
 3586 
 3587 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3588 #: sssd.conf.5.xml:3028
 3589 msgid ""
 3590 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3591 "selinux loading requests."
 3592 msgstr ""
 3593 
 3594 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3595 #: sssd.conf.5.xml:3034
 3596 msgid "subdomains_provider (string)"
 3597 msgstr ""
 3598 
 3599 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3600 #: sssd.conf.5.xml:3037
 3601 msgid ""
 3602 "The provider which should handle fetching of subdomains. This value should "
 3603 "be always the same as id_provider.  Supported subdomain providers are:"
 3604 msgstr ""
 3605 
 3606 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3607 #: sssd.conf.5.xml:3043
 3608 msgid ""
 3609 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 3610 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3611 "manvolnum> </citerefentry> for more information on configuring IPA."
 3612 msgstr ""
 3613 
 3614 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3615 #: sssd.conf.5.xml:3052
 3616 msgid ""
 3617 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 3618 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
 3619 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3620 "the AD provider."
 3621 msgstr ""
 3622 
 3623 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3624 #: sssd.conf.5.xml:3061
 3625 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 3626 msgstr ""
 3627 
 3628 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3629 #: sssd.conf.5.xml:3071
 3630 msgid "session_provider (string)"
 3631 msgstr ""
 3632 
 3633 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3634 #: sssd.conf.5.xml:3074
 3635 msgid ""
 3636 "The provider which configures and manages user session related tasks. The "
 3637 "only user session task currently provided is the integration with Fleet "
 3638 "Commander, which works only with IPA.  Supported session providers are:"
 3639 msgstr ""
 3640 
 3641 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3642 #: sssd.conf.5.xml:3081
 3643 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 3644 msgstr ""
 3645 
 3646 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3647 #: sssd.conf.5.xml:3085
 3648 msgid ""
 3649 "<quote>none</quote> does not perform any kind of user session related tasks."
 3650 msgstr ""
 3651 
 3652 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3653 #: sssd.conf.5.xml:3089
 3654 msgid ""
 3655 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 3656 "session related tasks."
 3657 msgstr ""
 3658 
 3659 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3660 #: sssd.conf.5.xml:3093
 3661 msgid ""
 3662 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 3663 "SSSD must be running as \"root\" and not as the unprivileged user."
 3664 msgstr ""
 3665 
 3666 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3667 #: sssd.conf.5.xml:3101
 3668 msgid "autofs_provider (string)"
 3669 msgstr ""
 3670 
 3671 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3672 #: sssd.conf.5.xml:3104
 3673 msgid ""
 3674 "The autofs provider used for the domain.  Supported autofs providers are:"
 3675 msgstr ""
 3676 
 3677 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3678 #: sssd.conf.5.xml:3108
 3679 msgid ""
 3680 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 3681 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3682 "citerefentry> for more information on configuring LDAP."
 3683 msgstr ""
 3684 
 3685 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3686 #: sssd.conf.5.xml:3115
 3687 msgid ""
 3688 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 3689 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
 3690 "citerefentry> for more information on configuring IPA."
 3691 msgstr ""
 3692 
 3693 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3694 #: sssd.conf.5.xml:3123
 3695 msgid ""
 3696 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 3697 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3698 "citerefentry> for more information on configuring the AD provider."
 3699 msgstr ""
 3700 
 3701 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3702 #: sssd.conf.5.xml:3132
 3703 msgid "<quote>none</quote> disables autofs explicitly."
 3704 msgstr ""
 3705 
 3706 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3707 #: sssd.conf.5.xml:3142
 3708 msgid "hostid_provider (string)"
 3709 msgstr ""
 3710 
 3711 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3712 #: sssd.conf.5.xml:3145
 3713 msgid ""
 3714 "The provider used for retrieving host identity information.  Supported "
 3715 "hostid providers are:"
 3716 msgstr ""
 3717 
 3718 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3719 #: sssd.conf.5.xml:3149
 3720 msgid ""
 3721 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 3722 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3723 "manvolnum> </citerefentry> for more information on configuring IPA."
 3724 msgstr ""
 3725 
 3726 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3727 #: sssd.conf.5.xml:3157
 3728 msgid "<quote>none</quote> disables hostid explicitly."
 3729 msgstr ""
 3730 
 3731 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3732 #: sssd.conf.5.xml:3167
 3733 msgid "resolver_provider (string)"
 3734 msgstr ""
 3735 
 3736 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3737 #: sssd.conf.5.xml:3170
 3738 msgid ""
 3739 "The provider which should handle hosts and networks lookups. Supported "
 3740 "resolver providers are:"
 3741 msgstr ""
 3742 
 3743 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3744 #: sssd.conf.5.xml:3174
 3745 msgid ""
 3746 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 3747 "<quote>proxy_resolver_lib_name</quote>"
 3748 msgstr ""
 3749 
 3750 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3751 #: sssd.conf.5.xml:3178
 3752 msgid ""
 3753 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 3754 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3755 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3756 msgstr ""
 3757 
 3758 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3759 #: sssd.conf.5.xml:3185
 3760 msgid ""
 3761 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 3762 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
 3763 "manvolnum> </citerefentry> for more information on configuring the AD "
 3764 "provider."
 3765 msgstr ""
 3766 
 3767 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3768 #: sssd.conf.5.xml:3193
 3769 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 3770 msgstr ""
 3771 
 3772 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3773 #: sssd.conf.5.xml:3206
 3774 msgid ""
 3775 "Regular expression for this domain that describes how to parse the string "
 3776 "containing user name and domain into these components.  The \"domain\" can "
 3777 "match either the SSSD configuration domain name, or, in the case of IPA "
 3778 "trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
 3779 "the domain."
 3780 msgstr ""
 3781 
 3782 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3783 #: sssd.conf.5.xml:3215
 3784 msgid ""
 3785 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 3786 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
 3787 "P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
 3788 "user names:"
 3789 msgstr ""
 3790 
 3791 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3792 #: sssd.conf.5.xml:3220
 3793 msgid "username"
 3794 msgstr ""
 3795 
 3796 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3797 #: sssd.conf.5.xml:3223
 3798 msgid "username@domain.name"
 3799 msgstr ""
 3800 
 3801 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3802 #: sssd.conf.5.xml:3226
 3803 msgid "domain\\username"
 3804 msgstr ""
 3805 
 3806 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3807 #: sssd.conf.5.xml:3229
 3808 msgid ""
 3809 "While the first two correspond to the general default the third one is "
 3810 "introduced to allow easy integration of users from Windows domains."
 3811 msgstr ""
 3812 
 3813 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3814 #: sssd.conf.5.xml:3234
 3815 msgid ""
 3816 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 3817 "which translates to \"the name is everything up to the <quote>@</quote> "
 3818 "sign, the domain everything after that\""
 3819 msgstr ""
 3820 
 3821 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3822 #: sssd.conf.5.xml:3240
 3823 msgid ""
 3824 "NOTE: Some Active Directory groups, typically those used for MS Exchange "
 3825 "contain an <quote>@</quote> sign in the name, which clashes with the default "
 3826 "re_expression value for the AD and IPA providers. To support these groups, "
 3827 "consider changing the re_expression value to: <quote>((?P&lt;name&gt;.+)@(?"
 3828 "P&lt;domain&gt;[^@]+$))</quote>."
 3829 msgstr ""
 3830 
 3831 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3832 #: sssd.conf.5.xml:3291
 3833 msgid "Default: <quote>%1$s@%2$s</quote>."
 3834 msgstr ""
 3835 
 3836 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3837 #: sssd.conf.5.xml:3297
 3838 msgid "lookup_family_order (string)"
 3839 msgstr ""
 3840 
 3841 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3842 #: sssd.conf.5.xml:3300
 3843 msgid ""
 3844 "Provides the ability to select preferred address family to use when "
 3845 "performing DNS lookups."
 3846 msgstr ""
 3847 
 3848 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3849 #: sssd.conf.5.xml:3304
 3850 msgid "Supported values:"
 3851 msgstr ""
 3852 
 3853 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3854 #: sssd.conf.5.xml:3307
 3855 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 3856 msgstr ""
 3857 
 3858 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3859 #: sssd.conf.5.xml:3310
 3860 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 3861 msgstr ""
 3862 
 3863 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3864 #: sssd.conf.5.xml:3313
 3865 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 3866 msgstr ""
 3867 
 3868 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3869 #: sssd.conf.5.xml:3316
 3870 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 3871 msgstr ""
 3872 
 3873 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3874 #: sssd.conf.5.xml:3319
 3875 msgid "Default: ipv4_first"
 3876 msgstr ""
 3877 
 3878 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3879 #: sssd.conf.5.xml:3325
 3880 msgid "dns_resolver_timeout (integer)"
 3881 msgstr ""
 3882 
 3883 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3884 #: sssd.conf.5.xml:3328
 3885 msgid ""
 3886 "Defines the amount of time (in seconds) to wait for a reply from the "
 3887 "internal fail over service before assuming that the service is unreachable. "
 3888 "If this timeout is reached, the domain will continue to operate in offline "
 3889 "mode."
 3890 msgstr ""
 3891 
 3892 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3893 #: sssd.conf.5.xml:3335
 3894 msgid ""
 3895 "Please see the section <quote>FAILOVER</quote> for more information about "
 3896 "the service resolution."
 3897 msgstr ""
 3898 
 3899 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3900 #: sssd.conf.5.xml:3346
 3901 msgid "dns_discovery_domain (string)"
 3902 msgstr ""
 3903 
 3904 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3905 #: sssd.conf.5.xml:3349
 3906 msgid ""
 3907 "If service discovery is used in the back end, specifies the domain part of "
 3908 "the service discovery DNS query."
 3909 msgstr ""
 3910 
 3911 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3912 #: sssd.conf.5.xml:3353
 3913 msgid "Default: Use the domain part of machine's hostname"
 3914 msgstr ""
 3915 
 3916 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3917 #: sssd.conf.5.xml:3359
 3918 msgid "override_gid (integer)"
 3919 msgstr ""
 3920 
 3921 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3922 #: sssd.conf.5.xml:3362
 3923 msgid "Override the primary GID value with the one specified."
 3924 msgstr ""
 3925 
 3926 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3927 #: sssd.conf.5.xml:3368
 3928 msgid "case_sensitive (string)"
 3929 msgstr ""
 3930 
 3931 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3932 #: sssd.conf.5.xml:3379
 3933 msgid "True"
 3934 msgstr ""
 3935 
 3936 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3937 #: sssd.conf.5.xml:3382
 3938 msgid "Case sensitive. This value is invalid for AD provider."
 3939 msgstr ""
 3940 
 3941 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3942 #: sssd.conf.5.xml:3388
 3943 msgid "False"
 3944 msgstr ""
 3945 
 3946 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3947 #: sssd.conf.5.xml:3390
 3948 msgid "Case insensitive."
 3949 msgstr ""
 3950 
 3951 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3952 #: sssd.conf.5.xml:3394
 3953 msgid "Preserving"
 3954 msgstr ""
 3955 
 3956 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3957 #: sssd.conf.5.xml:3397
 3958 msgid ""
 3959 "Same as False (case insensitive), but does not lowercase names in the result "
 3960 "of NSS operations. Note that name aliases (and in case of services also "
 3961 "protocol names) are still lowercased in the output."
 3962 msgstr ""
 3963 
 3964 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3965 #: sssd.conf.5.xml:3405
 3966 msgid ""
 3967 "If you want to set this value for trusted domain with IPA provider, you need "
 3968 "to set it on both the client and SSSD on the server."
 3969 msgstr ""
 3970 
 3971 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3972 #: sssd.conf.5.xml:3371
 3973 msgid ""
 3974 "Treat user and group names as case sensitive.  <phrase condition="
 3975 "\"enable_local_provider\"> At the moment, this option is not supported in "
 3976 "the local provider.  </phrase> Possible option values are: <placeholder type="
 3977 "\"variablelist\" id=\"0\"/>"
 3978 msgstr ""
 3979 
 3980 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3981 #: sssd.conf.5.xml:3415
 3982 msgid ""
 3983 "This option can be also set per subdomain or inherited via "
 3984 "<emphasis>subdomain_inherit</emphasis>."
 3985 msgstr ""
 3986 
 3987 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3988 #: sssd.conf.5.xml:3420
 3989 msgid "Default: True (False for AD provider)"
 3990 msgstr ""
 3991 
 3992 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3993 #: sssd.conf.5.xml:3426
 3994 msgid "subdomain_inherit (string)"
 3995 msgstr ""
 3996 
 3997 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3998 #: sssd.conf.5.xml:3429
 3999 msgid ""
 4000 "Specifies a list of configuration parameters that should be inherited by a "
 4001 "subdomain. Please note that only selected parameters can be inherited.  "
 4002 "Currently the following options can be inherited:"
 4003 msgstr ""
 4004 
 4005 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4006 #: sssd.conf.5.xml:3435
 4007 msgid "ignore_group_members"
 4008 msgstr ""
 4009 
 4010 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4011 #: sssd.conf.5.xml:3438
 4012 msgid "ldap_purge_cache_timeout"
 4013 msgstr ""
 4014 
 4015 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4016 #: sssd.conf.5.xml:3441 sssd-ldap.5.xml:390
 4017 msgid "ldap_use_tokengroups"
 4018 msgstr ""
 4019 
 4020 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4021 #: sssd.conf.5.xml:3444
 4022 msgid "ldap_user_principal"
 4023 msgstr ""
 4024 
 4025 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4026 #: sssd.conf.5.xml:3447
 4027 msgid ""
 4028 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 4029 "is not set explicitly)"
 4030 msgstr ""
 4031 
 4032 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4033 #: sssd.conf.5.xml:3451
 4034 msgid "auto_private_groups"
 4035 msgstr ""
 4036 
 4037 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4038 #: sssd.conf.5.xml:3454
 4039 msgid "case_sensitive"
 4040 msgstr ""
 4041 
 4042 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4043 #: sssd.conf.5.xml:3459
 4044 #, no-wrap
 4045 msgid ""
 4046 "subdomain_inherit = ldap_purge_cache_timeout\n"
 4047 "                            "
 4048 msgstr ""
 4049 
 4050 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4051 #: sssd.conf.5.xml:3466
 4052 msgid "Note: This option only works with the IPA and AD provider."
 4053 msgstr ""
 4054 
 4055 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4056 #: sssd.conf.5.xml:3473
 4057 msgid "subdomain_homedir (string)"
 4058 msgstr ""
 4059 
 4060 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4061 #: sssd.conf.5.xml:3484
 4062 msgid "%F"
 4063 msgstr ""
 4064 
 4065 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4066 #: sssd.conf.5.xml:3485
 4067 msgid "flat (NetBIOS) name of a subdomain."
 4068 msgstr ""
 4069 
 4070 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4071 #: sssd.conf.5.xml:3476
 4072 msgid ""
 4073 "Use this homedir as default value for all subdomains within this domain in "
 4074 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
 4075 "possible values. In addition to those, the expansion below can only be used "
 4076 "with <emphasis>subdomain_homedir</emphasis>.  <placeholder type="
 4077 "\"variablelist\" id=\"0\"/>"
 4078 msgstr ""
 4079 
 4080 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4081 #: sssd.conf.5.xml:3490
 4082 msgid ""
 4083 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 4084 msgstr ""
 4085 
 4086 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4087 #: sssd.conf.5.xml:3494
 4088 msgid "Default: <filename>/home/%d/%u</filename>"
 4089 msgstr ""
 4090 
 4091 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4092 #: sssd.conf.5.xml:3499
 4093 msgid "realmd_tags (string)"
 4094 msgstr ""
 4095 
 4096 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4097 #: sssd.conf.5.xml:3502
 4098 msgid ""
 4099 "Various tags stored by the realmd configuration service for this domain."
 4100 msgstr ""
 4101 
 4102 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4103 #: sssd.conf.5.xml:3508
 4104 msgid "cached_auth_timeout (int)"
 4105 msgstr ""
 4106 
 4107 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4108 #: sssd.conf.5.xml:3511
 4109 msgid ""
 4110 "Specifies time in seconds since last successful online authentication for "
 4111 "which user will be authenticated using cached credentials while SSSD is in "
 4112 "the online mode. If the credentials are incorrect, SSSD falls back to online "
 4113 "authentication."
 4114 msgstr ""
 4115 
 4116 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4117 #: sssd.conf.5.xml:3519
 4118 msgid ""
 4119 "This option's value is inherited by all trusted domains. At the moment it is "
 4120 "not possible to set a different value per trusted domain."
 4121 msgstr ""
 4122 
 4123 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4124 #: sssd.conf.5.xml:3524
 4125 msgid "Special value 0 implies that this feature is disabled."
 4126 msgstr ""
 4127 
 4128 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4129 #: sssd.conf.5.xml:3528
 4130 msgid ""
 4131 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 4132 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
 4133 "<quote>initgroups.</quote>"
 4134 msgstr ""
 4135 
 4136 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4137 #: sssd.conf.5.xml:3539
 4138 msgid "auto_private_groups (string)"
 4139 msgstr ""
 4140 
 4141 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4142 #: sssd.conf.5.xml:3545
 4143 msgid "true"
 4144 msgstr ""
 4145 
 4146 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4147 #: sssd.conf.5.xml:3548
 4148 msgid ""
 4149 "Create user's private group unconditionally from user's UID number.  The GID "
 4150 "number is ignored in this case."
 4151 msgstr ""
 4152 
 4153 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4154 #: sssd.conf.5.xml:3552
 4155 msgid ""
 4156 "NOTE: Because the GID number and the user private group are inferred from "
 4157 "the UID number, it is not supported to have multiple entries with the same "
 4158 "UID or GID number with this option. In other words, enabling this option "
 4159 "enforces uniqueness across the ID space."
 4160 msgstr ""
 4161 
 4162 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4163 #: sssd.conf.5.xml:3561
 4164 msgid "false"
 4165 msgstr ""
 4166 
 4167 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4168 #: sssd.conf.5.xml:3564
 4169 msgid ""
 4170 "Always use the user's primary GID number. The GID number must refer to a "
 4171 "group object in the LDAP database."
 4172 msgstr ""
 4173 
 4174 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4175 #: sssd.conf.5.xml:3570
 4176 msgid "hybrid"
 4177 msgstr ""
 4178 
 4179 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4180 #: sssd.conf.5.xml:3573
 4181 msgid ""
 4182 "A primary group is autogenerated for user entries whose UID and GID numbers "
 4183 "have the same value and at the same time the GID number does not correspond "
 4184 "to a real group object in LDAP.  If the values are the same, but the primary "
 4185 "GID in the user entry is also used by a group object, the primary GID of the "
 4186 "user resolves to that group object."
 4187 msgstr ""
 4188 
 4189 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4190 #: sssd.conf.5.xml:3586
 4191 msgid ""
 4192 "If the UID and GID of a user are different, then the GID must correspond to "
 4193 "a group entry, otherwise the GID is simply not resolvable."
 4194 msgstr ""
 4195 
 4196 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4197 #: sssd.conf.5.xml:3593
 4198 msgid ""
 4199 "This feature is useful for environments that wish to stop maintaining a "
 4200 "separate group objects for the user private groups, but also wish to retain "
 4201 "the existing user private groups."
 4202 msgstr ""
 4203 
 4204 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4205 #: sssd.conf.5.xml:3542
 4206 msgid ""
 4207 "This option takes any of three available values: <placeholder type="
 4208 "\"variablelist\" id=\"0\"/>"
 4209 msgstr ""
 4210 
 4211 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4212 #: sssd.conf.5.xml:3605
 4213 msgid ""
 4214 "For subdomains, the default value is False for subdomains that use assigned "
 4215 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 4216 msgstr ""
 4217 
 4218 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4219 #: sssd.conf.5.xml:3613
 4220 #, no-wrap
 4221 msgid ""
 4222 "[domain/forest.domain/sub.domain]\n"
 4223 "auto_private_groups = false\n"
 4224 msgstr ""
 4225 
 4226 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4227 #: sssd.conf.5.xml:3619
 4228 #, no-wrap
 4229 msgid ""
 4230 "[domain/forest.domain]\n"
 4231 "subdomain_inherit = auto_private_groups\n"
 4232 "auto_private_groups = false\n"
 4233 msgstr ""
 4234 
 4235 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4236 #: sssd.conf.5.xml:3610
 4237 msgid ""
 4238 "The value of auto_private_groups can either be set per subdomains in a "
 4239 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
 4240 "globally for all subdomains in the main domain section using the "
 4241 "subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>"
 4242 msgstr ""
 4243 
 4244 #. type: Content of: <reference><refentry><refsect1><para>
 4245 #: sssd.conf.5.xml:2233
 4246 msgid ""
 4247 "These configuration options can be present in a domain configuration "
 4248 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 4249 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 4250 msgstr ""
 4251 
 4252 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4253 #: sssd.conf.5.xml:3634
 4254 msgid "proxy_pam_target (string)"
 4255 msgstr ""
 4256 
 4257 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4258 #: sssd.conf.5.xml:3637
 4259 msgid "The proxy target PAM proxies to."
 4260 msgstr ""
 4261 
 4262 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4263 #: sssd.conf.5.xml:3640
 4264 msgid ""
 4265 "Default: not set by default, you have to take an existing pam configuration "
 4266 "or create a new one and add the service name here."
 4267 msgstr ""
 4268 
 4269 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4270 #: sssd.conf.5.xml:3648
 4271 msgid "proxy_lib_name (string)"
 4272 msgstr ""
 4273 
 4274 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4275 #: sssd.conf.5.xml:3651
 4276 msgid ""
 4277 "The name of the NSS library to use in proxy domains. The NSS functions "
 4278 "searched for in the library are in the form of _nss_$(libName)_$(function), "
 4279 "for example _nss_files_getpwent."
 4280 msgstr ""
 4281 
 4282 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4283 #: sssd.conf.5.xml:3661
 4284 msgid "proxy_resolver_lib_name (string)"
 4285 msgstr ""
 4286 
 4287 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4288 #: sssd.conf.5.xml:3664
 4289 msgid ""
 4290 "The name of the NSS library to use for hosts and networks lookups in proxy "
 4291 "domains. The NSS functions searched for in the library are in the form of "
 4292 "_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r."
 4293 msgstr ""
 4294 
 4295 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4296 #: sssd.conf.5.xml:3675
 4297 msgid "proxy_fast_alias (boolean)"
 4298 msgstr ""
 4299 
 4300 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4301 #: sssd.conf.5.xml:3678
 4302 msgid ""
 4303 "When a user or group is looked up by name in the proxy provider, a second "
 4304 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
 4305 "name was an alias. Setting this option to true would cause the SSSD to "
 4306 "perform the ID lookup from cache for performance reasons."
 4307 msgstr ""
 4308 
 4309 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4310 #: sssd.conf.5.xml:3692
 4311 msgid "proxy_max_children (integer)"
 4312 msgstr ""
 4313 
 4314 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4315 #: sssd.conf.5.xml:3695
 4316 msgid ""
 4317 "This option specifies the number of pre-forked proxy children. It is useful "
 4318 "for high-load SSSD environments where sssd may run out of available child "
 4319 "slots, which would cause some issues due to the requests being queued."
 4320 msgstr ""
 4321 
 4322 #. type: Content of: <reference><refentry><refsect1><para>
 4323 #: sssd.conf.5.xml:3630
 4324 msgid ""
 4325 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 4326 "\"0\"/>"
 4327 msgstr ""
 4328 
 4329 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4330 #: sssd.conf.5.xml:3711
 4331 msgid "Application domains"
 4332 msgstr ""
 4333 
 4334 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4335 #: sssd.conf.5.xml:3713
 4336 msgid ""
 4337 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 4338 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
 4339 "applications as a gateway to an LDAP directory where users and groups are "
 4340 "stored. However, contrary to the traditional SSSD deployment where all users "
 4341 "and groups either have POSIX attributes or those attributes can be inferred "
 4342 "from the Windows SIDs, in many cases the users and groups in the application "
 4343 "support scenario have no POSIX attributes.  Instead of setting a "
 4344 "<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
 4345 "administrator can set up an <quote>[application/<replaceable>NAME</"
 4346 "replaceable>]</quote> section that internally represents a domain with type "
 4347 "<quote>application</quote> optionally inherits settings from a tradition "
 4348 "SSSD domain."
 4349 msgstr ""
 4350 
 4351 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4352 #: sssd.conf.5.xml:3733
 4353 msgid ""
 4354 "Please note that the application domain must still be explicitly enabled in "
 4355 "the <quote>domains</quote> parameter so that the lookup order between the "
 4356 "application domain and its POSIX sibling domain is set correctly."
 4357 msgstr ""
 4358 
 4359 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 4360 #: sssd.conf.5.xml:3739
 4361 msgid "Application domain parameters"
 4362 msgstr ""
 4363 
 4364 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4365 #: sssd.conf.5.xml:3741
 4366 msgid "inherit_from (string)"
 4367 msgstr ""
 4368 
 4369 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4370 #: sssd.conf.5.xml:3744
 4371 msgid ""
 4372 "The SSSD POSIX-type domain the application domain inherits all settings "
 4373 "from. The application domain can moreover add its own settings to the "
 4374 "application settings that augment or override the <quote>sibling</quote> "
 4375 "domain settings."
 4376 msgstr ""
 4377 
 4378 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4379 #: sssd.conf.5.xml:3758
 4380 msgid ""
 4381 "The following example illustrates the use of an application domain. In this "
 4382 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
 4383 "through the NSS responder. In addition, the application domain also requests "
 4384 "the telephoneNumber attribute, stores it as the phone attribute in the cache "
 4385 "and makes the phone attribute reachable through the D-Bus interface."
 4386 msgstr ""
 4387 
 4388 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
 4389 #: sssd.conf.5.xml:3766
 4390 #, no-wrap
 4391 msgid ""
 4392 "[sssd]\n"
 4393 "domains = appdom, posixdom\n"
 4394 "\n"
 4395 "[ifp]\n"
 4396 "user_attributes = +phone\n"
 4397 "\n"
 4398 "[domain/posixdom]\n"
 4399 "id_provider = ldap\n"
 4400 "ldap_uri = ldap://ldap.example.com\n"
 4401 "ldap_search_base = dc=example,dc=com\n"
 4402 "\n"
 4403 "[application/appdom]\n"
 4404 "inherit_from = posixdom\n"
 4405 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 4406 msgstr ""
 4407 
 4408 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4409 #: sssd.conf.5.xml:3784
 4410 msgid "The local domain section"
 4411 msgstr ""
 4412 
 4413 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4414 #: sssd.conf.5.xml:3786
 4415 msgid ""
 4416 "This section contains settings for domain that stores users and groups in "
 4417 "SSSD native database, that is, a domain that uses "
 4418 "<replaceable>id_provider=local</replaceable>."
 4419 msgstr ""
 4420 
 4421 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4422 #: sssd.conf.5.xml:3793
 4423 msgid "default_shell (string)"
 4424 msgstr ""
 4425 
 4426 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4427 #: sssd.conf.5.xml:3796
 4428 msgid "The default shell for users created with SSSD userspace tools."
 4429 msgstr ""
 4430 
 4431 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4432 #: sssd.conf.5.xml:3800
 4433 msgid "Default: <filename>/bin/bash</filename>"
 4434 msgstr ""
 4435 
 4436 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4437 #: sssd.conf.5.xml:3805
 4438 msgid "base_directory (string)"
 4439 msgstr ""
 4440 
 4441 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4442 #: sssd.conf.5.xml:3808
 4443 msgid ""
 4444 "The tools append the login name to <replaceable>base_directory</replaceable> "
 4445 "and use that as the home directory."
 4446 msgstr ""
 4447 
 4448 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4449 #: sssd.conf.5.xml:3813
 4450 msgid "Default: <filename>/home</filename>"
 4451 msgstr ""
 4452 
 4453 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4454 #: sssd.conf.5.xml:3818
 4455 msgid "create_homedir (bool)"
 4456 msgstr ""
 4457 
 4458 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4459 #: sssd.conf.5.xml:3821
 4460 msgid ""
 4461 "Indicate if a home directory should be created by default for new users.  "
 4462 "Can be overridden on command line."
 4463 msgstr ""
 4464 
 4465 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4466 #: sssd.conf.5.xml:3825 sssd.conf.5.xml:3837
 4467 msgid "Default: TRUE"
 4468 msgstr ""
 4469 
 4470 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4471 #: sssd.conf.5.xml:3830
 4472 msgid "remove_homedir (bool)"
 4473 msgstr ""
 4474 
 4475 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4476 #: sssd.conf.5.xml:3833
 4477 msgid ""
 4478 "Indicate if a home directory should be removed by default for deleted "
 4479 "users.  Can be overridden on command line."
 4480 msgstr ""
 4481 
 4482 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4483 #: sssd.conf.5.xml:3842
 4484 msgid "homedir_umask (integer)"
 4485 msgstr ""
 4486 
 4487 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4488 #: sssd.conf.5.xml:3845
 4489 msgid ""
 4490 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 4491 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 4492 "on a newly created home directory."
 4493 msgstr ""
 4494 
 4495 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4496 #: sssd.conf.5.xml:3853
 4497 msgid "Default: 077"
 4498 msgstr ""
 4499 
 4500 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4501 #: sssd.conf.5.xml:3858
 4502 msgid "skel_dir (string)"
 4503 msgstr ""
 4504 
 4505 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4506 #: sssd.conf.5.xml:3861
 4507 msgid ""
 4508 "The skeleton directory, which contains files and directories to be copied in "
 4509 "the user's home directory, when the home directory is created by "
 4510 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 4511 "manvolnum> </citerefentry>"
 4512 msgstr ""
 4513 
 4514 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4515 #: sssd.conf.5.xml:3871
 4516 msgid "Default: <filename>/etc/skel</filename>"
 4517 msgstr ""
 4518 
 4519 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4520 #: sssd.conf.5.xml:3876
 4521 msgid "mail_dir (string)"
 4522 msgstr ""
 4523 
 4524 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4525 #: sssd.conf.5.xml:3879
 4526 msgid ""
 4527 "The mail spool directory. This is needed to manipulate the mailbox when its "
 4528 "corresponding user account is modified or deleted.  If not specified, a "
 4529 "default value is used."
 4530 msgstr ""
 4531 
 4532 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4533 #: sssd.conf.5.xml:3886
 4534 msgid "Default: <filename>/var/mail</filename>"
 4535 msgstr ""
 4536 
 4537 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4538 #: sssd.conf.5.xml:3891
 4539 msgid "userdel_cmd (string)"
 4540 msgstr ""
 4541 
 4542 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4543 #: sssd.conf.5.xml:3894
 4544 msgid ""
 4545 "The command that is run after a user is removed.  The command us passed the "
 4546 "username of the user being removed as the first and only parameter. The "
 4547 "return code of the command is not taken into account."
 4548 msgstr ""
 4549 
 4550 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4551 #: sssd.conf.5.xml:3900
 4552 msgid "Default: None, no command is run"
 4553 msgstr ""
 4554 
 4555 #. type: Content of: <reference><refentry><refsect1><title>
 4556 #: sssd.conf.5.xml:3910
 4557 msgid "TRUSTED DOMAIN SECTION"
 4558 msgstr ""
 4559 
 4560 #. type: Content of: <reference><refentry><refsect1><para>
 4561 #: sssd.conf.5.xml:3912
 4562 msgid ""
 4563 "Some options used in the domain section can also be used in the trusted "
 4564 "domain section, that is, in a section called <quote>[domain/"
 4565 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
 4566 "replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
 4567 "domain. Please refer to examples below for explanation.  Currently supported "
 4568 "options in the trusted domain section are:"
 4569 msgstr ""
 4570 
 4571 #. type: Content of: <reference><refentry><refsect1><para>
 4572 #: sssd.conf.5.xml:3919
 4573 msgid "ldap_search_base,"
 4574 msgstr ""
 4575 
 4576 #. type: Content of: <reference><refentry><refsect1><para>
 4577 #: sssd.conf.5.xml:3920
 4578 msgid "ldap_user_search_base,"
 4579 msgstr ""
 4580 
 4581 #. type: Content of: <reference><refentry><refsect1><para>
 4582 #: sssd.conf.5.xml:3921
 4583 msgid "ldap_group_search_base,"
 4584 msgstr ""
 4585 
 4586 #. type: Content of: <reference><refentry><refsect1><para>
 4587 #: sssd.conf.5.xml:3922
 4588 msgid "ldap_netgroup_search_base,"
 4589 msgstr ""
 4590 
 4591 #. type: Content of: <reference><refentry><refsect1><para>
 4592 #: sssd.conf.5.xml:3923
 4593 msgid "ldap_service_search_base,"
 4594 msgstr ""
 4595 
 4596 #. type: Content of: <reference><refentry><refsect1><para>
 4597 #: sssd.conf.5.xml:3924
 4598 msgid "ldap_sasl_mech,"
 4599 msgstr ""
 4600 
 4601 #. type: Content of: <reference><refentry><refsect1><para>
 4602 #: sssd.conf.5.xml:3925
 4603 msgid "ad_server,"
 4604 msgstr ""
 4605 
 4606 #. type: Content of: <reference><refentry><refsect1><para>
 4607 #: sssd.conf.5.xml:3926
 4608 msgid "ad_backup_server,"
 4609 msgstr ""
 4610 
 4611 #. type: Content of: <reference><refentry><refsect1><para>
 4612 #: sssd.conf.5.xml:3927
 4613 msgid "ad_site,"
 4614 msgstr ""
 4615 
 4616 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 4617 #: sssd.conf.5.xml:3928 sssd-ipa.5.xml:811
 4618 msgid "use_fully_qualified_names"
 4619 msgstr ""
 4620 
 4621 #. type: Content of: <reference><refentry><refsect1><para>
 4622 #: sssd.conf.5.xml:3932
 4623 msgid ""
 4624 "For more details about these options see their individual description in the "
 4625 "manual page."
 4626 msgstr ""
 4627 
 4628 #. type: Content of: <reference><refentry><refsect1><title>
 4629 #: sssd.conf.5.xml:3938
 4630 msgid "CERTIFICATE MAPPING SECTION"
 4631 msgstr ""
 4632 
 4633 #. type: Content of: <reference><refentry><refsect1><para>
 4634 #: sssd.conf.5.xml:3940
 4635 msgid ""
 4636 "To allow authentication with Smartcards and certificates SSSD must be able "
 4637 "to map certificates to users. This can be done by adding the full "
 4638 "certificate to the LDAP object of the user or to a local override. While "
 4639 "using the full certificate is required to use the Smartcard authentication "
 4640 "feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 4641 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it "
 4642 "might be cumbersome or not even possible to do this for the general case "
 4643 "where local services use PAM for authentication."
 4644 msgstr ""
 4645 
 4646 #. type: Content of: <reference><refentry><refsect1><para>
 4647 #: sssd.conf.5.xml:3954
 4648 msgid ""
 4649 "To make the mapping more flexible mapping and matching rules were added to "
 4650 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
 4651 "<manvolnum>5</manvolnum> </citerefentry> for details)."
 4652 msgstr ""
 4653 
 4654 #. type: Content of: <reference><refentry><refsect1><para>
 4655 #: sssd.conf.5.xml:3963
 4656 msgid ""
 4657 "A mapping and matching rule can be added to the SSSD configuration in a "
 4658 "section on its own with a name like <quote>[certmap/"
 4659 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</"
 4660 "replaceable>]</quote>.  In this section the following options are allowed:"
 4661 msgstr ""
 4662 
 4663 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4664 #: sssd.conf.5.xml:3970
 4665 msgid "matchrule (string)"
 4666 msgstr ""
 4667 
 4668 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4669 #: sssd.conf.5.xml:3973
 4670 msgid ""
 4671 "Only certificates from the Smartcard which matches this rule will be "
 4672 "processed, all others are ignored."
 4673 msgstr ""
 4674 
 4675 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4676 #: sssd.conf.5.xml:3977
 4677 msgid ""
 4678 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 4679 "Extended Key Usage <quote>clientAuth</quote>"
 4680 msgstr ""
 4681 
 4682 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4683 #: sssd.conf.5.xml:3984
 4684 msgid "maprule (string)"
 4685 msgstr ""
 4686 
 4687 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4688 #: sssd.conf.5.xml:3987
 4689 msgid "Defines how the user is found for a given certificate."
 4690 msgstr ""
 4691 
 4692 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4693 #: sssd.conf.5.xml:3993
 4694 msgid ""
 4695 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 4696 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 4697 msgstr ""
 4698 
 4699 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4700 #: sssd.conf.5.xml:3999
 4701 msgid ""
 4702 "The RULE_NAME for the <quote>files</quote> provider which tries to find a "
 4703 "user with the same name."
 4704 msgstr ""
 4705 
 4706 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4707 #: sssd.conf.5.xml:4008
 4708 msgid "domains (string)"
 4709 msgstr ""
 4710 
 4711 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4712 #: sssd.conf.5.xml:4011
 4713 msgid ""
 4714 "Comma separated list of domain names the rule should be applied. By default "
 4715 "a rule is only valid in the domain configured in sssd.conf. If the provider "
 4716 "supports subdomains this option can be used to add the rule to subdomains as "
 4717 "well."
 4718 msgstr ""
 4719 
 4720 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4721 #: sssd.conf.5.xml:4018
 4722 msgid "Default: the configured domain in sssd.conf"
 4723 msgstr ""
 4724 
 4725 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4726 #: sssd.conf.5.xml:4023
 4727 msgid "priority (integer)"
 4728 msgstr ""
 4729 
 4730 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4731 #: sssd.conf.5.xml:4026
 4732 msgid ""
 4733 "Unsigned integer value defining the priority of the rule. The higher the "
 4734 "number the lower the priority.  <quote>0</quote> stands for the highest "
 4735 "priority while <quote>4294967295</quote> is the lowest."
 4736 msgstr ""
 4737 
 4738 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4739 #: sssd.conf.5.xml:4032
 4740 msgid "Default: the lowest priority"
 4741 msgstr ""
 4742 
 4743 #. type: Content of: <reference><refentry><refsect1><para>
 4744 #: sssd.conf.5.xml:4038
 4745 msgid ""
 4746 "To make the configuration simple and reduce the amount of configuration "
 4747 "options the <quote>files</quote> provider has some special properties:"
 4748 msgstr ""
 4749 
 4750 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4751 #: sssd.conf.5.xml:4044
 4752 msgid ""
 4753 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 4754 "matching user"
 4755 msgstr ""
 4756 
 4757 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4758 #: sssd.conf.5.xml:4050
 4759 msgid ""
 4760 "if a maprule is used both a single user name or a template like "
 4761 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
 4762 "<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</"
 4763 "quote>"
 4764 msgstr ""
 4765 
 4766 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4767 #: sssd.conf.5.xml:4059
 4768 msgid "the <quote>domains</quote> option is ignored"
 4769 msgstr ""
 4770 
 4771 #. type: Content of: <reference><refentry><refsect1><title>
 4772 #: sssd.conf.5.xml:4067
 4773 msgid "PROMPTING CONFIGURATION SECTION"
 4774 msgstr ""
 4775 
 4776 #. type: Content of: <reference><refentry><refsect1><para>
 4777 #: sssd.conf.5.xml:4069
 4778 msgid ""
 4779 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 4780 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
 4781 "which authentication methods are available for the user trying to log in.  "
 4782 "Based on the results pam_sss will prompt the user for appropriate "
 4783 "credentials."
 4784 msgstr ""
 4785 
 4786 #. type: Content of: <reference><refentry><refsect1><para>
 4787 #: sssd.conf.5.xml:4077
 4788 msgid ""
 4789 "With the growing number of authentication methods and the possibility that "
 4790 "there are multiple ones for a single user the heuristic used by pam_sss to "
 4791 "select the prompting might not be suitable for all use cases. The following "
 4792 "options should provide a better flexibility here."
 4793 msgstr ""
 4794 
 4795 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4796 #: sssd.conf.5.xml:4089
 4797 msgid "[prompting/password]"
 4798 msgstr ""
 4799 
 4800 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4801 #: sssd.conf.5.xml:4092
 4802 msgid "password_prompt"
 4803 msgstr ""
 4804 
 4805 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4806 #: sssd.conf.5.xml:4093
 4807 msgid "to change the string of the password prompt"
 4808 msgstr ""
 4809 
 4810 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4811 #: sssd.conf.5.xml:4091
 4812 msgid ""
 4813 "to configure password prompting, allowed options are: <placeholder type="
 4814 "\"variablelist\" id=\"0\"/>"
 4815 msgstr ""
 4816 
 4817 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4818 #: sssd.conf.5.xml:4101
 4819 msgid "[prompting/2fa]"
 4820 msgstr ""
 4821 
 4822 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4823 #: sssd.conf.5.xml:4105
 4824 msgid "first_prompt"
 4825 msgstr ""
 4826 
 4827 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4828 #: sssd.conf.5.xml:4106
 4829 msgid "to change the string of the prompt for the first factor"
 4830 msgstr ""
 4831 
 4832 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4833 #: sssd.conf.5.xml:4109
 4834 msgid "second_prompt"
 4835 msgstr ""
 4836 
 4837 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4838 #: sssd.conf.5.xml:4110
 4839 msgid "to change the string of the prompt for the second factor"
 4840 msgstr ""
 4841 
 4842 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4843 #: sssd.conf.5.xml:4113
 4844 msgid "single_prompt"
 4845 msgstr ""
 4846 
 4847 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4848 #: sssd.conf.5.xml:4114
 4849 msgid ""
 4850 "boolean value, if True there will be only a single prompt using the value of "
 4851 "first_prompt where it is expected that both factors are entered as a single "
 4852 "string"
 4853 msgstr ""
 4854 
 4855 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4856 #: sssd.conf.5.xml:4103
 4857 msgid ""
 4858 "to configure two-factor authentication prompting, allowed options are: "
 4859 "<placeholder type=\"variablelist\" id=\"0\"/>"
 4860 msgstr ""
 4861 
 4862 #. type: Content of: <reference><refentry><refsect1><para>
 4863 #: sssd.conf.5.xml:4084
 4864 msgid ""
 4865 "Each supported authentication method has its own configuration subsection "
 4866 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
 4867 "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>"
 4868 msgstr ""
 4869 
 4870 #. type: Content of: <reference><refentry><refsect1><para>
 4871 #: sssd.conf.5.xml:4126
 4872 msgid ""
 4873 "It is possible to add a subsection for specific PAM services, e.g. "
 4874 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
 4875 "for this service."
 4876 msgstr ""
 4877 
 4878 #. type: Content of: <reference><refentry><refsect1><title>
 4879 #: sssd.conf.5.xml:4133 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 4880 msgid "EXAMPLES"
 4881 msgstr ""
 4882 
 4883 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4884 #: sssd.conf.5.xml:4139
 4885 #, no-wrap
 4886 msgid ""
 4887 "[sssd]\n"
 4888 "domains = LDAP\n"
 4889 "services = nss, pam\n"
 4890 "config_file_version = 2\n"
 4891 "\n"
 4892 "[nss]\n"
 4893 "filter_groups = root\n"
 4894 "filter_users = root\n"
 4895 "\n"
 4896 "[pam]\n"
 4897 "\n"
 4898 "[domain/LDAP]\n"
 4899 "id_provider = ldap\n"
 4900 "ldap_uri = ldap://ldap.example.com\n"
 4901 "ldap_search_base = dc=example,dc=com\n"
 4902 "\n"
 4903 "auth_provider = krb5\n"
 4904 "krb5_server = kerberos.example.com\n"
 4905 "krb5_realm = EXAMPLE.COM\n"
 4906 "cache_credentials = true\n"
 4907 "\n"
 4908 "min_id = 10000\n"
 4909 "max_id = 20000\n"
 4910 "enumerate = False\n"
 4911 msgstr ""
 4912 
 4913 #. type: Content of: <reference><refentry><refsect1><para>
 4914 #: sssd.conf.5.xml:4135
 4915 msgid ""
 4916 "1. The following example shows a typical SSSD config. It does not describe "
 4917 "configuration of the domains themselves - refer to documentation on "
 4918 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 4919 "id=\"0\"/>"
 4920 msgstr ""
 4921 
 4922 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4923 #: sssd.conf.5.xml:4172
 4924 #, no-wrap
 4925 msgid ""
 4926 "[domain/ipa.com/child.ad.com]\n"
 4927 "use_fully_qualified_names = false\n"
 4928 msgstr ""
 4929 
 4930 #. type: Content of: <reference><refentry><refsect1><para>
 4931 #: sssd.conf.5.xml:4166
 4932 msgid ""
 4933 "2. The following example shows configuration of IPA AD trust where the AD "
 4934 "forest consists of two domains in a parent-child structure.  Suppose IPA "
 4935 "domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
 4936 "(child.ad.com). To enable shortnames in the child domain the following "
 4937 "configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
 4938 ">"
 4939 msgstr ""
 4940 
 4941 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4942 #: sssd.conf.5.xml:4186
 4943 #, no-wrap
 4944 msgid ""
 4945 "[certmap/my.domain/rule_name]\n"
 4946 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$\n"
 4947 "maprule = (userCertificate;binary={cert!bin})\n"
 4948 "domains = my.domain, your.domain\n"
 4949 "priority = 10\n"
 4950 "\n"
 4951 "[certmap/files/myname]\n"
 4952 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$&lt;SUBJECT&gt;^CN=User.Name,DC=MY,DC=DOMAIN$\n"
 4953 msgstr ""
 4954 
 4955 #. type: Content of: <reference><refentry><refsect1><para>
 4956 #: sssd.conf.5.xml:4177
 4957 msgid ""
 4958 "3. The following example shows the configuration for two certificate mapping "
 4959 "rules. The first is valid for the configured domain <quote>my.domain</quote> "
 4960 "and additionally for the subdomains <quote>your.domain</quote> and uses the "
 4961 "full certificate in the search filter. The second example is valid for the "
 4962 "domain <quote>files</quote> where it is assumed the files provider is used "
 4963 "for this domain and contains a matching rule for the local user "
 4964 "<quote>myname</quote>.  <placeholder type=\"programlisting\" id=\"0\"/>"
 4965 msgstr ""
 4966 
 4967 #. type: Content of: <reference><refentry><refnamediv><refname>
 4968 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 4969 msgid "sssd-ldap"
 4970 msgstr ""
 4971 
 4972 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 4973 #: sssd-ldap.5.xml:17
 4974 msgid "SSSD LDAP provider"
 4975 msgstr ""
 4976 
 4977 #. type: Content of: <reference><refentry><refsect1><para>
 4978 #: sssd-ldap.5.xml:23
 4979 msgid ""
 4980 "This manual page describes the configuration of LDAP domains for "
 4981 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 4982 "</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
 4983 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 4984 "manvolnum> </citerefentry> manual page for detailed syntax information."
 4985 msgstr ""
 4986 
 4987 #. type: Content of: <reference><refentry><refsect1><para>
 4988 #: sssd-ldap.5.xml:35
 4989 msgid "You can configure SSSD to use more than one LDAP domain."
 4990 msgstr ""
 4991 
 4992 #. type: Content of: <reference><refentry><refsect1><para>
 4993 #: sssd-ldap.5.xml:38
 4994 msgid ""
 4995 "LDAP back end supports id, auth, access and chpass providers. If you want to "
 4996 "authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
 4997 "<command>sssd</command> <emphasis>does not</emphasis> support authentication "
 4998 "over an unencrypted channel.  If the LDAP server is used only as an identity "
 4999 "provider, an encrypted channel is not needed. Please refer to "
 5000 "<quote>ldap_access_filter</quote> config option for more information about "
 5001 "using LDAP as an access provider."
 5002 msgstr ""
 5003 
 5004 #. type: Content of: <reference><refentry><refsect1><title>
 5005 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 5006 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:78
 5007 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:166
 5008 msgid "CONFIGURATION OPTIONS"
 5009 msgstr ""
 5010 
 5011 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5012 #: sssd-ldap.5.xml:66
 5013 msgid "ldap_uri, ldap_backup_uri (string)"
 5014 msgstr ""
 5015 
 5016 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5017 #: sssd-ldap.5.xml:69
 5018 msgid ""
 5019 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5020 "should connect in the order of preference. Refer to the <quote>FAILOVER</"
 5021 "quote> section for more information on failover and server redundancy.  If "
 5022 "neither option is specified, service discovery is enabled. For more "
 5023 "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 5024 msgstr ""
 5025 
 5026 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 5027 #: sssd-ldap.5.xml:76 sssd-secrets.5.xml:264
 5028 msgid "The format of the URI must match the format defined in RFC 2732:"
 5029 msgstr ""
 5030 
 5031 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5032 #: sssd-ldap.5.xml:79
 5033 msgid "ldap[s]://&lt;host&gt;[:port]"
 5034 msgstr ""
 5035 
 5036 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5037 #: sssd-ldap.5.xml:82
 5038 msgid ""
 5039 "For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
 5040 msgstr ""
 5041 
 5042 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5043 #: sssd-ldap.5.xml:85
 5044 msgid "example: ldap://[fc00::126:25]:389"
 5045 msgstr ""
 5046 
 5047 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5048 #: sssd-ldap.5.xml:91
 5049 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
 5050 msgstr ""
 5051 
 5052 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5053 #: sssd-ldap.5.xml:94
 5054 msgid ""
 5055 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5056 "should connect in the order of preference to change the password of a user. "
 5057 "Refer to the <quote>FAILOVER</quote> section for more information on "
 5058 "failover and server redundancy."
 5059 msgstr ""
 5060 
 5061 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5062 #: sssd-ldap.5.xml:101
 5063 msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
 5064 msgstr ""
 5065 
 5066 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5067 #: sssd-ldap.5.xml:105
 5068 msgid "Default: empty, i.e. ldap_uri is used."
 5069 msgstr ""
 5070 
 5071 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5072 #: sssd-ldap.5.xml:111
 5073 msgid "ldap_search_base (string)"
 5074 msgstr ""
 5075 
 5076 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5077 #: sssd-ldap.5.xml:114
 5078 msgid "The default base DN to use for performing LDAP user operations."
 5079 msgstr ""
 5080 
 5081 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5082 #: sssd-ldap.5.xml:118
 5083 msgid ""
 5084 "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
 5085 "syntax:"
 5086 msgstr ""
 5087 
 5088 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5089 #: sssd-ldap.5.xml:122
 5090 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 5091 msgstr ""
 5092 
 5093 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5094 #: sssd-ldap.5.xml:125
 5095 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
 5096 msgstr ""
 5097 
 5098 #. type: Content of: <listitem><para>
 5099 #: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18
 5100 msgid ""
 5101 "The filter must be a valid LDAP search filter as specified by http://www."
 5102 "ietf.org/rfc/rfc2254.txt"
 5103 msgstr ""
 5104 
 5105 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5106 #: sssd-ldap.5.xml:132 sssd-ad.5.xml:288 sss_override.8.xml:143
 5107 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453
 5108 msgid "Examples:"
 5109 msgstr ""
 5110 
 5111 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5112 #: sssd-ldap.5.xml:135
 5113 msgid ""
 5114 "ldap_search_base = dc=example,dc=com (which is equivalent to)  "
 5115 "ldap_search_base = dc=example,dc=com?subtree?"
 5116 msgstr ""
 5117 
 5118 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5119 #: sssd-ldap.5.xml:140
 5120 msgid ""
 5121 "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
 5122 "(host=thishost)?dc=example.com?subtree?"
 5123 msgstr ""
 5124 
 5125 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5126 #: sssd-ldap.5.xml:143
 5127 msgid ""
 5128 "Note: It is unsupported to have multiple search bases which reference "
 5129 "identically-named objects (for example, groups with the same name in two "
 5130 "different search bases). This will lead to unpredictable behavior on client "
 5131 "machines."
 5132 msgstr ""
 5133 
 5134 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5135 #: sssd-ldap.5.xml:150
 5136 msgid ""
 5137 "Default: If not set, the value of the defaultNamingContext or namingContexts "
 5138 "attribute from the RootDSE of the LDAP server is used. If "
 5139 "defaultNamingContext does not exist or has an empty value namingContexts is "
 5140 "used.  The namingContexts attribute must have a single value with the DN of "
 5141 "the search base of the LDAP server to make this work. Multiple values are "
 5142 "are not supported."
 5143 msgstr ""
 5144 
 5145 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5146 #: sssd-ldap.5.xml:164
 5147 msgid "ldap_schema (string)"
 5148 msgstr ""
 5149 
 5150 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5151 #: sssd-ldap.5.xml:167
 5152 msgid ""
 5153 "Specifies the Schema Type in use on the target LDAP server.  Depending on "
 5154 "the selected schema, the default attribute names retrieved from the servers "
 5155 "may vary.  The way that some attributes are handled may also differ."
 5156 msgstr ""
 5157 
 5158 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5159 #: sssd-ldap.5.xml:174
 5160 msgid "Four schema types are currently supported:"
 5161 msgstr ""
 5162 
 5163 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5164 #: sssd-ldap.5.xml:178
 5165 msgid "rfc2307"
 5166 msgstr ""
 5167 
 5168 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5169 #: sssd-ldap.5.xml:183
 5170 msgid "rfc2307bis"
 5171 msgstr ""
 5172 
 5173 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5174 #: sssd-ldap.5.xml:188
 5175 msgid "IPA"
 5176 msgstr ""
 5177 
 5178 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5179 #: sssd-ldap.5.xml:193
 5180 msgid "AD"
 5181 msgstr ""
 5182 
 5183 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5184 #: sssd-ldap.5.xml:199
 5185 msgid ""
 5186 "The main difference between these schema types is how group memberships are "
 5187 "recorded in the server.  With rfc2307, group members are listed by name in "
 5188 "the <emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, "
 5189 "group members are listed by DN and stored in the <emphasis>member</emphasis> "
 5190 "attribute.  The AD schema type sets the attributes to correspond with Active "
 5191 "Directory 2008r2 values."
 5192 msgstr ""
 5193 
 5194 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5195 #: sssd-ldap.5.xml:209
 5196 msgid "Default: rfc2307"
 5197 msgstr ""
 5198 
 5199 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5200 #: sssd-ldap.5.xml:215
 5201 msgid "ldap_pwmodify_mode (string)"
 5202 msgstr ""
 5203 
 5204 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5205 #: sssd-ldap.5.xml:218
 5206 msgid "Specify the operation that is used to modify user password."
 5207 msgstr ""
 5208 
 5209 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5210 #: sssd-ldap.5.xml:222
 5211 msgid "Two modes are currently supported:"
 5212 msgstr ""
 5213 
 5214 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5215 #: sssd-ldap.5.xml:226
 5216 msgid "exop - Password Modify Extended Operation (RFC 3062)"
 5217 msgstr ""
 5218 
 5219 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5220 #: sssd-ldap.5.xml:232
 5221 msgid "ldap_modify - Direct modification of userPassword (not recommended)."
 5222 msgstr ""
 5223 
 5224 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5225 #: sssd-ldap.5.xml:239
 5226 msgid ""
 5227 "Note: First, a new connection is established to verify current password by "
 5228 "binding as the user that requested password change. If successful, this "
 5229 "connection is used to change the password therefore the user must have write "
 5230 "access to userPassword attribute."
 5231 msgstr ""
 5232 
 5233 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5234 #: sssd-ldap.5.xml:247
 5235 msgid "Default: exop"
 5236 msgstr ""
 5237 
 5238 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5239 #: sssd-ldap.5.xml:253
 5240 msgid "ldap_default_bind_dn (string)"
 5241 msgstr ""
 5242 
 5243 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5244 #: sssd-ldap.5.xml:256
 5245 msgid "The default bind DN to use for performing LDAP operations."
 5246 msgstr ""
 5247 
 5248 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5249 #: sssd-ldap.5.xml:263
 5250 msgid "ldap_default_authtok_type (string)"
 5251 msgstr ""
 5252 
 5253 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5254 #: sssd-ldap.5.xml:266
 5255 msgid "The type of the authentication token of the default bind DN."
 5256 msgstr ""
 5257 
 5258 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5259 #: sssd-ldap.5.xml:270
 5260 msgid "The two mechanisms currently supported are:"
 5261 msgstr ""
 5262 
 5263 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5264 #: sssd-ldap.5.xml:273
 5265 msgid "password"
 5266 msgstr ""
 5267 
 5268 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5269 #: sssd-ldap.5.xml:276
 5270 msgid "obfuscated_password"
 5271 msgstr ""
 5272 
 5273 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5274 #: sssd-ldap.5.xml:279
 5275 msgid "Default: password"
 5276 msgstr ""
 5277 
 5278 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5279 #: sssd-ldap.5.xml:282
 5280 msgid ""
 5281 "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> "
 5282 "<manvolnum>8</manvolnum> </citerefentry> manual page for more information."
 5283 msgstr ""
 5284 
 5285 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5286 #: sssd-ldap.5.xml:293
 5287 msgid "ldap_default_authtok (string)"
 5288 msgstr ""
 5289 
 5290 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5291 #: sssd-ldap.5.xml:296
 5292 msgid "The authentication token of the default bind DN."
 5293 msgstr ""
 5294 
 5295 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5296 #: sssd-ldap.5.xml:302
 5297 msgid "ldap_force_upper_case_realm (boolean)"
 5298 msgstr ""
 5299 
 5300 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5301 #: sssd-ldap.5.xml:305
 5302 msgid ""
 5303 "Some directory servers, for example Active Directory, might deliver the "
 5304 "realm part of the UPN in lower case, which might cause the authentication to "
 5305 "fail. Set this option to a non-zero value if you want to use an upper-case "
 5306 "realm."
 5307 msgstr ""
 5308 
 5309 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5310 #: sssd-ldap.5.xml:318
 5311 msgid "ldap_enumeration_refresh_timeout (integer)"
 5312 msgstr ""
 5313 
 5314 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5315 #: sssd-ldap.5.xml:321
 5316 msgid ""
 5317 "Specifies how many seconds SSSD has to wait before refreshing its cache of "
 5318 "enumerated records."
 5319 msgstr ""
 5320 
 5321 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5322 #: sssd-ldap.5.xml:332
 5323 msgid "ldap_purge_cache_timeout (integer)"
 5324 msgstr ""
 5325 
 5326 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5327 #: sssd-ldap.5.xml:335
 5328 msgid ""
 5329 "Determine how often to check the cache for inactive entries (such as groups "
 5330 "with no members and users who have never logged in) and remove them to save "
 5331 "space."
 5332 msgstr ""
 5333 
 5334 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5335 #: sssd-ldap.5.xml:341
 5336 msgid ""
 5337 "Setting this option to zero will disable the cache cleanup operation. Please "
 5338 "note that if enumeration is enabled, the cleanup task is required in order "
 5339 "to detect entries removed from the server and can't be disabled. By default, "
 5340 "the cleanup task will run every 3 hours with enumeration enabled."
 5341 msgstr ""
 5342 
 5343 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5344 #: sssd-ldap.5.xml:356
 5345 msgid "ldap_group_nesting_level (integer)"
 5346 msgstr ""
 5347 
 5348 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5349 #: sssd-ldap.5.xml:359
 5350 msgid ""
 5351 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 5352 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
 5353 "follow. This option has no effect on the RFC2307 schema."
 5354 msgstr ""
 5355 
 5356 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5357 #: sssd-ldap.5.xml:366
 5358 msgid ""
 5359 "Note: This option specifies the guaranteed level of nested groups to be "
 5360 "processed for any lookup. However, nested groups beyond this limit "
 5361 "<emphasis>may be</emphasis> returned if previous lookups already resolved "
 5362 "the deeper nesting levels.  Also, subsequent lookups for other groups may "
 5363 "enlarge the result set for original lookup if re-queried."
 5364 msgstr ""
 5365 
 5366 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5367 #: sssd-ldap.5.xml:375
 5368 msgid ""
 5369 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 5370 "at all. However, when connected to Active-Directory Server 2008 and later "
 5371 "using <quote>id_provider=ad</quote> it is furthermore required to disable "
 5372 "usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
 5373 "restrict group nesting."
 5374 msgstr ""
 5375 
 5376 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5377 #: sssd-ldap.5.xml:384
 5378 msgid "Default: 2"
 5379 msgstr ""
 5380 
 5381 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5382 #: sssd-ldap.5.xml:393
 5383 msgid ""
 5384 "This options enables or disables use of Token-Groups attribute when "
 5385 "performing initgroup for users from Active Directory Server 2008 and later."
 5386 msgstr ""
 5387 
 5388 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5389 #: sssd-ldap.5.xml:398
 5390 msgid "Default: True for AD and IPA otherwise False."
 5391 msgstr ""
 5392 
 5393 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5394 #: sssd-ldap.5.xml:404
 5395 msgid "ldap_host_search_base (string)"
 5396 msgstr ""
 5397 
 5398 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5399 #: sssd-ldap.5.xml:407
 5400 msgid "Optional. Use the given string as search base for host objects."
 5401 msgstr ""
 5402 
 5403 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5404 #: sssd-ldap.5.xml:411 sssd-ipa.5.xml:389 sssd-ipa.5.xml:408 sssd-ipa.5.xml:427
 5405 #: sssd-ipa.5.xml:446
 5406 msgid ""
 5407 "See <quote>ldap_search_base</quote> for information about configuring "
 5408 "multiple search bases."
 5409 msgstr ""
 5410 
 5411 #. type: Content of: <listitem><para>
 5412 #: sssd-ldap.5.xml:416 sssd-ipa.5.xml:394 include/ldap_search_bases.xml:27
 5413 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 5414 msgstr ""
 5415 
 5416 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5417 #: sssd-ldap.5.xml:423
 5418 msgid "ldap_service_search_base (string)"
 5419 msgstr ""
 5420 
 5421 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5422 #: sssd-ldap.5.xml:428
 5423 msgid "ldap_iphost_search_base (string)"
 5424 msgstr ""
 5425 
 5426 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5427 #: sssd-ldap.5.xml:433
 5428 msgid "ldap_ipnetwork_search_base (string)"
 5429 msgstr ""
 5430 
 5431 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5432 #: sssd-ldap.5.xml:438
 5433 msgid "ldap_search_timeout (integer)"
 5434 msgstr ""
 5435 
 5436 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5437 #: sssd-ldap.5.xml:441
 5438 msgid ""
 5439 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 5440 "before they are cancelled and cached results are returned (and offline mode "
 5441 "is entered)"
 5442 msgstr ""
 5443 
 5444 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5445 #: sssd-ldap.5.xml:447
 5446 msgid ""
 5447 "Note: this option is subject to change in future versions of the SSSD. It "
 5448 "will likely be replaced at some point by a series of timeouts for specific "
 5449 "lookup types."
 5450 msgstr ""
 5451 
 5452 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5453 #: sssd-ldap.5.xml:459
 5454 msgid "ldap_enumeration_search_timeout (integer)"
 5455 msgstr ""
 5456 
 5457 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5458 #: sssd-ldap.5.xml:462
 5459 msgid ""
 5460 "Specifies the timeout (in seconds) that ldap searches for user and group "
 5461 "enumerations are allowed to run before they are cancelled and cached results "
 5462 "are returned (and offline mode is entered)"
 5463 msgstr ""
 5464 
 5465 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5466 #: sssd-ldap.5.xml:475
 5467 msgid "ldap_network_timeout (integer)"
 5468 msgstr ""
 5469 
 5470 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5471 #: sssd-ldap.5.xml:478
 5472 msgid ""
 5473 "Specifies the timeout (in seconds) after which the <citerefentry> "
 5474 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
 5475 "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
 5476 "manvolnum> </citerefentry> following a <citerefentry> "
 5477 "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
 5478 "citerefentry> returns in case of no activity."
 5479 msgstr ""
 5480 
 5481 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5482 #: sssd-ldap.5.xml:501
 5483 msgid "ldap_opt_timeout (integer)"
 5484 msgstr ""
 5485 
 5486 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5487 #: sssd-ldap.5.xml:504
 5488 msgid ""
 5489 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 5490 "will abort if no response is received. Also controls the timeout when "
 5491 "communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
 5492 "operation, password change extended operation and the StartTLS operation."
 5493 msgstr ""
 5494 
 5495 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5496 #: sssd-ldap.5.xml:519
 5497 msgid "ldap_connection_expire_timeout (integer)"
 5498 msgstr ""
 5499 
 5500 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5501 #: sssd-ldap.5.xml:522
 5502 msgid ""
 5503 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 5504 "maintained. After this time, the connection will be re-established. If used "
 5505 "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
 5506 "the TGT lifetime)  will be used."
 5507 msgstr ""
 5508 
 5509 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5510 #: sssd-ldap.5.xml:530
 5511 msgid ""
 5512 "This timeout can be extended of a random value specified by "
 5513 "<emphasis>ldap_connection_expire_offset</emphasis>"
 5514 msgstr ""
 5515 
 5516 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5517 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:1565
 5518 msgid "Default: 900 (15 minutes)"
 5519 msgstr ""
 5520 
 5521 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5522 #: sssd-ldap.5.xml:541
 5523 msgid "ldap_connection_expire_offset (integer)"
 5524 msgstr ""
 5525 
 5526 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5527 #: sssd-ldap.5.xml:544
 5528 msgid ""
 5529 "Random offset between 0 and configured value is added to "
 5530 "<emphasis>ldap_connection_expire_timeout</emphasis>."
 5531 msgstr ""
 5532 
 5533 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5534 #: sssd-ldap.5.xml:555
 5535 msgid "ldap_page_size (integer)"
 5536 msgstr ""
 5537 
 5538 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5539 #: sssd-ldap.5.xml:558
 5540 msgid ""
 5541 "Specify the number of records to retrieve from LDAP in a single request. "
 5542 "Some LDAP servers enforce a maximum limit per-request."
 5543 msgstr ""
 5544 
 5545 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 5546 #: sssd-ldap.5.xml:563 include/failover.xml:84
 5547 msgid "Default: 1000"
 5548 msgstr ""
 5549 
 5550 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5551 #: sssd-ldap.5.xml:569
 5552 msgid "ldap_disable_paging (boolean)"
 5553 msgstr ""
 5554 
 5555 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5556 #: sssd-ldap.5.xml:572
 5557 msgid ""
 5558 "Disable the LDAP paging control. This option should be used if the LDAP "
 5559 "server reports that it supports the LDAP paging control in its RootDSE but "
 5560 "it is not enabled or does not behave properly."
 5561 msgstr ""
 5562 
 5563 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5564 #: sssd-ldap.5.xml:578
 5565 msgid ""
 5566 "Example: OpenLDAP servers with the paging control module installed on the "
 5567 "server but not enabled will report it in the RootDSE but be unable to use it."
 5568 msgstr ""
 5569 
 5570 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5571 #: sssd-ldap.5.xml:584
 5572 msgid ""
 5573 "Example: 389 DS has a bug where it can only support a one paging control at "
 5574 "a time on a single connection. On busy clients, this can result in some "
 5575 "requests being denied."
 5576 msgstr ""
 5577 
 5578 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5579 #: sssd-ldap.5.xml:596
 5580 msgid "ldap_disable_range_retrieval (boolean)"
 5581 msgstr ""
 5582 
 5583 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5584 #: sssd-ldap.5.xml:599
 5585 msgid "Disable Active Directory range retrieval."
 5586 msgstr ""
 5587 
 5588 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5589 #: sssd-ldap.5.xml:602
 5590 msgid ""
 5591 "Active Directory limits the number of members to be retrieved in a single "
 5592 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
 5593 "group contains more members, the reply would include an AD-specific range "
 5594 "extension. This option disables parsing of the range extension, therefore "
 5595 "large groups will appear as having no members."
 5596 msgstr ""
 5597 
 5598 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5599 #: sssd-ldap.5.xml:617
 5600 msgid "ldap_sasl_minssf (integer)"
 5601 msgstr ""
 5602 
 5603 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5604 #: sssd-ldap.5.xml:620
 5605 msgid ""
 5606 "When communicating with an LDAP server using SASL, specify the minimum "
 5607 "security level necessary to establish the connection. The values of this "
 5608 "option are defined by OpenLDAP."
 5609 msgstr ""
 5610 
 5611 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5612 #: sssd-ldap.5.xml:626 sssd-ldap.5.xml:642
 5613 msgid "Default: Use the system default (usually specified by ldap.conf)"
 5614 msgstr ""
 5615 
 5616 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5617 #: sssd-ldap.5.xml:633
 5618 msgid "ldap_sasl_maxssf (integer)"
 5619 msgstr ""
 5620 
 5621 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5622 #: sssd-ldap.5.xml:636
 5623 msgid ""
 5624 "When communicating with an LDAP server using SASL, specify the maximal "
 5625 "security level necessary to establish the connection. The values of this "
 5626 "option are defined by OpenLDAP."
 5627 msgstr ""
 5628 
 5629 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5630 #: sssd-ldap.5.xml:649
 5631 msgid "ldap_deref_threshold (integer)"
 5632 msgstr ""
 5633 
 5634 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5635 #: sssd-ldap.5.xml:652
 5636 msgid ""
 5637 "Specify the number of group members that must be missing from the internal "
 5638 "cache in order to trigger a dereference lookup. If less members are missing, "
 5639 "they are looked up individually."
 5640 msgstr ""
 5641 
 5642 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5643 #: sssd-ldap.5.xml:658
 5644 msgid ""
 5645 "You can turn off dereference lookups completely by setting the value to 0. "
 5646 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
 5647 "provider, that are only implemented using the dereference call, so even with "
 5648 "dereference explicitly disabled, those parts will still use dereference if "
 5649 "the server supports it and advertises the dereference control in the rootDSE "
 5650 "object."
 5651 msgstr ""
 5652 
 5653 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5654 #: sssd-ldap.5.xml:669
 5655 msgid ""
 5656 "A dereference lookup is a means of fetching all group members in a single "
 5657 "LDAP call.  Different LDAP servers may implement different dereference "
 5658 "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
 5659 "Directory."
 5660 msgstr ""
 5661 
 5662 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5663 #: sssd-ldap.5.xml:677
 5664 msgid ""
 5665 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 5666 "filter, then the dereference lookup performance enhancement will be disabled "
 5667 "regardless of this setting."
 5668 msgstr ""
 5669 
 5670 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5671 #: sssd-ldap.5.xml:690
 5672 msgid "ldap_tls_reqcert (string)"
 5673 msgstr ""
 5674 
 5675 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5676 #: sssd-ldap.5.xml:693
 5677 msgid ""
 5678 "Specifies what checks to perform on server certificates in a TLS session, if "
 5679 "any. It can be specified as one of the following values:"
 5680 msgstr ""
 5681 
 5682 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5683 #: sssd-ldap.5.xml:699
 5684 msgid ""
 5685 "<emphasis>never</emphasis> = The client will not request or check any server "
 5686 "certificate."
 5687 msgstr ""
 5688 
 5689 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5690 #: sssd-ldap.5.xml:703
 5691 msgid ""
 5692 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 5693 "certificate is provided, the session proceeds normally. If a bad certificate "
 5694 "is provided, it will be ignored and the session proceeds normally."
 5695 msgstr ""
 5696 
 5697 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5698 #: sssd-ldap.5.xml:710
 5699 msgid ""
 5700 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 5701 "certificate is provided, the session proceeds normally. If a bad certificate "
 5702 "is provided, the session is immediately terminated."
 5703 msgstr ""
 5704 
 5705 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5706 #: sssd-ldap.5.xml:716
 5707 msgid ""
 5708 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 5709 "certificate is provided, or a bad certificate is provided, the session is "
 5710 "immediately terminated."
 5711 msgstr ""
 5712 
 5713 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5714 #: sssd-ldap.5.xml:722
 5715 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 5716 msgstr ""
 5717 
 5718 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5719 #: sssd-ldap.5.xml:726
 5720 msgid "Default: hard"
 5721 msgstr ""
 5722 
 5723 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5724 #: sssd-ldap.5.xml:732
 5725 msgid "ldap_tls_cacert (string)"
 5726 msgstr ""
 5727 
 5728 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5729 #: sssd-ldap.5.xml:735
 5730 msgid ""
 5731 "Specifies the file that contains certificates for all of the Certificate "
 5732 "Authorities that <command>sssd</command> will recognize."
 5733 msgstr ""
 5734 
 5735 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5736 #: sssd-ldap.5.xml:740 sssd-ldap.5.xml:758 sssd-ldap.5.xml:799
 5737 msgid ""
 5738 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 5739 "conf</filename>"
 5740 msgstr ""
 5741 
 5742 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5743 #: sssd-ldap.5.xml:747
 5744 msgid "ldap_tls_cacertdir (string)"
 5745 msgstr ""
 5746 
 5747 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5748 #: sssd-ldap.5.xml:750
 5749 msgid ""
 5750 "Specifies the path of a directory that contains Certificate Authority "
 5751 "certificates in separate individual files. Typically the file names need to "
 5752 "be the hash of the certificate followed by '.0'.  If available, "
 5753 "<command>cacertdir_rehash</command> can be used to create the correct names."
 5754 msgstr ""
 5755 
 5756 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5757 #: sssd-ldap.5.xml:765
 5758 msgid "ldap_tls_cert (string)"
 5759 msgstr ""
 5760 
 5761 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5762 #: sssd-ldap.5.xml:768
 5763 msgid "Specifies the file that contains the certificate for the client's key."
 5764 msgstr ""
 5765 
 5766 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5767 #: sssd-ldap.5.xml:778
 5768 msgid "ldap_tls_key (string)"
 5769 msgstr ""
 5770 
 5771 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5772 #: sssd-ldap.5.xml:781
 5773 msgid "Specifies the file that contains the client's key."
 5774 msgstr ""
 5775 
 5776 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5777 #: sssd-ldap.5.xml:790
 5778 msgid "ldap_tls_cipher_suite (string)"
 5779 msgstr ""
 5780 
 5781 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5782 #: sssd-ldap.5.xml:793
 5783 msgid ""
 5784 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 5785 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
 5786 "<manvolnum>5</manvolnum></citerefentry> for format."
 5787 msgstr ""
 5788 
 5789 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5790 #: sssd-ldap.5.xml:806
 5791 msgid "ldap_id_use_start_tls (boolean)"
 5792 msgstr ""
 5793 
 5794 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5795 #: sssd-ldap.5.xml:809
 5796 msgid ""
 5797 "Specifies that the id_provider connection must also use <systemitem class="
 5798 "\"protocol\">tls</systemitem> to protect the channel."
 5799 msgstr ""
 5800 
 5801 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5802 #: sssd-ldap.5.xml:819
 5803 msgid "ldap_id_mapping (boolean)"
 5804 msgstr ""
 5805 
 5806 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5807 #: sssd-ldap.5.xml:822
 5808 msgid ""
 5809 "Specifies that SSSD should attempt to map user and group IDs from the "
 5810 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
 5811 "on ldap_user_uid_number and ldap_group_gid_number."
 5812 msgstr ""
 5813 
 5814 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5815 #: sssd-ldap.5.xml:828
 5816 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 5817 msgstr ""
 5818 
 5819 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5820 #: sssd-ldap.5.xml:838
 5821 msgid "ldap_min_id, ldap_max_id (integer)"
 5822 msgstr ""
 5823 
 5824 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5825 #: sssd-ldap.5.xml:841
 5826 msgid ""
 5827 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 5828 "set to true the allowed ID range for ldap_user_uid_number and "
 5829 "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
 5830 "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
 5831 "can be set to restrict the allowed range for the IDs which are read directly "
 5832 "from the server. Sub-domains can then pick other ranges to map IDs."
 5833 msgstr ""
 5834 
 5835 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5836 #: sssd-ldap.5.xml:853
 5837 msgid "Default: not set (both options are set to 0)"
 5838 msgstr ""
 5839 
 5840 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5841 #: sssd-ldap.5.xml:859
 5842 msgid "ldap_sasl_mech (string)"
 5843 msgstr ""
 5844 
 5845 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5846 #: sssd-ldap.5.xml:862
 5847 msgid ""
 5848 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 5849 "tested and supported."
 5850 msgstr ""
 5851 
 5852 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5853 #: sssd-ldap.5.xml:866
 5854 msgid ""
 5855 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 5856 "automatically inherited to the sub-domains. If a different value is needed "
 5857 "for a sub-domain it can be overwritten by setting ldap_sasl_mech for this "
 5858 "sub-domain explicitly.  Please see TRUSTED DOMAIN SECTION in "
 5859 "<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 5860 "manvolnum></citerefentry> for details."
 5861 msgstr ""
 5862 
 5863 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5864 #: sssd-ldap.5.xml:882
 5865 msgid "ldap_sasl_authid (string)"
 5866 msgstr ""
 5867 
 5868 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 5869 #: sssd-ldap.5.xml:894
 5870 #, no-wrap
 5871 msgid ""
 5872 "hostname@REALM\n"
 5873 "netbiosname$@REALM\n"
 5874 "host/hostname@REALM\n"
 5875 "*$@REALM\n"
 5876 "host/*@REALM\n"
 5877 "host/*\n"
 5878 "                            "
 5879 msgstr ""
 5880 
 5881 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5882 #: sssd-ldap.5.xml:885
 5883 msgid ""
 5884 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 5885 "this represents the Kerberos principal used for authentication to the "
 5886 "directory.  This option can either contain the full principal (for example "
 5887 "host/myhost@EXAMPLE.COM) or just the principal name (for example host/"
 5888 "myhost).  By default, the value is not set and the following principals are "
 5889 "used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are "
 5890 "found, the first principal in keytab is returned."
 5891 msgstr ""
 5892 
 5893 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5894 #: sssd-ldap.5.xml:905
 5895 msgid "Default: host/hostname@REALM"
 5896 msgstr ""
 5897 
 5898 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5899 #: sssd-ldap.5.xml:911
 5900 msgid "ldap_sasl_realm (string)"
 5901 msgstr ""
 5902 
 5903 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5904 #: sssd-ldap.5.xml:914
 5905 msgid ""
 5906 "Specify the SASL realm to use. When not specified, this option defaults to "
 5907 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
 5908 "well, this option is ignored."
 5909 msgstr ""
 5910 
 5911 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5912 #: sssd-ldap.5.xml:920
 5913 msgid "Default: the value of krb5_realm."
 5914 msgstr ""
 5915 
 5916 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5917 #: sssd-ldap.5.xml:926
 5918 msgid "ldap_sasl_canonicalize (boolean)"
 5919 msgstr ""
 5920 
 5921 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5922 #: sssd-ldap.5.xml:929
 5923 msgid ""
 5924 "If set to true, the LDAP library would perform a reverse lookup to "
 5925 "canonicalize the host name during a SASL bind."
 5926 msgstr ""
 5927 
 5928 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5929 #: sssd-ldap.5.xml:934
 5930 msgid "Default: false;"
 5931 msgstr ""
 5932 
 5933 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5934 #: sssd-ldap.5.xml:940
 5935 msgid "ldap_krb5_keytab (string)"
 5936 msgstr ""
 5937 
 5938 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5939 #: sssd-ldap.5.xml:943
 5940 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 5941 msgstr ""
 5942 
 5943 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5944 #: sssd-ldap.5.xml:947
 5945 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 5946 msgstr ""
 5947 
 5948 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5949 #: sssd-ldap.5.xml:953
 5950 msgid "ldap_krb5_init_creds (boolean)"
 5951 msgstr ""
 5952 
 5953 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5954 #: sssd-ldap.5.xml:956
 5955 msgid ""
 5956 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 5957 "action is performed only if SASL is used and the mechanism selected is "
 5958 "GSSAPI or GSS-SPNEGO."
 5959 msgstr ""
 5960 
 5961 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5962 #: sssd-ldap.5.xml:968
 5963 msgid "ldap_krb5_ticket_lifetime (integer)"
 5964 msgstr ""
 5965 
 5966 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5967 #: sssd-ldap.5.xml:971
 5968 msgid ""
 5969 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 5970 msgstr ""
 5971 
 5972 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5973 #: sssd-ldap.5.xml:975 sssd-ad.5.xml:1229
 5974 msgid "Default: 86400 (24 hours)"
 5975 msgstr ""
 5976 
 5977 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5978 #: sssd-ldap.5.xml:981 sssd-krb5.5.xml:74
 5979 msgid "krb5_server, krb5_backup_server (string)"
 5980 msgstr ""
 5981 
 5982 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5983 #: sssd-ldap.5.xml:984
 5984 msgid ""
 5985 "Specifies the comma-separated list of IP addresses or hostnames of the "
 5986 "Kerberos servers to which SSSD should connect in the order of preference. "
 5987 "For more information on failover and server redundancy, see the "
 5988 "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 5989 "colon) may be appended to the addresses or hostnames.  If empty, service "
 5990 "discovery is enabled - for more information, refer to the <quote>SERVICE "
 5991 "DISCOVERY</quote> section."
 5992 msgstr ""
 5993 
 5994 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5995 #: sssd-ldap.5.xml:996 sssd-krb5.5.xml:89
 5996 msgid ""
 5997 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 5998 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 5999 "none are found."
 6000 msgstr ""
 6001 
 6002 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6003 #: sssd-ldap.5.xml:1001 sssd-krb5.5.xml:94
 6004 msgid ""
 6005 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 6006 "While the legacy name is recognized for the time being, users are advised to "
 6007 "migrate their config files to use <quote>krb5_server</quote> instead."
 6008 msgstr ""
 6009 
 6010 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6011 #: sssd-ldap.5.xml:1010 sssd-ipa.5.xml:458 sssd-krb5.5.xml:103
 6012 msgid "krb5_realm (string)"
 6013 msgstr ""
 6014 
 6015 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6016 #: sssd-ldap.5.xml:1013
 6017 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 6018 msgstr ""
 6019 
 6020 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6021 #: sssd-ldap.5.xml:1017
 6022 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 6023 msgstr ""
 6024 
 6025 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6026 #: sssd-ldap.5.xml:1023 sssd-krb5.5.xml:462
 6027 msgid "krb5_canonicalize (boolean)"
 6028 msgstr ""
 6029 
 6030 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6031 #: sssd-ldap.5.xml:1026
 6032 msgid ""
 6033 "Specifies if the host principal should be canonicalized when connecting to "
 6034 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 6035 msgstr ""
 6036 
 6037 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6038 #: sssd-ldap.5.xml:1038 sssd-krb5.5.xml:477
 6039 msgid "krb5_use_kdcinfo (boolean)"
 6040 msgstr ""
 6041 
 6042 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6043 #: sssd-ldap.5.xml:1041 sssd-krb5.5.xml:480
 6044 msgid ""
 6045 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 6046 "which KDCs to use. This option is on by default, if you disable it, you need "
 6047 "to configure the Kerberos library using the <citerefentry> "
 6048 "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 6049 "citerefentry> configuration file."
 6050 msgstr ""
 6051 
 6052 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6053 #: sssd-ldap.5.xml:1052 sssd-krb5.5.xml:491
 6054 msgid ""
 6055 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 6056 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
 6057 "information on the locator plugin."
 6058 msgstr ""
 6059 
 6060 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6061 #: sssd-ldap.5.xml:1066
 6062 msgid "ldap_pwd_policy (string)"
 6063 msgstr ""
 6064 
 6065 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6066 #: sssd-ldap.5.xml:1069
 6067 msgid ""
 6068 "Select the policy to evaluate the password expiration on the client side. "
 6069 "The following values are allowed:"
 6070 msgstr ""
 6071 
 6072 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6073 #: sssd-ldap.5.xml:1074
 6074 msgid ""
 6075 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 6076 "cannot disable server-side password policies."
 6077 msgstr ""
 6078 
 6079 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6080 #: sssd-ldap.5.xml:1079
 6081 msgid ""
 6082 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 6083 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 6084 "evaluate if the password has expired."
 6085 msgstr ""
 6086 
 6087 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6088 #: sssd-ldap.5.xml:1085
 6089 msgid ""
 6090 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 6091 "to determine if the password has expired. Use chpass_provider=krb5 to update "
 6092 "these attributes when the password is changed."
 6093 msgstr ""
 6094 
 6095 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6096 #: sssd-ldap.5.xml:1094
 6097 msgid ""
 6098 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 6099 "side, it always takes precedence over policy set with this option."
 6100 msgstr ""
 6101 
 6102 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6103 #: sssd-ldap.5.xml:1102
 6104 msgid "ldap_referrals (boolean)"
 6105 msgstr ""
 6106 
 6107 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6108 #: sssd-ldap.5.xml:1105
 6109 msgid "Specifies whether automatic referral chasing should be enabled."
 6110 msgstr ""
 6111 
 6112 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6113 #: sssd-ldap.5.xml:1109
 6114 msgid ""
 6115 "Please note that sssd only supports referral chasing when it is compiled "
 6116 "with OpenLDAP version 2.4.13 or higher."
 6117 msgstr ""
 6118 
 6119 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6120 #: sssd-ldap.5.xml:1114
 6121 msgid ""
 6122 "Chasing referrals may incur a performance penalty in environments that use "
 6123 "them heavily, a notable example is Microsoft Active Directory. If your setup "
 6124 "does not in fact require the use of referrals, setting this option to false "
 6125 "might bring a noticeable performance improvement.  Setting this option to "
 6126 "false is therefore recommended in case the SSSD LDAP provider is used "
 6127 "together with Microsoft Active Directory as a backend. Even if SSSD would be "
 6128 "able to follow the referral to a different AD DC no additional data would be "
 6129 "available."
 6130 msgstr ""
 6131 
 6132 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6133 #: sssd-ldap.5.xml:1133
 6134 msgid "ldap_dns_service_name (string)"
 6135 msgstr ""
 6136 
 6137 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6138 #: sssd-ldap.5.xml:1136
 6139 msgid "Specifies the service name to use when service discovery is enabled."
 6140 msgstr ""
 6141 
 6142 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6143 #: sssd-ldap.5.xml:1140
 6144 msgid "Default: ldap"
 6145 msgstr ""
 6146 
 6147 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6148 #: sssd-ldap.5.xml:1146
 6149 msgid "ldap_chpass_dns_service_name (string)"
 6150 msgstr ""
 6151 
 6152 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6153 #: sssd-ldap.5.xml:1149
 6154 msgid ""
 6155 "Specifies the service name to use to find an LDAP server which allows "
 6156 "password changes when service discovery is enabled."
 6157 msgstr ""
 6158 
 6159 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6160 #: sssd-ldap.5.xml:1154
 6161 msgid "Default: not set, i.e. service discovery is disabled"
 6162 msgstr ""
 6163 
 6164 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6165 #: sssd-ldap.5.xml:1160
 6166 msgid "ldap_chpass_update_last_change (bool)"
 6167 msgstr ""
 6168 
 6169 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6170 #: sssd-ldap.5.xml:1163
 6171 msgid ""
 6172 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 6173 "days since the Epoch after a password change operation."
 6174 msgstr ""
 6175 
 6176 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6177 #: sssd-ldap.5.xml:1175
 6178 msgid "ldap_access_filter (string)"
 6179 msgstr ""
 6180 
 6181 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6182 #: sssd-ldap.5.xml:1178
 6183 msgid ""
 6184 "If using access_provider = ldap and ldap_access_order = filter (default), "
 6185 "this option is mandatory. It specifies an LDAP search filter criteria that "
 6186 "must be met for the user to be granted access on this host. If "
 6187 "access_provider = ldap, ldap_access_order = filter and this option is not "
 6188 "set, it will result in all users being denied access.  Use access_provider = "
 6189 "permit to change this default behavior. Please note that this filter is "
 6190 "applied on the LDAP user entry only and thus filtering based on nested "
 6191 "groups may not work (e.g. memberOf attribute on AD entries points only to "
 6192 "direct parents). If filtering based on nested groups is required, please see "
 6193 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
 6194 "manvolnum> </citerefentry>."
 6195 msgstr ""
 6196 
 6197 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6198 #: sssd-ldap.5.xml:1198
 6199 msgid "Example:"
 6200 msgstr ""
 6201 
 6202 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 6203 #: sssd-ldap.5.xml:1201
 6204 #, no-wrap
 6205 msgid ""
 6206 "access_provider = ldap\n"
 6207 "ldap_access_filter = (employeeType=admin)\n"
 6208 "                        "
 6209 msgstr ""
 6210 
 6211 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6212 #: sssd-ldap.5.xml:1205
 6213 msgid ""
 6214 "This example means that access to this host is restricted to users whose "
 6215 "employeeType attribute is set to \"admin\"."
 6216 msgstr ""
 6217 
 6218 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6219 #: sssd-ldap.5.xml:1210
 6220 msgid ""
 6221 "Offline caching for this feature is limited to determining whether the "
 6222 "user's last online login was granted access permission. If they were granted "
 6223 "access during their last login, they will continue to be granted access "
 6224 "while offline and vice versa."
 6225 msgstr ""
 6226 
 6227 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6228 #: sssd-ldap.5.xml:1218 sssd-ldap.5.xml:1275
 6229 msgid "Default: Empty"
 6230 msgstr ""
 6231 
 6232 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6233 #: sssd-ldap.5.xml:1224
 6234 msgid "ldap_account_expire_policy (string)"
 6235 msgstr ""
 6236 
 6237 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6238 #: sssd-ldap.5.xml:1227
 6239 msgid ""
 6240 "With this option a client side evaluation of access control attributes can "
 6241 "be enabled."
 6242 msgstr ""
 6243 
 6244 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6245 #: sssd-ldap.5.xml:1231
 6246 msgid ""
 6247 "Please note that it is always recommended to use server side access control, "
 6248 "i.e. the LDAP server should deny the bind request with a suitable error code "
 6249 "even if the password is correct."
 6250 msgstr ""
 6251 
 6252 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6253 #: sssd-ldap.5.xml:1238
 6254 msgid "The following values are allowed:"
 6255 msgstr ""
 6256 
 6257 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6258 #: sssd-ldap.5.xml:1241
 6259 msgid ""
 6260 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 6261 "determine if the account is expired."
 6262 msgstr ""
 6263 
 6264 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6265 #: sssd-ldap.5.xml:1246
 6266 msgid ""
 6267 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 6268 "ldap_user_ad_user_account_control and allow access if the second bit is not "
 6269 "set. If the attribute is missing access is granted. Also the expiration time "
 6270 "of the account is checked."
 6271 msgstr ""
 6272 
 6273 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6274 #: sssd-ldap.5.xml:1253
 6275 msgid ""
 6276 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 6277 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 6278 "allowed or not."
 6279 msgstr ""
 6280 
 6281 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6282 #: sssd-ldap.5.xml:1259
 6283 msgid ""
 6284 "<emphasis>nds</emphasis>: the values of "
 6285 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 6286 "ldap_user_nds_login_expiration_time are used to check if access is allowed. "
 6287 "If both attributes are missing access is granted."
 6288 msgstr ""
 6289 
 6290 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6291 #: sssd-ldap.5.xml:1268
 6292 msgid ""
 6293 "Please note that the ldap_access_order configuration option <emphasis>must</"
 6294 "emphasis> include <quote>expire</quote> in order for the "
 6295 "ldap_account_expire_policy option to work."
 6296 msgstr ""
 6297 
 6298 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6299 #: sssd-ldap.5.xml:1281
 6300 msgid "ldap_access_order (string)"
 6301 msgstr ""
 6302 
 6303 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6304 #: sssd-ldap.5.xml:1284
 6305 msgid "Comma separated list of access control options.  Allowed values are:"
 6306 msgstr ""
 6307 
 6308 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6309 #: sssd-ldap.5.xml:1288
 6310 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 6311 msgstr ""
 6312 
 6313 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6314 #: sssd-ldap.5.xml:1291
 6315 msgid ""
 6316 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 6317 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6318 "and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn.  "
 6319 "Please note that 'access_provider = ldap' must be set for this feature to "
 6320 "work."
 6321 msgstr ""
 6322 
 6323 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6324 #: sssd-ldap.5.xml:1301
 6325 msgid ""
 6326 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 6327 "quote> option and might be removed in a future release.  </emphasis>"
 6328 msgstr ""
 6329 
 6330 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6331 #: sssd-ldap.5.xml:1308
 6332 msgid ""
 6333 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 6334 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6335 "and has value of '000001010000Z' or represents any time in the past.  The "
 6336 "value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
 6337 "denotes the UTC time zone.  Other time zones are not currently supported and "
 6338 "will result in \"access-denied\" when users attempt to log in.  Please see "
 6339 "the option ldap_pwdlockout_dn.  Please note that 'access_provider = ldap' "
 6340 "must be set for this feature to work."
 6341 msgstr ""
 6342 
 6343 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6344 #: sssd-ldap.5.xml:1325
 6345 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 6346 msgstr ""
 6347 
 6348 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6349 #: sssd-ldap.5.xml:1329
 6350 msgid ""
 6351 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 6352 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
 6353 "interested in being warned that password is about to expire and "
 6354 "authentication is based on using a different method than passwords - for "
 6355 "example SSH keys."
 6356 msgstr ""
 6357 
 6358 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6359 #: sssd-ldap.5.xml:1339
 6360 msgid ""
 6361 "The difference between these options is the action taken if user password is "
 6362 "expired: pwd_expire_policy_reject - user is denied to log in, "
 6363 "pwd_expire_policy_warn - user is still able to log in, "
 6364 "pwd_expire_policy_renew - user is prompted to change his password "
 6365 "immediately."
 6366 msgstr ""
 6367 
 6368 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6369 #: sssd-ldap.5.xml:1347
 6370 msgid ""
 6371 "Note If user password is expired no explicit message is prompted by SSSD."
 6372 msgstr ""
 6373 
 6374 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6375 #: sssd-ldap.5.xml:1351
 6376 msgid ""
 6377 "Please note that 'access_provider = ldap' must be set for this feature to "
 6378 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 6379 msgstr ""
 6380 
 6381 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6382 #: sssd-ldap.5.xml:1356
 6383 msgid ""
 6384 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 6385 "to determine access"
 6386 msgstr ""
 6387 
 6388 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6389 #: sssd-ldap.5.xml:1361
 6390 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 6391 msgstr ""
 6392 
 6393 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6394 #: sssd-ldap.5.xml:1365
 6395 msgid ""
 6396 "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
 6397 "remote host can access"
 6398 msgstr ""
 6399 
 6400 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6401 #: sssd-ldap.5.xml:1369
 6402 msgid ""
 6403 "Please note, rhost field in pam is set by application, it is better to check "
 6404 "what the application sends to pam, before enabling this access control option"
 6405 msgstr ""
 6406 
 6407 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6408 #: sssd-ldap.5.xml:1374
 6409 msgid "Default: filter"
 6410 msgstr ""
 6411 
 6412 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6413 #: sssd-ldap.5.xml:1377
 6414 msgid ""
 6415 "Please note that it is a configuration error if a value is used more than "
 6416 "once."
 6417 msgstr ""
 6418 
 6419 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6420 #: sssd-ldap.5.xml:1384
 6421 msgid "ldap_pwdlockout_dn (string)"
 6422 msgstr ""
 6423 
 6424 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6425 #: sssd-ldap.5.xml:1387
 6426 msgid ""
 6427 "This option specifies the DN of password policy entry on LDAP server. Please "
 6428 "note that absence of this option in sssd.conf in case of enabled account "
 6429 "lockout checking will yield access denied as ppolicy attributes on LDAP "
 6430 "server cannot be checked properly."
 6431 msgstr ""
 6432 
 6433 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6434 #: sssd-ldap.5.xml:1395
 6435 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
 6436 msgstr ""
 6437 
 6438 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6439 #: sssd-ldap.5.xml:1398
 6440 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
 6441 msgstr ""
 6442 
 6443 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6444 #: sssd-ldap.5.xml:1404
 6445 msgid "ldap_deref (string)"
 6446 msgstr ""
 6447 
 6448 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6449 #: sssd-ldap.5.xml:1407
 6450 msgid ""
 6451 "Specifies how alias dereferencing is done when performing a search. The "
 6452 "following options are allowed:"