"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.4.2/src/man/po/nl.po" (19 Feb 2021, 714431 Bytes) of package /linux/misc/sssd-2.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PO translation source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # SOME DESCRIPTIVE TITLE
    2 # Copyright (C) YEAR Red Hat
    3 # This file is distributed under the same license as the sssd-docs package.
    4 #
    5 # Translators:
    6 # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
    7 msgid ""
    8 msgstr ""
    9 "Project-Id-Version: sssd-docs 2.3.0\n"
   10 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
   11 "POT-Creation-Date: 2021-02-19 16:49+0100\n"
   12 "PO-Revision-Date: 2014-12-15 12:02-0500\n"
   13 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
   14 "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
   15 "nl/)\n"
   16 "Language: nl\n"
   17 "MIME-Version: 1.0\n"
   18 "Content-Type: text/plain; charset=UTF-8\n"
   19 "Content-Transfer-Encoding: 8bit\n"
   20 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
   21 "X-Generator: Zanata 4.6.2\n"
   22 
   23 #. type: Content of: <reference><title>
   24 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
   25 #: pam_sss_gss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5
   26 #: sss-certmap.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5
   27 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
   28 #: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
   29 #: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
   30 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
   31 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
   32 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
   33 #: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
   34 #: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5
   35 msgid "SSSD Manual pages"
   36 msgstr "SSSD handleiding"
   37 
   38 #. type: Content of: <reference><refentry><refnamediv><refname>
   39 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
   40 msgid "sss_groupmod"
   41 msgstr "sss_groupmod"
   42 
   43 #. type: Content of: <reference><refentry><refmeta><manvolnum>
   44 #: sss_groupmod.8.xml:11 pam_sss.8.xml:12 pam_sss_gss.8.xml:12
   45 #: sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11
   46 #: sss_override.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11
   47 #: sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11
   48 #: sss_usermod.8.xml:11 sss_cache.8.xml:11 sss_debuglevel.8.xml:11
   49 #: sss_seed.8.xml:11 idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
   50 msgid "8"
   51 msgstr "8"
   52 
   53 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
   54 #: sss_groupmod.8.xml:16
   55 msgid "modify a group"
   56 msgstr "muteer een groep"
   57 
   58 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
   59 #: sss_groupmod.8.xml:21
   60 msgid ""
   61 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
   62 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
   63 "arg>"
   64 msgstr ""
   65 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</"
   66 "replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></"
   67 "arg>"
   68 
   69 #. type: Content of: <reference><refentry><refsect1><title>
   70 #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:63
   71 #: pam_sss_gss.8.xml:30 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22
   72 #: sss-certmap.5.xml:21 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21
   73 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30
   74 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
   75 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
   76 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
   77 #: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
   78 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
   79 #: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
   80 #: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21
   81 msgid "DESCRIPTION"
   82 msgstr "OMSCHRIJVING"
   83 
   84 #. type: Content of: <reference><refentry><refsect1><para>
   85 #: sss_groupmod.8.xml:32
   86 msgid ""
   87 "<command>sss_groupmod</command> modifies the group to reflect the changes "
   88 "that are specified on the command line."
   89 msgstr ""
   90 "<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
   91 "die via de opdrachtregel ingegeven zijn."
   92 
   93 #. type: Content of: <reference><refentry><refsect1><title>
   94 #: sss_groupmod.8.xml:39 pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42
   95 #: sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39
   96 #: sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39
   97 #: sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42
   98 #: sss_ssh_authorizedkeys.1.xml:123 sss_ssh_knownhostsproxy.1.xml:62
   99 msgid "OPTIONS"
  100 msgstr "OPTIES"
  101 
  102 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  103 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
  104 msgid ""
  105 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
  106 "replaceable>"
  107 msgstr ""
  108 "<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
  109 "replaceable>"
  110 
  111 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  112 #: sss_groupmod.8.xml:48
  113 msgid ""
  114 "Append this group to groups specified by the <replaceable>GROUPS</"
  115 "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
  116 "a comma separated list of group names."
  117 msgstr ""
  118 "Voeg deze groep toe aan de groepen opgegeven met de  <replaceable>GROEPEN</"
  119 "replaceable> parameter.  De <replaceable>GROEPEN</replaceable> parameter is "
  120 "een kommagescheiden lijst van groepnamen."
  121 
  122 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  123 #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
  124 msgid ""
  125 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
  126 "replaceable>"
  127 msgstr ""
  128 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
  129 "replaceable>"
  130 
  131 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  132 #: sss_groupmod.8.xml:62
  133 msgid ""
  134 "Remove this group from groups specified by the <replaceable>GROUPS</"
  135 "replaceable> parameter."
  136 msgstr ""
  137 "Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</"
  138 "replaceable> parameter."
  139 
  140 #. type: Content of: <reference><refentry><refnamediv><refname>
  141 #: sssd.conf.5.xml:10 sssd.conf.5.xml:16
  142 msgid "sssd.conf"
  143 msgstr "sssd.conf"
  144 
  145 #. type: Content of: <reference><refentry><refmeta><manvolnum>
  146 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
  147 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
  148 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
  149 #: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
  150 #: sssd-systemtap.5.xml:11 sssd-ldap-attributes.5.xml:11
  151 msgid "5"
  152 msgstr "5"
  153 
  154 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
  155 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
  156 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
  157 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
  158 #: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
  159 #: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12
  160 msgid "File Formats and Conventions"
  161 msgstr "Bestandsformaten en conventies"
  162 
  163 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
  164 #: sssd.conf.5.xml:17
  165 msgid "the configuration file for SSSD"
  166 msgstr "het configuratiebestand voor SSSD"
  167 
  168 #. type: Content of: <reference><refentry><refsect1><title>
  169 #: sssd.conf.5.xml:21
  170 msgid "FILE FORMAT"
  171 msgstr "BESTANDSFORMAAT"
  172 
  173 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
  174 #: sssd.conf.5.xml:29
  175 #, no-wrap
  176 msgid ""
  177 "<replaceable>[section]</replaceable>\n"
  178 "<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
  179 "<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
  180 "            "
  181 msgstr ""
  182 
  183 #. type: Content of: <reference><refentry><refsect1><para>
  184 #: sssd.conf.5.xml:24
  185 msgid ""
  186 "The file has an ini-style syntax and consists of sections and parameters. A "
  187 "section begins with the name of the section in square brackets and continues "
  188 "until the next section begins. An example of section with single and multi-"
  189 "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
  190 msgstr ""
  191 "Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
  192 "parameters. Een sectie begint met de naam van de sectie in rechte haken en "
  193 "gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
  194 "met een enkele en een meervoudige parameter: <placeholder type="
  195 "\"programlisting\" id=\"0\"/>"
  196 
  197 #. type: Content of: <reference><refentry><refsect1><para>
  198 #: sssd.conf.5.xml:36
  199 msgid ""
  200 "The data types used are string (no quotes needed), integer and bool (with "
  201 "values of <quote>TRUE/FALSE</quote>)."
  202 msgstr ""
  203 "De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
  204 "booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
  205 
  206 #. type: Content of: <reference><refentry><refsect1><para>
  207 #: sssd.conf.5.xml:41
  208 msgid ""
  209 "A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
  210 "(<quote>;</quote>).  Inline comments are not supported."
  211 msgstr ""
  212 
  213 #. type: Content of: <reference><refentry><refsect1><para>
  214 #: sssd.conf.5.xml:47
  215 msgid ""
  216 "All sections can have an optional <replaceable>description</replaceable> "
  217 "parameter. Its function is only as a label for the section."
  218 msgstr ""
  219 "Alle secties kunnen een optionele <replaceable>description</replaceable> "
  220 "parameter bevatten. Dit fungeert slechts als label voor de sectie."
  221 
  222 #. type: Content of: <reference><refentry><refsect1><para>
  223 #: sssd.conf.5.xml:53
  224 msgid ""
  225 "<filename>sssd.conf</filename> must be a regular file, owned by root and "
  226 "only root may read from or write to the file."
  227 msgstr ""
  228 "<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
  229 "moet root zijn en alleen root mag hem lezen en schrijven."
  230 
  231 #. type: Content of: <reference><refentry><refsect1><title>
  232 #: sssd.conf.5.xml:59
  233 msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
  234 msgstr ""
  235 
  236 #. type: Content of: <reference><refentry><refsect1><para>
  237 #: sssd.conf.5.xml:62
  238 msgid ""
  239 "The configuration file <filename>sssd.conf</filename> will include "
  240 "configuration snippets using the include directory <filename>conf.d</"
  241 "filename>. This feature is available if SSSD was compiled with libini "
  242 "version 1.3.0 or later."
  243 msgstr ""
  244 
  245 #. type: Content of: <reference><refentry><refsect1><para>
  246 #: sssd.conf.5.xml:69
  247 msgid ""
  248 "Any file placed in <filename>conf.d</filename> that ends in "
  249 "<quote><filename>.conf</filename></quote> and does not begin with a dot "
  250 "(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
  251 "to configure SSSD."
  252 msgstr ""
  253 
  254 #. type: Content of: <reference><refentry><refsect1><para>
  255 #: sssd.conf.5.xml:77
  256 msgid ""
  257 "The configuration snippets from <filename>conf.d</filename> have higher "
  258 "priority than <filename>sssd.conf</filename> and will override "
  259 "<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
  260 "present in <filename>conf.d</filename>, then they are included in "
  261 "alphabetical order (based on locale).  Files included later have higher "
  262 "priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
  263 "<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
  264 "(higher number means higher priority)."
  265 msgstr ""
  266 
  267 #. type: Content of: <reference><refentry><refsect1><para>
  268 #: sssd.conf.5.xml:91
  269 msgid ""
  270 "The snippet files require the same owner and permissions as <filename>sssd."
  271 "conf</filename>. Which are by default root:root and 0600."
  272 msgstr ""
  273 
  274 #. type: Content of: <reference><refentry><refsect1><title>
  275 #: sssd.conf.5.xml:98
  276 msgid "GENERAL OPTIONS"
  277 msgstr ""
  278 
  279 #. type: Content of: <reference><refentry><refsect1><para>
  280 #: sssd.conf.5.xml:100
  281 msgid "Following options are usable in more than one configuration sections."
  282 msgstr ""
  283 
  284 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  285 #: sssd.conf.5.xml:104
  286 msgid "Options usable in all sections"
  287 msgstr ""
  288 
  289 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  290 #: sssd.conf.5.xml:108
  291 msgid "debug_level (integer)"
  292 msgstr "debug_level (numeriek)"
  293 
  294 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  295 #: sssd.conf.5.xml:112
  296 msgid "debug (integer)"
  297 msgstr ""
  298 
  299 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  300 #: sssd.conf.5.xml:115
  301 msgid ""
  302 "SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
  303 "for <replaceable>debug_level</replaceable> as a convenience feature. If both "
  304 "are specified, the value of <replaceable>debug_level</replaceable> will be "
  305 "used."
  306 msgstr ""
  307 
  308 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  309 #: sssd.conf.5.xml:125
  310 msgid "debug_timestamps (bool)"
  311 msgstr "debug_timestamps (bool)"
  312 
  313 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  314 #: sssd.conf.5.xml:128
  315 msgid ""
  316 "Add a timestamp to the debug messages.  If journald is enabled for SSSD "
  317 "debug logging this option is ignored."
  318 msgstr ""
  319 
  320 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  321 #: sssd.conf.5.xml:133 sssd.conf.5.xml:331 sssd.conf.5.xml:612
  322 #: sssd.conf.5.xml:941 sssd.conf.5.xml:1936 sssd.conf.5.xml:1966
  323 #: sssd-ldap.5.xml:962 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1127
  324 #: sssd-ldap.5.xml:1579 sssd-ldap.5.xml:1644 sssd-ipa.5.xml:341
  325 #: sssd-ad.5.xml:229 sssd-ad.5.xml:343 sssd-ad.5.xml:1177 sssd-ad.5.xml:1325
  326 #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
  327 msgid "Default: true"
  328 msgstr "Standaard: true"
  329 
  330 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  331 #: sssd.conf.5.xml:138
  332 msgid "debug_microseconds (bool)"
  333 msgstr ""
  334 
  335 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  336 #: sssd.conf.5.xml:141
  337 msgid ""
  338 "Add microseconds to the timestamp in debug messages.  If journald is enabled "
  339 "for SSSD debug logging this option is ignored."
  340 msgstr ""
  341 
  342 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  343 #: sssd.conf.5.xml:146 sssd.conf.5.xml:609 sssd.conf.5.xml:823
  344 #: sssd.conf.5.xml:1869 sssd.conf.5.xml:3686 sssd-ldap.5.xml:312
  345 #: sssd-ldap.5.xml:813 sssd-ldap.5.xml:832 sssd-ldap.5.xml:1032
  346 #: sssd-ldap.5.xml:1463 sssd-ldap.5.xml:1668 sssd-ipa.5.xml:151
  347 #: sssd-ipa.5.xml:253 sssd-ipa.5.xml:589 sssd-ad.5.xml:1083 sssd-krb5.5.xml:266
  348 #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 sssd-krb5.5.xml:573
  349 msgid "Default: false"
  350 msgstr ""
  351 
  352 #. type: Content of: outside any tag (error?)
  353 #: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1520
  354 #: sssd-ldap.5.xml:1691 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
  355 #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
  356 #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
  357 #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
  358 #: sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028
  359 #: sssd-ldap-attributes.5.xml:1186 sssd-ldap-attributes.5.xml:1231
  360 #: include/autofs_attributes.xml:1
  361 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
  362 msgstr ""
  363 
  364 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  365 #: sssd.conf.5.xml:155
  366 msgid "Options usable in SERVICE and DOMAIN sections"
  367 msgstr ""
  368 
  369 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  370 #: sssd.conf.5.xml:159
  371 msgid "timeout (integer)"
  372 msgstr ""
  373 
  374 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  375 #: sssd.conf.5.xml:162
  376 msgid ""
  377 "Timeout in seconds between heartbeats for this service. This is used to "
  378 "ensure that the process is alive and capable of answering requests. Note "
  379 "that after three missed heartbeats the process will terminate itself."
  380 msgstr ""
  381 
  382 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  383 #: sssd.conf.5.xml:169 sssd.conf.5.xml:1161 sssd.conf.5.xml:1550
  384 #: sssd.conf.5.xml:3702 sssd-ldap.5.xml:684 include/ldap_id_mapping.xml:264
  385 msgid "Default: 10"
  386 msgstr ""
  387 
  388 #. type: Content of: <reference><refentry><refsect1><title>
  389 #: sssd.conf.5.xml:179
  390 msgid "SPECIAL SECTIONS"
  391 msgstr "SPECIALE SECTIES"
  392 
  393 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  394 #: sssd.conf.5.xml:182
  395 msgid "The [sssd] section"
  396 msgstr "De [sssd] sectie"
  397 
  398 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
  399 #: sssd.conf.5.xml:191 sssd.conf.5.xml:3791
  400 msgid "Section parameters"
  401 msgstr "Sectie parameters"
  402 
  403 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  404 #: sssd.conf.5.xml:193
  405 msgid "config_file_version (integer)"
  406 msgstr "config_file_version (numeriek)"
  407 
  408 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  409 #: sssd.conf.5.xml:196
  410 msgid ""
  411 "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
  412 "version 2."
  413 msgstr ""
  414 "Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
  415 "gebruiken versie 2."
  416 
  417 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  418 #: sssd.conf.5.xml:202
  419 msgid "services"
  420 msgstr "diensten"
  421 
  422 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  423 #: sssd.conf.5.xml:205
  424 msgid ""
  425 "Comma separated list of services that are started when sssd itself starts.  "
  426 "<phrase condition=\"have_systemd\"> The services' list is optional on "
  427 "platforms where systemd is supported, as they will either be socket or D-Bus "
  428 "activated when needed.  </phrase>"
  429 msgstr ""
  430 
  431 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  432 #: sssd.conf.5.xml:214
  433 msgid ""
  434 "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
  435 "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
  436 "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
  437 "phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
  438 msgstr ""
  439 
  440 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  441 #: sssd.conf.5.xml:222
  442 msgid ""
  443 "<phrase condition=\"have_systemd\"> By default, all services are disabled "
  444 "and the administrator must enable the ones allowed to be used by executing: "
  445 "\"systemctl enable sssd-@service@.socket\".  </phrase>"
  446 msgstr ""
  447 
  448 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  449 #: sssd.conf.5.xml:231 sssd.conf.5.xml:683
  450 msgid "reconnection_retries (integer)"
  451 msgstr "reconnection_retries (numeriek)"
  452 
  453 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  454 #: sssd.conf.5.xml:234 sssd.conf.5.xml:686
  455 msgid ""
  456 "Number of times services should attempt to reconnect in the event of a Data "
  457 "Provider crash or restart before they give up"
  458 msgstr ""
  459 "Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
  460 "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
  461 
  462 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  463 #: sssd.conf.5.xml:239 sssd.conf.5.xml:691 include/failover.xml:100
  464 msgid "Default: 3"
  465 msgstr "Standaard: 3"
  466 
  467 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  468 #: sssd.conf.5.xml:244
  469 msgid "domains"
  470 msgstr "domeinen"
  471 
  472 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  473 #: sssd.conf.5.xml:247
  474 msgid ""
  475 "A domain is a database containing user information. SSSD can use more "
  476 "domains at the same time, but at least one must be configured or SSSD won't "
  477 "start.  This parameter describes the list of domains in the order you want "
  478 "them to be queried.  A domain name is recommended to contain only "
  479 "alphanumeric ASCII characters, dashes, dots and underscores. '/' character "
  480 "is forbidden."
  481 msgstr ""
  482 
  483 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  484 #: sssd.conf.5.xml:260 sssd.conf.5.xml:3203
  485 msgid "re_expression (string)"
  486 msgstr "re_expression (tekst)"
  487 
  488 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  489 #: sssd.conf.5.xml:263
  490 msgid ""
  491 "Default regular expression that describes how to parse the string containing "
  492 "user name and domain into these components."
  493 msgstr ""
  494 
  495 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  496 #: sssd.conf.5.xml:268
  497 msgid ""
  498 "Each domain can have an individual regular expression configured. For some "
  499 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
  500 "for more info on these regular expressions."
  501 msgstr ""
  502 
  503 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  504 #: sssd.conf.5.xml:277 sssd.conf.5.xml:3251
  505 msgid "full_name_format (string)"
  506 msgstr "full_name_format (tekst)"
  507 
  508 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  509 #: sssd.conf.5.xml:280 sssd.conf.5.xml:3254
  510 msgid ""
  511 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
  512 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
  513 "fully qualified name from user name and domain name components."
  514 msgstr ""
  515 
  516 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  517 #: sssd.conf.5.xml:291 sssd.conf.5.xml:3265
  518 msgid "%1$s"
  519 msgstr ""
  520 
  521 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  522 #: sssd.conf.5.xml:292 sssd.conf.5.xml:3266
  523 msgid "user name"
  524 msgstr ""
  525 
  526 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  527 #: sssd.conf.5.xml:295 sssd.conf.5.xml:3269
  528 msgid "%2$s"
  529 msgstr ""
  530 
  531 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  532 #: sssd.conf.5.xml:298 sssd.conf.5.xml:3272
  533 msgid "domain name as specified in the SSSD config file."
  534 msgstr ""
  535 
  536 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  537 #: sssd.conf.5.xml:304 sssd.conf.5.xml:3278
  538 msgid "%3$s"
  539 msgstr ""
  540 
  541 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  542 #: sssd.conf.5.xml:307 sssd.conf.5.xml:3281
  543 msgid ""
  544 "domain flat name. Mostly usable for Active Directory domains, both directly "
  545 "configured or discovered via IPA trusts."
  546 msgstr ""
  547 
  548 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  549 #: sssd.conf.5.xml:288 sssd.conf.5.xml:3262
  550 msgid ""
  551 "The following expansions are supported: <placeholder type=\"variablelist\" "
  552 "id=\"0\"/>"
  553 msgstr ""
  554 
  555 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  556 #: sssd.conf.5.xml:317
  557 msgid ""
  558 "Each domain can have an individual format string configured.  See DOMAIN "
  559 "SECTIONS for more info on this option."
  560 msgstr ""
  561 
  562 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  563 #: sssd.conf.5.xml:323
  564 msgid "monitor_resolv_conf (boolean)"
  565 msgstr ""
  566 
  567 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  568 #: sssd.conf.5.xml:326
  569 msgid ""
  570 "Controls if SSSD should monitor the state of resolv.conf to identify when it "
  571 "needs to update its internal DNS resolver."
  572 msgstr ""
  573 
  574 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  575 #: sssd.conf.5.xml:336
  576 msgid "try_inotify (boolean)"
  577 msgstr "try_inotify (bool)"
  578 
  579 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  580 #: sssd.conf.5.xml:339
  581 msgid ""
  582 "By default, SSSD will attempt to use inotify to monitor configuration files "
  583 "changes and will fall back to polling every five seconds if inotify cannot "
  584 "be used."
  585 msgstr ""
  586 
  587 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  588 #: sssd.conf.5.xml:345
  589 msgid ""
  590 "There are some limited situations where it is preferred that we should skip "
  591 "even trying to use inotify. In these rare cases, this option should be set "
  592 "to 'false'"
  593 msgstr ""
  594 "Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik "
  595 "van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' "
  596 "gezet worden"
  597 
  598 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  599 #: sssd.conf.5.xml:351
  600 msgid ""
  601 "Default: true on platforms where inotify is supported. False on other "
  602 "platforms."
  603 msgstr ""
  604 "Standaard: true op systemen waar inotify is ondersteund. False op andere "
  605 "systemen."
  606 
  607 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  608 #: sssd.conf.5.xml:355
  609 msgid ""
  610 "Note: this option will have no effect on platforms where inotify is "
  611 "unavailable. On these platforms, polling will always be used."
  612 msgstr ""
  613 "Merk op: deze optie heeft geen effect op systemen waar inotify niet "
  614 "beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv."
  615 "conf."
  616 
  617 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  618 #: sssd.conf.5.xml:362
  619 msgid "krb5_rcache_dir (string)"
  620 msgstr ""
  621 
  622 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  623 #: sssd.conf.5.xml:365
  624 msgid ""
  625 "Directory on the filesystem where SSSD should store Kerberos replay cache "
  626 "files."
  627 msgstr ""
  628 "Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
  629 "opslaan."
  630 
  631 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  632 #: sssd.conf.5.xml:369
  633 msgid ""
  634 "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
  635 "SSSD to let libkrb5 decide the appropriate location for the replay cache."
  636 msgstr ""
  637 
  638 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  639 #: sssd.conf.5.xml:375
  640 msgid ""
  641 "Default: Distribution-specific and specified at build-time. "
  642 "(__LIBKRB5_DEFAULTS__ if not configured)"
  643 msgstr ""
  644 
  645 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  646 #: sssd.conf.5.xml:382
  647 msgid "user (string)"
  648 msgstr ""
  649 
  650 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  651 #: sssd.conf.5.xml:385
  652 msgid ""
  653 "The user to drop the privileges to where appropriate to avoid running as the "
  654 "root user.  <phrase condition=\"have_systemd\"> This option does not work "
  655 "when running socket-activated services, as the user set up to run the "
  656 "processes is set up during compilation time.  The way to override the "
  657 "systemd unit files is by creating the appropriate files in /etc/systemd/"
  658 "system/.  Keep in mind that any change in the socket user, group or "
  659 "permissions may result in a non-usable SSSD. The same may occur in case of "
  660 "changes of the user running the NSS responder.  </phrase>"
  661 msgstr ""
  662 
  663 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  664 #: sssd.conf.5.xml:403
  665 msgid "Default: not set, process will run as root"
  666 msgstr ""
  667 
  668 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  669 #: sssd.conf.5.xml:408
  670 msgid "default_domain_suffix (string)"
  671 msgstr ""
  672 
  673 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  674 #: sssd.conf.5.xml:411
  675 msgid ""
  676 "This string will be used as a default domain name for all names without a "
  677 "domain name component. The main use case is environments where the primary "
  678 "domain is intended for managing host policies and all users are located in a "
  679 "trusted domain.  The option allows those users to log in just with their "
  680 "user name without giving a domain name as well."
  681 msgstr ""
  682 
  683 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  684 #: sssd.conf.5.xml:421
  685 msgid ""
  686 "Please note that if this option is set all users from the primary domain "
  687 "have to use their fully qualified name, e.g. user@domain.name, to log in. "
  688 "Setting this option changes default of use_fully_qualified_names to True. It "
  689 "is not allowed to use this option together with use_fully_qualified_names "
  690 "set to False. One exception from this rule are domains with "
  691 "<quote>id_provider=files</quote> that always try to match the behaviour of "
  692 "nss_files and therefore their output is not qualified even when the "
  693 "default_domain_suffix option is used."
  694 msgstr ""
  695 
  696 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  697 #: sssd.conf.5.xml:436 sssd.conf.5.xml:1348 sssd-ldap.5.xml:772
  698 #: sssd-ldap.5.xml:784 sssd-ldap.5.xml:876 sssd-ad.5.xml:897 sssd-ad.5.xml:972
  699 #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:609
  700 #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
  701 #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
  702 #: sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205
  703 #: include/ldap_id_mapping.xml:216
  704 msgid "Default: not set"
  705 msgstr ""
  706 
  707 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  708 #: sssd.conf.5.xml:441
  709 msgid "override_space (string)"
  710 msgstr ""
  711 
  712 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  713 #: sssd.conf.5.xml:444
  714 msgid ""
  715 "This parameter will replace spaces (space bar)  with the given character for "
  716 "user and group names.  e.g. (_). User name &quot;john doe&quot; will be "
  717 "&quot;john_doe&quot; This feature was added to help compatibility with shell "
  718 "scripts that have difficulty handling spaces, due to the default field "
  719 "separator in the shell."
  720 msgstr ""
  721 
  722 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  723 #: sssd.conf.5.xml:453
  724 msgid ""
  725 "Please note it is a configuration error to use a replacement character that "
  726 "might be used in user or group names. If a name contains the replacement "
  727 "character SSSD tries to return the unmodified name but in general the result "
  728 "of a lookup is undefined."
  729 msgstr ""
  730 
  731 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  732 #: sssd.conf.5.xml:461
  733 msgid "Default: not set (spaces will not be replaced)"
  734 msgstr ""
  735 
  736 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  737 #: sssd.conf.5.xml:466
  738 msgid "certificate_verification (string)"
  739 msgstr ""
  740 
  741 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  742 #: sssd.conf.5.xml:474
  743 msgid "no_ocsp"
  744 msgstr ""
  745 
  746 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  747 #: sssd.conf.5.xml:476
  748 msgid ""
  749 "Disables Online Certificate Status Protocol (OCSP) checks. This might be "
  750 "needed if the OCSP servers defined in the certificate are not reachable from "
  751 "the client."
  752 msgstr ""
  753 
  754 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  755 #: sssd.conf.5.xml:484
  756 msgid "soft_ocsp"
  757 msgstr ""
  758 
  759 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  760 #: sssd.conf.5.xml:486
  761 msgid ""
  762 "If a connection cannot be established to an OCSP responder the OCSP check is "
  763 "skipped.  This option should be used to allow authentication when the system "
  764 "is offline and the OCSP responder cannot be reached."
  765 msgstr ""
  766 
  767 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  768 #: sssd.conf.5.xml:496
  769 msgid "ocsp_dgst"
  770 msgstr ""
  771 
  772 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  773 #: sssd.conf.5.xml:498
  774 msgid ""
  775 "Digest (hash) function used to create the certificate ID for the OCSP "
  776 "request. Allowed values are:"
  777 msgstr ""
  778 
  779 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  780 #: sssd.conf.5.xml:502
  781 msgid "sha1"
  782 msgstr ""
  783 
  784 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  785 #: sssd.conf.5.xml:503
  786 msgid "sha256"
  787 msgstr ""
  788 
  789 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  790 #: sssd.conf.5.xml:504
  791 msgid "sha384"
  792 msgstr ""
  793 
  794 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  795 #: sssd.conf.5.xml:505
  796 msgid "sha512"
  797 msgstr ""
  798 
  799 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  800 #: sssd.conf.5.xml:508
  801 msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)"
  802 msgstr ""
  803 
  804 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  805 #: sssd.conf.5.xml:514
  806 msgid "no_verification"
  807 msgstr ""
  808 
  809 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  810 #: sssd.conf.5.xml:516
  811 msgid ""
  812 "Disables verification completely.  This option should only be used for "
  813 "testing."
  814 msgstr ""
  815 
  816 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  817 #: sssd.conf.5.xml:522
  818 msgid "ocsp_default_responder=URL"
  819 msgstr ""
  820 
  821 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  822 #: sssd.conf.5.xml:524
  823 msgid ""
  824 "Sets the OCSP default responder which should be used instead of the one "
  825 "mentioned in the certificate. URL must be replaced with the URL of the OCSP "
  826 "default responder e.g.  http://example.com:80/ocsp."
  827 msgstr ""
  828 
  829 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  830 #: sssd.conf.5.xml:534
  831 msgid "ocsp_default_responder_signing_cert=NAME"
  832 msgstr ""
  833 
  834 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  835 #: sssd.conf.5.xml:536
  836 msgid ""
  837 "This option is currently ignored. All needed certificates must be available "
  838 "in the PEM file given by pam_cert_db_path."
  839 msgstr ""
  840 
  841 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  842 #: sssd.conf.5.xml:544
  843 msgid "crl_file=/PATH/TO/CRL/FILE"
  844 msgstr ""
  845 
  846 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  847 #: sssd.conf.5.xml:546
  848 msgid ""
  849 "Use the Certificate Revocation List (CRL) from the given file during the "
  850 "verification of the certificate. The CRL must be given in PEM format, see "
  851 "<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</"
  852 "manvolnum> </citerefentry> for details."
  853 msgstr ""
  854 
  855 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  856 #: sssd.conf.5.xml:559
  857 msgid "soft_crl"
  858 msgstr ""
  859 
  860 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  861 #: sssd.conf.5.xml:562
  862 msgid ""
  863 "If a Certificate Revocation List (CRL)  is expired ignore the CRL checks for "
  864 "the related certificates. This option should be used to allow authentication "
  865 "when the system is offline and the CRL cannot be renewed."
  866 msgstr ""
  867 
  868 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  869 #: sssd.conf.5.xml:469
  870 msgid ""
  871 "With this parameter the certificate verification can be tuned with a comma "
  872 "separated list of options. Supported options are: <placeholder type="
  873 "\"variablelist\" id=\"0\"/>"
  874 msgstr ""
  875 
  876 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  877 #: sssd.conf.5.xml:573
  878 msgid "Unknown options are reported but ignored."
  879 msgstr ""
  880 
  881 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  882 #: sssd.conf.5.xml:576
  883 msgid "Default: not set, i.e. do not restrict certificate verification"
  884 msgstr ""
  885 
  886 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  887 #: sssd.conf.5.xml:582
  888 msgid "disable_netlink (boolean)"
  889 msgstr ""
  890 
  891 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  892 #: sssd.conf.5.xml:585
  893 msgid ""
  894 "SSSD hooks into the netlink interface to monitor changes to routes, "
  895 "addresses, links and trigger certain actions."
  896 msgstr ""
  897 
  898 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  899 #: sssd.conf.5.xml:590
  900 msgid ""
  901 "The SSSD state changes caused by netlink events may be undesirable and can "
  902 "be disabled by setting this option to 'true'"
  903 msgstr ""
  904 
  905 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  906 #: sssd.conf.5.xml:595
  907 msgid "Default: false (netlink changes are detected)"
  908 msgstr ""
  909 
  910 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  911 #: sssd.conf.5.xml:600
  912 msgid "enable_files_domain (boolean)"
  913 msgstr ""
  914 
  915 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  916 #: sssd.conf.5.xml:603
  917 msgid ""
  918 "When this option is enabled, SSSD prepends an implicit domain with "
  919 "<quote>id_provider=files</quote> before any explicitly configured domains."
  920 msgstr ""
  921 
  922 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  923 #: sssd.conf.5.xml:617
  924 msgid "domain_resolution_order"
  925 msgstr ""
  926 
  927 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  928 #: sssd.conf.5.xml:620
  929 msgid ""
  930 "Comma separated list of domains and subdomains representing the lookup order "
  931 "that will be followed.  The list doesn't have to include all possible "
  932 "domains as the missing domains will be looked up based on the order they're "
  933 "presented in the <quote>domains</quote> configuration option.  The "
  934 "subdomains which are not listed as part of <quote>lookup_order</quote> will "
  935 "be looked up in a random order for each parent domain."
  936 msgstr ""
  937 
  938 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  939 #: sssd.conf.5.xml:632
  940 msgid ""
  941 "Please, note that when this option is set the output format of all commands "
  942 "is always fully-qualified even when using short names for input, for all "
  943 "users but the ones managed by the files provider.  In case the administrator "
  944 "wants the output not fully-qualified, the full_name_format option can be "
  945 "used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
  946 "mind that during login, login applications often canonicalize the username "
  947 "by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
  948 "<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
  949 "for a qualified input (while trying to reach a user which exists in multiple "
  950 "domains) might re-route the login attempt into the domain which uses "
  951 "shortnames, making this workaround totally not recommended in cases where "
  952 "usernames may overlap between domains."
  953 msgstr ""
  954 
  955 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  956 #: sssd.conf.5.xml:657 sssd.conf.5.xml:1562 sssd.conf.5.xml:3752
  957 #: sssd-ad.5.xml:164 sssd-ad.5.xml:304 sssd-ad.5.xml:318
  958 msgid "Default: Not set"
  959 msgstr ""
  960 
  961 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  962 #: sssd.conf.5.xml:184
  963 msgid ""
  964 "Individual pieces of SSSD functionality are provided by special SSSD "
  965 "services that are started and stopped together with SSSD.  The services are "
  966 "managed by a special service frequently called <quote>monitor</quote>. The "
  967 "<quote>[sssd]</quote> section is used to configure the monitor as well as "
  968 "some other important options like the identity domains.  <placeholder type="
  969 "\"variablelist\" id=\"0\"/>"
  970 msgstr ""
  971 
  972 #. type: Content of: <reference><refentry><refsect1><title>
  973 #: sssd.conf.5.xml:668
  974 msgid "SERVICES SECTIONS"
  975 msgstr "SERVICES SECTIE"
  976 
  977 #. type: Content of: <reference><refentry><refsect1><para>
  978 #: sssd.conf.5.xml:670
  979 msgid ""
  980 "Settings that can be used to configure different services are described in "
  981 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
  982 "section, for example, for NSS service, the section would be <quote>[nss]</"
  983 "quote>"
  984 msgstr ""
  985 
  986 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  987 #: sssd.conf.5.xml:677
  988 msgid "General service configuration options"
  989 msgstr "Algemene service configuratie-opties"
  990 
  991 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  992 #: sssd.conf.5.xml:679
  993 msgid "These options can be used to configure any service."
  994 msgstr "Deze opties kunnen gebruikt worden om services te configureren."
  995 
  996 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  997 #: sssd.conf.5.xml:696
  998 msgid "fd_limit"
  999 msgstr ""
 1000 
 1001 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1002 #: sssd.conf.5.xml:699
 1003 msgid ""
 1004 "This option specifies the maximum number of file descriptors that may be "
 1005 "opened at one time by this SSSD process. On systems where SSSD is granted "
 1006 "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
 1007 "systems without this capability, the resulting value will be the lower value "
 1008 "of this or the limits.conf \"hard\" limit."
 1009 msgstr ""
 1010 
 1011 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1012 #: sssd.conf.5.xml:708
 1013 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
 1014 msgstr ""
 1015 
 1016 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1017 #: sssd.conf.5.xml:713
 1018 msgid "client_idle_timeout"
 1019 msgstr ""
 1020 
 1021 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1022 #: sssd.conf.5.xml:716
 1023 msgid ""
 1024 "This option specifies the number of seconds that a client of an SSSD process "
 1025 "can hold onto a file descriptor without communicating on it. This value is "
 1026 "limited in order to avoid resource exhaustion on the system. The timeout "
 1027 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 1028 "adjusted to 10 seconds."
 1029 msgstr ""
 1030 
 1031 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1032 #: sssd.conf.5.xml:725
 1033 #, fuzzy
 1034 #| msgid "Default: 3"
 1035 msgid "Default: 60, KCM: 300"
 1036 msgstr "Standaard: 3"
 1037 
 1038 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1039 #: sssd.conf.5.xml:730
 1040 msgid "offline_timeout (integer)"
 1041 msgstr ""
 1042 
 1043 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1044 #: sssd.conf.5.xml:733
 1045 msgid ""
 1046 "When SSSD switches to offline mode the amount of time before it tries to go "
 1047 "back online will increase based upon the time spent disconnected.  This "
 1048 "value is in seconds and calculated by the following:"
 1049 msgstr ""
 1050 
 1051 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1052 #: sssd.conf.5.xml:740
 1053 msgid "offline_timeout + random_offset"
 1054 msgstr ""
 1055 
 1056 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1057 #: sssd.conf.5.xml:743
 1058 msgid ""
 1059 "The random offset value is from 0 to 30.  After each unsuccessful attempt to "
 1060 "go online, the new interval is recalculated by the following:"
 1061 msgstr ""
 1062 
 1063 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1064 #: sssd.conf.5.xml:748
 1065 msgid "new_interval = (old_interval * 2) + random_offset"
 1066 msgstr ""
 1067 
 1068 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1069 #: sssd.conf.5.xml:751
 1070 msgid ""
 1071 "Note that the maximum length of each interval is defined by "
 1072 "offline_timeout_max, which defaults to one hour. If the calculated length of "
 1073 "new_interval is greater than offline_timeout_max, it will be forced to the "
 1074 "offline_timeout_max value."
 1075 msgstr ""
 1076 
 1077 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1078 #: sssd.conf.5.xml:758 sssd.conf.5.xml:1072 sssd.conf.5.xml:1414
 1079 #: sssd.conf.5.xml:1651 sssd-ldap.5.xml:469
 1080 msgid "Default: 60"
 1081 msgstr ""
 1082 
 1083 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1084 #: sssd.conf.5.xml:763
 1085 #, fuzzy
 1086 #| msgid "enum_cache_timeout (integer)"
 1087 msgid "offline_timeout_max (integer)"
 1088 msgstr "enum_cache_timeout (numeriek)"
 1089 
 1090 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1091 #: sssd.conf.5.xml:766
 1092 msgid ""
 1093 "Controls by how much the time between attempts to go online can be "
 1094 "incremented following unsuccessful attempts to go online."
 1095 msgstr ""
 1096 
 1097 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1098 #: sssd.conf.5.xml:771
 1099 msgid "A value of 0 disables the incrementing behaviour."
 1100 msgstr ""
 1101 
 1102 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1103 #: sssd.conf.5.xml:774
 1104 msgid ""
 1105 "The value of this parameter should be set in correlation to offline_timeout "
 1106 "parameter value."
 1107 msgstr ""
 1108 
 1109 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1110 #: sssd.conf.5.xml:778
 1111 msgid ""
 1112 "With offline_timeout set to 60 (default value) there is no point in setting "
 1113 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
 1114 "rule here should be to set offline_timeout_max to at least 4 times "
 1115 "offline_timeout."
 1116 msgstr ""
 1117 
 1118 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1119 #: sssd.conf.5.xml:784
 1120 msgid ""
 1121 "Although a value between 0 and offline_timeout may be specified, it has the "
 1122 "effect of overriding the offline_timeout value so is of little use."
 1123 msgstr ""
 1124 
 1125 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1126 #: sssd.conf.5.xml:789
 1127 #, fuzzy
 1128 #| msgid "Default: 3"
 1129 msgid "Default: 3600"
 1130 msgstr "Standaard: 3"
 1131 
 1132 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1133 #: sssd.conf.5.xml:794
 1134 msgid "responder_idle_timeout"
 1135 msgstr ""
 1136 
 1137 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1138 #: sssd.conf.5.xml:797
 1139 msgid ""
 1140 "This option specifies the number of seconds that an SSSD responder process "
 1141 "can be up without being used. This value is limited in order to avoid "
 1142 "resource exhaustion on the system.  The minimum acceptable value for this "
 1143 "option is 60 seconds.  Setting this option to 0 (zero) means that no timeout "
 1144 "will be set up to the responder.  This option only has effect when SSSD is "
 1145 "built with systemd support and when services are either socket or D-Bus "
 1146 "activated."
 1147 msgstr ""
 1148 
 1149 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1150 #: sssd.conf.5.xml:811 sssd.conf.5.xml:1085 sssd.conf.5.xml:2090
 1151 #: sssd-ldap.5.xml:326
 1152 msgid "Default: 300"
 1153 msgstr ""
 1154 
 1155 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1156 #: sssd.conf.5.xml:816
 1157 msgid "cache_first"
 1158 msgstr ""
 1159 
 1160 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1161 #: sssd.conf.5.xml:819
 1162 msgid ""
 1163 "This option specifies whether the responder should query all caches before "
 1164 "querying the Data Providers."
 1165 msgstr ""
 1166 
 1167 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1168 #: sssd.conf.5.xml:831
 1169 msgid "NSS configuration options"
 1170 msgstr "NSS configuratie-opties"
 1171 
 1172 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1173 #: sssd.conf.5.xml:833
 1174 msgid ""
 1175 "These options can be used to configure the Name Service Switch (NSS) service."
 1176 msgstr ""
 1177 "Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te "
 1178 "configurere."
 1179 
 1180 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1181 #: sssd.conf.5.xml:838
 1182 msgid "enum_cache_timeout (integer)"
 1183 msgstr "enum_cache_timeout (numeriek)"
 1184 
 1185 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1186 #: sssd.conf.5.xml:841
 1187 msgid ""
 1188 "How many seconds should nss_sss cache enumerations (requests for info about "
 1189 "all users)"
 1190 msgstr ""
 1191 "Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
 1192 "over alle gebruikers)"
 1193 
 1194 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1195 #: sssd.conf.5.xml:845
 1196 msgid "Default: 120"
 1197 msgstr "Standaard: 120"
 1198 
 1199 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1200 #: sssd.conf.5.xml:850
 1201 msgid "entry_cache_nowait_percentage (integer)"
 1202 msgstr "entry_cache_nowait_percentage (numeriek)"
 1203 
 1204 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1205 #: sssd.conf.5.xml:853
 1206 msgid ""
 1207 "The entry cache can be set to automatically update entries in the background "
 1208 "if they are requested beyond a percentage of the entry_cache_timeout value "
 1209 "for the domain."
 1210 msgstr ""
 1211 
 1212 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1213 #: sssd.conf.5.xml:859
 1214 msgid ""
 1215 "For example, if the domain's entry_cache_timeout is set to 30s and "
 1216 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 1217 "after 15 seconds past the last cache update will be returned immediately, "
 1218 "but the SSSD will go and update the cache on its own, so that future "
 1219 "requests will not need to block waiting for a cache update."
 1220 msgstr ""
 1221 
 1222 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1223 #: sssd.conf.5.xml:869
 1224 msgid ""
 1225 "Valid values for this option are 0-99 and represent a percentage of the "
 1226 "entry_cache_timeout for each domain. For performance reasons, this "
 1227 "percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
 1228 "disables this feature)"
 1229 msgstr ""
 1230 
 1231 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1232 #: sssd.conf.5.xml:877 sssd.conf.5.xml:1890
 1233 msgid "Default: 50"
 1234 msgstr ""
 1235 
 1236 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1237 #: sssd.conf.5.xml:882
 1238 msgid "entry_negative_timeout (integer)"
 1239 msgstr "entry_negative_timeout (numeriek)"
 1240 
 1241 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1242 #: sssd.conf.5.xml:885
 1243 msgid ""
 1244 "Specifies for how many seconds nss_sss should cache negative cache hits "
 1245 "(that is, queries for invalid database entries, like nonexistent ones)  "
 1246 "before asking the back end again."
 1247 msgstr ""
 1248 
 1249 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1250 #: sssd.conf.5.xml:891 sssd.conf.5.xml:1914
 1251 msgid "Default: 15"
 1252 msgstr ""
 1253 
 1254 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1255 #: sssd.conf.5.xml:896
 1256 msgid "local_negative_timeout (integer)"
 1257 msgstr ""
 1258 
 1259 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1260 #: sssd.conf.5.xml:899
 1261 msgid ""
 1262 "Specifies for how many seconds nss_sss should keep local users and groups in "
 1263 "negative cache before trying to look it up in the back end again. Setting "
 1264 "the option to 0 disables this feature."
 1265 msgstr ""
 1266 
 1267 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1268 #: sssd.conf.5.xml:905
 1269 msgid "Default: 14400 (4 hours)"
 1270 msgstr ""
 1271 
 1272 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1273 #: sssd.conf.5.xml:910
 1274 msgid "filter_users, filter_groups (string)"
 1275 msgstr ""
 1276 
 1277 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1278 #: sssd.conf.5.xml:913
 1279 msgid ""
 1280 "Exclude certain users or groups from being fetched from the sss NSS "
 1281 "database. This is particularly useful for system accounts. This option can "
 1282 "also be set per-domain or include fully-qualified names to filter only users "
 1283 "from the particular domain or by a user principal name (UPN)."
 1284 msgstr ""
 1285 
 1286 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1287 #: sssd.conf.5.xml:921
 1288 msgid ""
 1289 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 1290 "members, since filtering happens after they are propagated for returning via "
 1291 "NSS. E.g. a group having a member group filtered out will still have the "
 1292 "member users of the latter listed."
 1293 msgstr ""
 1294 
 1295 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1296 #: sssd.conf.5.xml:929
 1297 msgid "Default: root"
 1298 msgstr ""
 1299 
 1300 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1301 #: sssd.conf.5.xml:934
 1302 msgid "filter_users_in_groups (bool)"
 1303 msgstr ""
 1304 
 1305 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1306 #: sssd.conf.5.xml:937
 1307 msgid ""
 1308 "If you want filtered user still be group members set this option to false."
 1309 msgstr ""
 1310 
 1311 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1312 #: sssd.conf.5.xml:948
 1313 msgid "fallback_homedir (string)"
 1314 msgstr ""
 1315 
 1316 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1317 #: sssd.conf.5.xml:951
 1318 msgid ""
 1319 "Set a default template for a user's home directory if one is not specified "
 1320 "explicitly by the domain's data provider."
 1321 msgstr ""
 1322 
 1323 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1324 #: sssd.conf.5.xml:956
 1325 msgid ""
 1326 "The available values for this option are the same as for override_homedir."
 1327 msgstr ""
 1328 
 1329 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1330 #: sssd.conf.5.xml:962
 1331 #, no-wrap
 1332 msgid ""
 1333 "fallback_homedir = /home/%u\n"
 1334 "                            "
 1335 msgstr ""
 1336 
 1337 #. type: Content of: <varlistentry><listitem><para>
 1338 #: sssd.conf.5.xml:960 sssd.conf.5.xml:1481 sssd.conf.5.xml:1500
 1339 #: sssd-krb5.5.xml:592 include/override_homedir.xml:59
 1340 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 1341 msgstr ""
 1342 
 1343 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1344 #: sssd.conf.5.xml:966
 1345 msgid "Default: not set (no substitution for unset home directories)"
 1346 msgstr ""
 1347 
 1348 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1349 #: sssd.conf.5.xml:972
 1350 msgid "override_shell (string)"
 1351 msgstr ""
 1352 
 1353 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1354 #: sssd.conf.5.xml:975
 1355 msgid ""
 1356 "Override the login shell for all users. This option supersedes any other "
 1357 "shell options if it takes effect and can be set either in the [nss] section "
 1358 "or per-domain."
 1359 msgstr ""
 1360 
 1361 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1362 #: sssd.conf.5.xml:981
 1363 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 1364 msgstr ""
 1365 
 1366 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1367 #: sssd.conf.5.xml:987
 1368 msgid "allowed_shells (string)"
 1369 msgstr ""
 1370 
 1371 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1372 #: sssd.conf.5.xml:990
 1373 msgid ""
 1374 "Restrict user shell to one of the listed values. The order of evaluation is:"
 1375 msgstr ""
 1376 
 1377 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1378 #: sssd.conf.5.xml:993
 1379 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 1380 msgstr ""
 1381 
 1382 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1383 #: sssd.conf.5.xml:997
 1384 msgid ""
 1385 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 1386 "quote>, use the value of the shell_fallback parameter."
 1387 msgstr ""
 1388 
 1389 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1390 #: sssd.conf.5.xml:1002
 1391 msgid ""
 1392 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 1393 "shells</quote>, a nologin shell is used."
 1394 msgstr ""
 1395 
 1396 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1397 #: sssd.conf.5.xml:1007
 1398 msgid "The wildcard (*) can be used to allow any shell."
 1399 msgstr ""
 1400 
 1401 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1402 #: sssd.conf.5.xml:1010
 1403 msgid ""
 1404 "The (*) is useful if you want to use shell_fallback in case that user's "
 1405 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
 1406 "allowed shells in allowed_shells would be to much overhead."
 1407 msgstr ""
 1408 
 1409 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1410 #: sssd.conf.5.xml:1017
 1411 msgid "An empty string for shell is passed as-is to libc."
 1412 msgstr ""
 1413 
 1414 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1415 #: sssd.conf.5.xml:1020
 1416 msgid ""
 1417 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 1418 "that a restart of the SSSD is required in case a new shell is installed."
 1419 msgstr ""
 1420 
 1421 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1422 #: sssd.conf.5.xml:1024
 1423 msgid "Default: Not set. The user shell is automatically used."
 1424 msgstr ""
 1425 
 1426 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1427 #: sssd.conf.5.xml:1029
 1428 msgid "vetoed_shells (string)"
 1429 msgstr ""
 1430 
 1431 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1432 #: sssd.conf.5.xml:1032
 1433 msgid "Replace any instance of these shells with the shell_fallback"
 1434 msgstr ""
 1435 
 1436 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1437 #: sssd.conf.5.xml:1037
 1438 msgid "shell_fallback (string)"
 1439 msgstr ""
 1440 
 1441 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1442 #: sssd.conf.5.xml:1040
 1443 msgid ""
 1444 "The default shell to use if an allowed shell is not installed on the machine."
 1445 msgstr ""
 1446 
 1447 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1448 #: sssd.conf.5.xml:1044
 1449 msgid "Default: /bin/sh"
 1450 msgstr ""
 1451 
 1452 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1453 #: sssd.conf.5.xml:1049
 1454 msgid "default_shell"
 1455 msgstr ""
 1456 
 1457 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1458 #: sssd.conf.5.xml:1052
 1459 msgid ""
 1460 "The default shell to use if the provider does not return one during lookup. "
 1461 "This option can be specified globally in the [nss] section or per-domain."
 1462 msgstr ""
 1463 
 1464 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1465 #: sssd.conf.5.xml:1058
 1466 msgid ""
 1467 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 1468 "substitute something sensible when necessary, usually /bin/sh)"
 1469 msgstr ""
 1470 
 1471 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1472 #: sssd.conf.5.xml:1065 sssd.conf.5.xml:1407
 1473 msgid "get_domains_timeout (int)"
 1474 msgstr ""
 1475 
 1476 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1477 #: sssd.conf.5.xml:1068 sssd.conf.5.xml:1410
 1478 msgid ""
 1479 "Specifies time in seconds for which the list of subdomains will be "
 1480 "considered valid."
 1481 msgstr ""
 1482 
 1483 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1484 #: sssd.conf.5.xml:1077
 1485 #, fuzzy
 1486 #| msgid "enum_cache_timeout (integer)"
 1487 msgid "memcache_timeout (integer)"
 1488 msgstr "enum_cache_timeout (numeriek)"
 1489 
 1490 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1491 #: sssd.conf.5.xml:1080
 1492 msgid ""
 1493 "Specifies time in seconds for which records in the in-memory cache will be "
 1494 "valid. Setting this option to zero will disable the in-memory cache."
 1495 msgstr ""
 1496 
 1497 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1498 #: sssd.conf.5.xml:1088
 1499 msgid ""
 1500 "WARNING: Disabling the in-memory cache will have significant negative impact "
 1501 "on SSSD's performance and should only be used for testing."
 1502 msgstr ""
 1503 
 1504 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1505 #: sssd.conf.5.xml:1094 sssd.conf.5.xml:1119 sssd.conf.5.xml:1144
 1506 #: sssd.conf.5.xml:1169
 1507 msgid ""
 1508 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 1509 "client applications will not use the fast in-memory cache."
 1510 msgstr ""
 1511 
 1512 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1513 #: sssd.conf.5.xml:1102
 1514 #, fuzzy
 1515 #| msgid "enum_cache_timeout (integer)"
 1516 msgid "memcache_size_passwd (integer)"
 1517 msgstr "enum_cache_timeout (numeriek)"
 1518 
 1519 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1520 #: sssd.conf.5.xml:1105
 1521 msgid ""
 1522 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1523 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
 1524 "memory cache."
 1525 msgstr ""
 1526 
 1527 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1528 #: sssd.conf.5.xml:1111 sssd.conf.5.xml:2623 sssd-ldap.5.xml:513
 1529 msgid "Default: 8"
 1530 msgstr ""
 1531 
 1532 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1533 #: sssd.conf.5.xml:1114 sssd.conf.5.xml:1139 sssd.conf.5.xml:1164
 1534 msgid ""
 1535 "WARNING: Disabled or too small in-memory cache can have significant negative "
 1536 "impact on SSSD's performance."
 1537 msgstr ""
 1538 
 1539 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1540 #: sssd.conf.5.xml:1127
 1541 #, fuzzy
 1542 #| msgid "enum_cache_timeout (integer)"
 1543 msgid "memcache_size_group (integer)"
 1544 msgstr "enum_cache_timeout (numeriek)"
 1545 
 1546 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1547 #: sssd.conf.5.xml:1130
 1548 msgid ""
 1549 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1550 "for group requests.  Setting the size to 0 will disable the group in-memory "
 1551 "cache."
 1552 msgstr ""
 1553 
 1554 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 1555 #: sssd.conf.5.xml:1136 sssd.conf.5.xml:3340 sssd-ldap.5.xml:453
 1556 #: sssd-ldap.5.xml:495 sssd-krb5.5.xml:248 include/failover.xml:116
 1557 msgid "Default: 6"
 1558 msgstr ""
 1559 
 1560 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1561 #: sssd.conf.5.xml:1152
 1562 #, fuzzy
 1563 #| msgid "enum_cache_timeout (integer)"
 1564 msgid "memcache_size_initgroups (integer)"
 1565 msgstr "enum_cache_timeout (numeriek)"
 1566 
 1567 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1568 #: sssd.conf.5.xml:1155
 1569 msgid ""
 1570 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1571 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
 1572 "in-memory cache."
 1573 msgstr ""
 1574 
 1575 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 1576 #: sssd.conf.5.xml:1177 sssd-ifp.5.xml:74
 1577 msgid "user_attributes (string)"
 1578 msgstr ""
 1579 
 1580 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1581 #: sssd.conf.5.xml:1180
 1582 msgid ""
 1583 "Some of the additional NSS responder requests can return more attributes "
 1584 "than just the POSIX ones defined by the NSS interface. The list of "
 1585 "attributes is controlled by this option. It is handled the same way as the "
 1586 "<quote>user_attributes</quote> option of the InfoPipe responder (see "
 1587 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 1588 "manvolnum> </citerefentry> for details) but with no default values."
 1589 msgstr ""
 1590 
 1591 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1592 #: sssd.conf.5.xml:1193
 1593 msgid ""
 1594 "To make configuration more easy the NSS responder will check the InfoPipe "
 1595 "option if it is not set for the NSS responder."
 1596 msgstr ""
 1597 
 1598 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1599 #: sssd.conf.5.xml:1198
 1600 msgid "Default: not set, fallback to InfoPipe option"
 1601 msgstr ""
 1602 
 1603 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1604 #: sssd.conf.5.xml:1203
 1605 msgid "pwfield (string)"
 1606 msgstr ""
 1607 
 1608 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1609 #: sssd.conf.5.xml:1206
 1610 msgid ""
 1611 "The value that NSS operations that return users or groups will return for "
 1612 "the <quote>password</quote> field."
 1613 msgstr ""
 1614 
 1615 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1616 #: sssd.conf.5.xml:1211
 1617 #, fuzzy
 1618 #| msgid "Default: <quote>%1$s@%2$s</quote>."
 1619 msgid "Default: <quote>*</quote>"
 1620 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 1621 
 1622 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1623 #: sssd.conf.5.xml:1214
 1624 msgid ""
 1625 "Note: This option can also be set per-domain which overwrites the value in "
 1626 "[nss] section."
 1627 msgstr ""
 1628 
 1629 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1630 #: sssd.conf.5.xml:1218
 1631 msgid ""
 1632 "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the "
 1633 "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-"
 1634 "shadowutils target)"
 1635 msgstr ""
 1636 
 1637 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1638 #: sssd.conf.5.xml:1228
 1639 msgid "PAM configuration options"
 1640 msgstr ""
 1641 
 1642 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1643 #: sssd.conf.5.xml:1230
 1644 msgid ""
 1645 "These options can be used to configure the Pluggable Authentication Module "
 1646 "(PAM) service."
 1647 msgstr ""
 1648 
 1649 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1650 #: sssd.conf.5.xml:1235
 1651 msgid "offline_credentials_expiration (integer)"
 1652 msgstr ""
 1653 
 1654 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1655 #: sssd.conf.5.xml:1238
 1656 msgid ""
 1657 "If the authentication provider is offline, how long should we allow cached "
 1658 "logins (in days since the last successful online login)."
 1659 msgstr ""
 1660 
 1661 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1662 #: sssd.conf.5.xml:1243 sssd.conf.5.xml:1256
 1663 msgid "Default: 0 (No limit)"
 1664 msgstr ""
 1665 
 1666 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1667 #: sssd.conf.5.xml:1249
 1668 msgid "offline_failed_login_attempts (integer)"
 1669 msgstr ""
 1670 
 1671 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1672 #: sssd.conf.5.xml:1252
 1673 msgid ""
 1674 "If the authentication provider is offline, how many failed login attempts "
 1675 "are allowed."
 1676 msgstr ""
 1677 
 1678 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1679 #: sssd.conf.5.xml:1262
 1680 msgid "offline_failed_login_delay (integer)"
 1681 msgstr ""
 1682 
 1683 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1684 #: sssd.conf.5.xml:1265
 1685 msgid ""
 1686 "The time in minutes which has to pass after offline_failed_login_attempts "
 1687 "has been reached before a new login attempt is possible."
 1688 msgstr ""
 1689 
 1690 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1691 #: sssd.conf.5.xml:1270
 1692 msgid ""
 1693 "If set to 0 the user cannot authenticate offline if "
 1694 "offline_failed_login_attempts has been reached. Only a successful online "
 1695 "authentication can enable offline authentication again."
 1696 msgstr ""
 1697 
 1698 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1699 #: sssd.conf.5.xml:1276 sssd.conf.5.xml:1374
 1700 msgid "Default: 5"
 1701 msgstr ""
 1702 
 1703 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1704 #: sssd.conf.5.xml:1282
 1705 msgid "pam_verbosity (integer)"
 1706 msgstr ""
 1707 
 1708 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1709 #: sssd.conf.5.xml:1285
 1710 msgid ""
 1711 "Controls what kind of messages are shown to the user during authentication. "
 1712 "The higher the number to more messages are displayed."
 1713 msgstr ""
 1714 
 1715 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1716 #: sssd.conf.5.xml:1290
 1717 msgid "Currently sssd supports the following values:"
 1718 msgstr ""
 1719 
 1720 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1721 #: sssd.conf.5.xml:1293
 1722 msgid "<emphasis>0</emphasis>: do not show any message"
 1723 msgstr ""
 1724 
 1725 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1726 #: sssd.conf.5.xml:1296
 1727 msgid "<emphasis>1</emphasis>: show only important messages"
 1728 msgstr ""
 1729 
 1730 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1731 #: sssd.conf.5.xml:1300
 1732 msgid "<emphasis>2</emphasis>: show informational messages"
 1733 msgstr ""
 1734 
 1735 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1736 #: sssd.conf.5.xml:1303
 1737 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 1738 msgstr ""
 1739 
 1740 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1741 #: sssd.conf.5.xml:1307 sssd.8.xml:63
 1742 msgid "Default: 1"
 1743 msgstr ""
 1744 
 1745 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1746 #: sssd.conf.5.xml:1313
 1747 #, fuzzy
 1748 #| msgid "re_expression (string)"
 1749 msgid "pam_response_filter (string)"
 1750 msgstr "re_expression (tekst)"
 1751 
 1752 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1753 #: sssd.conf.5.xml:1316
 1754 msgid ""
 1755 "A comma separated list of strings which allows to remove (filter) data sent "
 1756 "by the PAM responder to pam_sss PAM module. There are different kind of "
 1757 "responses sent to pam_sss e.g. messages displayed to the user or environment "
 1758 "variables which should be set by pam_sss."
 1759 msgstr ""
 1760 
 1761 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1762 #: sssd.conf.5.xml:1324
 1763 msgid ""
 1764 "While messages already can be controlled with the help of the pam_verbosity "
 1765 "option this option allows to filter out other kind of responses as well."
 1766 msgstr ""
 1767 
 1768 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1769 #: sssd.conf.5.xml:1331
 1770 msgid "ENV"
 1771 msgstr ""
 1772 
 1773 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1774 #: sssd.conf.5.xml:1332
 1775 msgid "Do not send any environment variables to any service."
 1776 msgstr ""
 1777 
 1778 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1779 #: sssd.conf.5.xml:1335
 1780 msgid "ENV:var_name"
 1781 msgstr ""
 1782 
 1783 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1784 #: sssd.conf.5.xml:1336
 1785 msgid "Do not send environment variable var_name to any service."
 1786 msgstr ""
 1787 
 1788 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1789 #: sssd.conf.5.xml:1340
 1790 msgid "ENV:var_name:service"
 1791 msgstr ""
 1792 
 1793 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1794 #: sssd.conf.5.xml:1341
 1795 msgid "Do not send environment variable var_name to service."
 1796 msgstr ""
 1797 
 1798 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1799 #: sssd.conf.5.xml:1329
 1800 msgid ""
 1801 "Currently the following filters are supported: <placeholder type="
 1802 "\"variablelist\" id=\"0\"/>"
 1803 msgstr ""
 1804 
 1805 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1806 #: sssd.conf.5.xml:1351
 1807 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 1808 msgstr ""
 1809 
 1810 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1811 #: sssd.conf.5.xml:1357
 1812 msgid "pam_id_timeout (integer)"
 1813 msgstr ""
 1814 
 1815 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1816 #: sssd.conf.5.xml:1360
 1817 msgid ""
 1818 "For any PAM request while SSSD is online, the SSSD will attempt to "
 1819 "immediately update the cached identity information for the user in order to "
 1820 "ensure that authentication takes place with the latest information."
 1821 msgstr ""
 1822 
 1823 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1824 #: sssd.conf.5.xml:1366
 1825 msgid ""
 1826 "A complete PAM conversation may perform multiple PAM requests, such as "
 1827 "account management and session opening. This option controls (on a per-"
 1828 "client-application basis) how long (in seconds) we can cache the identity "
 1829 "information to avoid excessive round-trips to the identity provider."
 1830 msgstr ""
 1831 
 1832 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1833 #: sssd.conf.5.xml:1380
 1834 msgid "pam_pwd_expiration_warning (integer)"
 1835 msgstr ""
 1836 
 1837 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1838 #: sssd.conf.5.xml:1383 sssd.conf.5.xml:2647
 1839 msgid "Display a warning N days before the password expires."
 1840 msgstr ""
 1841 
 1842 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1843 #: sssd.conf.5.xml:1386
 1844 msgid ""
 1845 "Please note that the backend server has to provide information about the "
 1846 "expiration time of the password.  If this information is missing, sssd "
 1847 "cannot display a warning."
 1848 msgstr ""
 1849 
 1850 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1851 #: sssd.conf.5.xml:1392 sssd.conf.5.xml:2650
 1852 msgid ""
 1853 "If zero is set, then this filter is not applied, i.e. if the expiration "
 1854 "warning was received from backend server, it will automatically be displayed."
 1855 msgstr ""
 1856 
 1857 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1858 #: sssd.conf.5.xml:1397
 1859 msgid ""
 1860 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 1861 "emphasis> for a particular domain."
 1862 msgstr ""
 1863 
 1864 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1865 #: sssd.conf.5.xml:1402 sssd.conf.5.xml:3534 sssd-ldap.5.xml:549 sssd.8.xml:79
 1866 msgid "Default: 0"
 1867 msgstr "Standaard: 0"
 1868 
 1869 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1870 #: sssd.conf.5.xml:1419
 1871 msgid "pam_trusted_users (string)"
 1872 msgstr ""
 1873 
 1874 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1875 #: sssd.conf.5.xml:1422
 1876 msgid ""
 1877 "Specifies the comma-separated list of UID values or user names that are "
 1878 "allowed to run PAM conversations against trusted domains.  Users not "
 1879 "included in this list can only access domains marked as public with "
 1880 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 1881 "startup."
 1882 msgstr ""
 1883 
 1884 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1885 #: sssd.conf.5.xml:1432
 1886 msgid "Default: All users are considered trusted by default"
 1887 msgstr ""
 1888 
 1889 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1890 #: sssd.conf.5.xml:1436
 1891 msgid ""
 1892 "Please note that UID 0 is always allowed to access the PAM responder even in "
 1893 "case it is not in the pam_trusted_users list."
 1894 msgstr ""
 1895 
 1896 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1897 #: sssd.conf.5.xml:1443
 1898 msgid "pam_public_domains (string)"
 1899 msgstr ""
 1900 
 1901 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1902 #: sssd.conf.5.xml:1446
 1903 msgid ""
 1904 "Specifies the comma-separated list of domain names that are accessible even "
 1905 "to untrusted users."
 1906 msgstr ""
 1907 
 1908 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1909 #: sssd.conf.5.xml:1450
 1910 msgid "Two special values for pam_public_domains option are defined:"
 1911 msgstr ""
 1912 
 1913 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1914 #: sssd.conf.5.xml:1454
 1915 msgid ""
 1916 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 1917 msgstr ""
 1918 
 1919 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1920 #: sssd.conf.5.xml:1458
 1921 msgid ""
 1922 "none (Untrusted users are not allowed to access any domains PAM in "
 1923 "responder.)"
 1924 msgstr ""
 1925 
 1926 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1927 #: sssd.conf.5.xml:1462 sssd.conf.5.xml:1487 sssd.conf.5.xml:1506
 1928 #: sssd.conf.5.xml:1684 sssd.conf.5.xml:2396 sssd.conf.5.xml:3463
 1929 #: sssd-ldap.5.xml:1091
 1930 msgid "Default: none"
 1931 msgstr ""
 1932 
 1933 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1934 #: sssd.conf.5.xml:1467
 1935 msgid "pam_account_expired_message (string)"
 1936 msgstr ""
 1937 
 1938 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1939 #: sssd.conf.5.xml:1470
 1940 msgid ""
 1941 "Allows a custom expiration message to be set, replacing the default "
 1942 "'Permission denied' message."
 1943 msgstr ""
 1944 
 1945 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1946 #: sssd.conf.5.xml:1475
 1947 msgid ""
 1948 "Note: Please be aware that message is only printed for the SSH service "
 1949 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 1950 msgstr ""
 1951 
 1952 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1953 #: sssd.conf.5.xml:1483
 1954 #, no-wrap
 1955 msgid ""
 1956 "pam_account_expired_message = Account expired, please contact help desk.\n"
 1957 "                            "
 1958 msgstr ""
 1959 
 1960 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1961 #: sssd.conf.5.xml:1492
 1962 msgid "pam_account_locked_message (string)"
 1963 msgstr ""
 1964 
 1965 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1966 #: sssd.conf.5.xml:1495
 1967 msgid ""
 1968 "Allows a custom lockout message to be set, replacing the default 'Permission "
 1969 "denied' message."
 1970 msgstr ""
 1971 
 1972 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1973 #: sssd.conf.5.xml:1502
 1974 #, no-wrap
 1975 msgid ""
 1976 "pam_account_locked_message = Account locked, please contact help desk.\n"
 1977 "                            "
 1978 msgstr ""
 1979 
 1980 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1981 #: sssd.conf.5.xml:1511
 1982 msgid "pam_cert_auth (bool)"
 1983 msgstr ""
 1984 
 1985 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1986 #: sssd.conf.5.xml:1514
 1987 msgid ""
 1988 "Enable certificate based Smartcard authentication.  Since this requires "
 1989 "additional communication with the Smartcard which will delay the "
 1990 "authentication process this option is disabled by default."
 1991 msgstr ""
 1992 
 1993 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 1994 #: sssd.conf.5.xml:1520 sssd-ldap.5.xml:590 sssd-ldap.5.xml:611
 1995 #: sssd-ldap.5.xml:1169 sssd-ad.5.xml:482 sssd-ad.5.xml:558 sssd-ad.5.xml:1103
 1996 #: sssd-ad.5.xml:1152 include/ldap_id_mapping.xml:244
 1997 msgid "Default: False"
 1998 msgstr ""
 1999 
 2000 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2001 #: sssd.conf.5.xml:1525
 2002 msgid "pam_cert_db_path (string)"
 2003 msgstr ""
 2004 
 2005 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2006 #: sssd.conf.5.xml:1528
 2007 msgid "The path to the certificate database."
 2008 msgstr ""
 2009 
 2010 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2011 #: sssd.conf.5.xml:1531 sssd.conf.5.xml:2016 sssd.conf.5.xml:3990
 2012 msgid "Default:"
 2013 msgstr ""
 2014 
 2015 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2016 #: sssd.conf.5.xml:1533 sssd.conf.5.xml:2018
 2017 msgid ""
 2018 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 2019 "certificates in PEM format)"
 2020 msgstr ""
 2021 
 2022 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2023 #: sssd.conf.5.xml:1543
 2024 msgid "p11_child_timeout (integer)"
 2025 msgstr ""
 2026 
 2027 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2028 #: sssd.conf.5.xml:1546
 2029 msgid "How many seconds will pam_sss wait for p11_child to finish."
 2030 msgstr ""
 2031 
 2032 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2033 #: sssd.conf.5.xml:1555
 2034 msgid "pam_app_services (string)"
 2035 msgstr ""
 2036 
 2037 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2038 #: sssd.conf.5.xml:1558
 2039 msgid ""
 2040 "Which PAM services are permitted to contact domains of type "
 2041 "<quote>application</quote>"
 2042 msgstr ""
 2043 
 2044 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2045 #: sssd.conf.5.xml:1567
 2046 msgid "pam_p11_allowed_services (integer)"
 2047 msgstr ""
 2048 
 2049 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2050 #: sssd.conf.5.xml:1570
 2051 msgid ""
 2052 "A comma-separated list of PAM service names for which it will be allowed to "
 2053 "use Smartcards."
 2054 msgstr ""
 2055 
 2056 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2057 #: sssd.conf.5.xml:1585
 2058 #, no-wrap
 2059 msgid ""
 2060 "pam_p11_allowed_services = +my_pam_service, -login\n"
 2061 "                            "
 2062 msgstr ""
 2063 
 2064 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2065 #: sssd.conf.5.xml:1574
 2066 msgid ""
 2067 "It is possible to add another PAM service name to the default set by using "
 2068 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
 2069 "the default set by using <quote>-service_name</quote>. For example, in order "
 2070 "to replace a default PAM service name for authentication with Smartcards (e."
 2071 "g. <quote>login</quote>) with a custom PAM service name (e.g. "
 2072 "<quote>my_pam_service</quote>), you would use the following configuration: "
 2073 "<placeholder type=\"programlisting\" id=\"0\"/>"
 2074 msgstr ""
 2075 
 2076 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2077 #: sssd.conf.5.xml:1589 sssd-ad.5.xml:621 sssd-ad.5.xml:730 sssd-ad.5.xml:788
 2078 #: sssd-ad.5.xml:846 sssd-ad.5.xml:924
 2079 msgid "Default: the default set of PAM service names includes:"
 2080 msgstr ""
 2081 
 2082 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2083 #: sssd.conf.5.xml:1594 sssd-ad.5.xml:625
 2084 msgid "login"
 2085 msgstr ""
 2086 
 2087 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2088 #: sssd.conf.5.xml:1599 sssd-ad.5.xml:630
 2089 msgid "su"
 2090 msgstr ""
 2091 
 2092 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2093 #: sssd.conf.5.xml:1604 sssd-ad.5.xml:635
 2094 msgid "su-l"
 2095 msgstr ""
 2096 
 2097 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2098 #: sssd.conf.5.xml:1609 sssd-ad.5.xml:650
 2099 msgid "gdm-smartcard"
 2100 msgstr ""
 2101 
 2102 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2103 #: sssd.conf.5.xml:1614 sssd-ad.5.xml:645
 2104 msgid "gdm-password"
 2105 msgstr ""
 2106 
 2107 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2108 #: sssd.conf.5.xml:1619 sssd-ad.5.xml:655
 2109 msgid "kdm"
 2110 msgstr ""
 2111 
 2112 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2113 #: sssd.conf.5.xml:1624 sssd-ad.5.xml:933
 2114 msgid "sudo"
 2115 msgstr ""
 2116 
 2117 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2118 #: sssd.conf.5.xml:1629 sssd-ad.5.xml:938
 2119 msgid "sudo-i"
 2120 msgstr ""
 2121 
 2122 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2123 #: sssd.conf.5.xml:1634
 2124 msgid "gnome-screensaver"
 2125 msgstr ""
 2126 
 2127 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2128 #: sssd.conf.5.xml:1642
 2129 msgid "p11_wait_for_card_timeout (integer)"
 2130 msgstr ""
 2131 
 2132 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2133 #: sssd.conf.5.xml:1645
 2134 msgid ""
 2135 "If Smartcard authentication is required how many extra seconds in addition "
 2136 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
 2137 "inserted."
 2138 msgstr ""
 2139 
 2140 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2141 #: sssd.conf.5.xml:1656
 2142 msgid "p11_uri (string)"
 2143 msgstr ""
 2144 
 2145 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2146 #: sssd.conf.5.xml:1659
 2147 msgid ""
 2148 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 2149 "selection of devices used for Smartcard authentication. By default SSSD's "
 2150 "p11_child will search for a PKCS#11 slot (reader)  where the 'removable' "
 2151 "flags is set and read the certificates from the inserted token from the "
 2152 "first slot found. If multiple readers are connected p11_uri can be used to "
 2153 "tell p11_child to use a specific reader."
 2154 msgstr ""
 2155 
 2156 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2157 #: sssd.conf.5.xml:1672
 2158 #, no-wrap
 2159 msgid ""
 2160 "p11_uri = slot-description=My%20Smartcard%20Reader\n"
 2161 "                            "
 2162 msgstr ""
 2163 
 2164 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2165 #: sssd.conf.5.xml:1676
 2166 #, no-wrap
 2167 msgid ""
 2168 "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
 2169 "                            "
 2170 msgstr ""
 2171 
 2172 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2173 #: sssd.conf.5.xml:1670
 2174 msgid ""
 2175 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 2176 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
 2177 "debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' "
 2178 "with e.g. the '--list-all' will show PKCS#11 URIs as well."
 2179 msgstr ""
 2180 
 2181 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2182 #: sssd.conf.5.xml:1689
 2183 msgid "pam_initgroups_scheme"
 2184 msgstr ""
 2185 
 2186 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2187 #: sssd.conf.5.xml:1697
 2188 msgid "always"
 2189 msgstr ""
 2190 
 2191 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2192 #: sssd.conf.5.xml:1698
 2193 msgid ""
 2194 "Always do an online lookup, please note that pam_id_timeout still applies"
 2195 msgstr ""
 2196 
 2197 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2198 #: sssd.conf.5.xml:1702
 2199 msgid "no_session"
 2200 msgstr ""
 2201 
 2202 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2203 #: sssd.conf.5.xml:1703
 2204 msgid ""
 2205 "Only do an online lookup if there is no active session of the user, i.e. if "
 2206 "the user is currently not logged in"
 2207 msgstr ""
 2208 
 2209 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2210 #: sssd.conf.5.xml:1708
 2211 msgid "never"
 2212 msgstr ""
 2213 
 2214 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2215 #: sssd.conf.5.xml:1709
 2216 msgid ""
 2217 "Never force an online lookup, use the data from the cache as long as they "
 2218 "are not expired"
 2219 msgstr ""
 2220 
 2221 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2222 #: sssd.conf.5.xml:1692
 2223 msgid ""
 2224 "The PAM responder can force an online lookup to get the current group "
 2225 "memberships of the user trying to log in. This option controls when this "
 2226 "should be done and the following values are allowed: <placeholder type="
 2227 "\"variablelist\" id=\"0\"/>"
 2228 msgstr ""
 2229 
 2230 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2231 #: sssd.conf.5.xml:1716
 2232 msgid "Default: no_session"
 2233 msgstr ""
 2234 
 2235 #. type: Content of: <reference><refentry><refsect1><para>
 2236 #: sssd.conf.5.xml:1721 sssd.conf.5.xml:3929
 2237 msgid "pam_gssapi_services"
 2238 msgstr ""
 2239 
 2240 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2241 #: sssd.conf.5.xml:1724
 2242 msgid ""
 2243 "Comma separated list of PAM services that are allowed to try GSSAPI "
 2244 "authentication using pam_sss_gss.so module."
 2245 msgstr ""
 2246 
 2247 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2248 #: sssd.conf.5.xml:1729
 2249 msgid ""
 2250 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 2251 msgstr ""
 2252 
 2253 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2254 #: sssd.conf.5.xml:1733 sssd.conf.5.xml:1764 sssd.conf.5.xml:1802
 2255 msgid ""
 2256 "Note: This option can also be set per-domain which overwrites the value in "
 2257 "[pam] section. It can also be set for trusted domain which overwrites the "
 2258 "value in the domain section."
 2259 msgstr ""
 2260 
 2261 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2262 #: sssd.conf.5.xml:1741
 2263 #, no-wrap
 2264 msgid ""
 2265 "pam_gssapi_services = sudo, sudo-i\n"
 2266 "                            "
 2267 msgstr ""
 2268 
 2269 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2270 #: sssd.conf.5.xml:1739 sssd.conf.5.xml:3457 sssd-secrets.5.xml:448
 2271 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 2272 msgstr ""
 2273 
 2274 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2275 #: sssd.conf.5.xml:1745
 2276 msgid "Default: - (GSSAPI authentication is disabled)"
 2277 msgstr ""
 2278 
 2279 #. type: Content of: <reference><refentry><refsect1><para>
 2280 #: sssd.conf.5.xml:1750 sssd.conf.5.xml:3930
 2281 msgid "pam_gssapi_check_upn"
 2282 msgstr ""
 2283 
 2284 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2285 #: sssd.conf.5.xml:1753
 2286 msgid ""
 2287 "If True, SSSD will require that the Kerberos user principal that "
 2288 "successfully authenticated through GSSAPI can be associated with the user "
 2289 "who is being authenticated. Authentication will fail if the check fails."
 2290 msgstr ""
 2291 
 2292 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2293 #: sssd.conf.5.xml:1760
 2294 msgid ""
 2295 "If False, every user that is able to obtained required service ticket will "
 2296 "be authenticated."
 2297 msgstr ""
 2298 
 2299 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2300 #: sssd.conf.5.xml:1770 sssd-ad.5.xml:1243 sss_rpcidmapd.5.xml:76
 2301 msgid "Default: True"
 2302 msgstr ""
 2303 
 2304 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2305 #: sssd.conf.5.xml:1775
 2306 msgid "pam_gssapi_indicators_map"
 2307 msgstr ""
 2308 
 2309 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2310 #: sssd.conf.5.xml:1778
 2311 msgid ""
 2312 "Comma separated list of authentication indicators required to be present in "
 2313 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
 2314 "authentication using pam_sss_gss.so module."
 2315 msgstr ""
 2316 
 2317 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2318 #: sssd.conf.5.xml:1784
 2319 msgid ""
 2320 "Each element of the list can be either an authentication indicator name or a "
 2321 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
 2322 "service name will be required to access any PAM service configured to be "
 2323 "used with <option>pam_gssapi_services</option>. A resulting list of "
 2324 "indicators per PAM service is then checked against indicators in the "
 2325 "Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from "
 2326 "the ticket that matches the resulting list of indicators for the PAM service "
 2327 "would grant access. If none of the indicators in the list match, access will "
 2328 "be denied. If the resulting list of indicators for the PAM service is empty, "
 2329 "the check will not prevent the access."
 2330 msgstr ""
 2331 
 2332 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2333 #: sssd.conf.5.xml:1797
 2334 msgid ""
 2335 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 2336 "</quote> (dash). To disable the check for a specific PAM service, add "
 2337 "<quote>service:-</quote>."
 2338 msgstr ""
 2339 
 2340 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2341 #: sssd.conf.5.xml:1808
 2342 msgid ""
 2343 "Following authentication indicators are supported by IPA Kerberos "
 2344 "deployments:"
 2345 msgstr ""
 2346 
 2347 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2348 #: sssd.conf.5.xml:1811
 2349 msgid ""
 2350 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 2351 "files or on smart cards."
 2352 msgstr ""
 2353 
 2354 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2355 #: sssd.conf.5.xml:1814
 2356 msgid ""
 2357 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 2358 "FAST channel."
 2359 msgstr ""
 2360 
 2361 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2362 #: sssd.conf.5.xml:1817
 2363 msgid "radius -- pre-authentication with the help of a RADIUS server."
 2364 msgstr ""
 2365 
 2366 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2367 #: sssd.conf.5.xml:1820
 2368 msgid ""
 2369 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 2370 "one-time password, OTP) in IPA."
 2371 msgstr ""
 2372 
 2373 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2374 #: sssd.conf.5.xml:1830
 2375 #, no-wrap
 2376 msgid ""
 2377 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
 2378 "                            "
 2379 msgstr ""
 2380 
 2381 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2382 #: sssd.conf.5.xml:1825
 2383 msgid ""
 2384 "Example: to require access to SUDO services only for users which obtained "
 2385 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
 2386 "set <placeholder type=\"programlisting\" id=\"0\"/>"
 2387 msgstr ""
 2388 
 2389 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2390 #: sssd.conf.5.xml:1834
 2391 msgid "Default: not set (use of authentication indicators is not required)"
 2392 msgstr ""
 2393 
 2394 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2395 #: sssd.conf.5.xml:1842
 2396 msgid "SUDO configuration options"
 2397 msgstr ""
 2398 
 2399 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2400 #: sssd.conf.5.xml:1844
 2401 msgid ""
 2402 "These options can be used to configure the sudo service.  The detailed "
 2403 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
 2404 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
 2405 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 2406 "</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
 2407 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2408 msgstr ""
 2409 
 2410 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2411 #: sssd.conf.5.xml:1861
 2412 msgid "sudo_timed (bool)"
 2413 msgstr ""
 2414 
 2415 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2416 #: sssd.conf.5.xml:1864
 2417 msgid ""
 2418 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 2419 "that implement time-dependent sudoers entries."
 2420 msgstr ""
 2421 
 2422 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2423 #: sssd.conf.5.xml:1876
 2424 msgid "sudo_threshold (integer)"
 2425 msgstr ""
 2426 
 2427 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2428 #: sssd.conf.5.xml:1879
 2429 msgid ""
 2430 "Maximum number of expired rules that can be refreshed at once. If number of "
 2431 "expired rules is below threshold, those rules are refreshed with "
 2432 "<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
 2433 "<quote>full refresh</quote> of sudo rules is triggered instead. This "
 2434 "threshold number also applies to IPA sudo command and command group searches."
 2435 msgstr ""
 2436 
 2437 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2438 #: sssd.conf.5.xml:1898
 2439 msgid "AUTOFS configuration options"
 2440 msgstr ""
 2441 
 2442 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2443 #: sssd.conf.5.xml:1900
 2444 msgid "These options can be used to configure the autofs service."
 2445 msgstr ""
 2446 
 2447 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2448 #: sssd.conf.5.xml:1904
 2449 msgid "autofs_negative_timeout (integer)"
 2450 msgstr ""
 2451 
 2452 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2453 #: sssd.conf.5.xml:1907
 2454 msgid ""
 2455 "Specifies for how many seconds should the autofs responder negative cache "
 2456 "hits (that is, queries for invalid map entries, like nonexistent ones) "
 2457 "before asking the back end again."
 2458 msgstr ""
 2459 
 2460 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2461 #: sssd.conf.5.xml:1923
 2462 msgid "SSH configuration options"
 2463 msgstr ""
 2464 
 2465 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2466 #: sssd.conf.5.xml:1925
 2467 msgid "These options can be used to configure the SSH service."
 2468 msgstr ""
 2469 
 2470 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2471 #: sssd.conf.5.xml:1929
 2472 msgid "ssh_hash_known_hosts (bool)"
 2473 msgstr ""
 2474 
 2475 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2476 #: sssd.conf.5.xml:1932
 2477 msgid ""
 2478 "Whether or not to hash host names and addresses in the managed known_hosts "
 2479 "file."
 2480 msgstr ""
 2481 
 2482 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2483 #: sssd.conf.5.xml:1941
 2484 msgid "ssh_known_hosts_timeout (integer)"
 2485 msgstr ""
 2486 
 2487 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2488 #: sssd.conf.5.xml:1944
 2489 msgid ""
 2490 "How many seconds to keep a host in the managed known_hosts file after its "
 2491 "host keys were requested."
 2492 msgstr ""
 2493 
 2494 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2495 #: sssd.conf.5.xml:1948
 2496 msgid "Default: 180"
 2497 msgstr ""
 2498 
 2499 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2500 #: sssd.conf.5.xml:1953
 2501 msgid "ssh_use_certificate_keys (bool)"
 2502 msgstr ""
 2503 
 2504 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2505 #: sssd.conf.5.xml:1956
 2506 msgid ""
 2507 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 2508 "keys derived from the public key of X.509 certificates stored in the user "
 2509 "entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 2510 "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
 2511 msgstr ""
 2512 
 2513 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2514 #: sssd.conf.5.xml:1971
 2515 msgid "ssh_use_certificate_matching_rules (string)"
 2516 msgstr ""
 2517 
 2518 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2519 #: sssd.conf.5.xml:1974
 2520 msgid ""
 2521 "By default the ssh responder will use all available certificate matching "
 2522 "rules to filter the certificates so that ssh keys are only derived from the "
 2523 "matching ones. With this option the used rules can be restricted with a "
 2524 "comma separated list of mapping and matching rule names. All other rules "
 2525 "will be ignored."
 2526 msgstr ""
 2527 
 2528 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2529 #: sssd.conf.5.xml:1983
 2530 msgid ""
 2531 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 2532 "all or no rules, respectively. The latter means that no certificates will be "
 2533 "filtered out and ssh keys will be generated from all valid certificates."
 2534 msgstr ""
 2535 
 2536 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2537 #: sssd.conf.5.xml:1990
 2538 msgid ""
 2539 "If no rules are configured using 'all_rules' will enable a default rule "
 2540 "which enables all certificates suitable for client authentication.  This is "
 2541 "the same behavior as for the PAM responder if certificate authentication is "
 2542 "enabled."
 2543 msgstr ""
 2544 
 2545 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2546 #: sssd.conf.5.xml:1997
 2547 msgid ""
 2548 "A non-existing rule name is considered an error.  If as a result no rule is "
 2549 "selected all certificates will be ignored."
 2550 msgstr ""
 2551 
 2552 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2553 #: sssd.conf.5.xml:2002
 2554 msgid ""
 2555 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 2556 "rule are used"
 2557 msgstr ""
 2558 
 2559 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2560 #: sssd.conf.5.xml:2008
 2561 msgid "ca_db (string)"
 2562 msgstr ""
 2563 
 2564 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2565 #: sssd.conf.5.xml:2011
 2566 msgid ""
 2567 "Path to a storage of trusted CA certificates. The option is used to validate "
 2568 "user certificates before deriving public ssh keys from them."
 2569 msgstr ""
 2570 
 2571 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2572 #: sssd.conf.5.xml:2031
 2573 msgid "PAC responder configuration options"
 2574 msgstr ""
 2575 
 2576 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2577 #: sssd.conf.5.xml:2033
 2578 msgid ""
 2579 "The PAC responder works together with the authorization data plugin for MIT "
 2580 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
 2581 "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
 2582 "provider collects domain SID and ID ranges of the domain the client is "
 2583 "joined to and of remote trusted domains from the local domain controller. If "
 2584 "the PAC is decoded and evaluated some of the following operations are done:"
 2585 msgstr ""
 2586 
 2587 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2588 #: sssd.conf.5.xml:2042
 2589 msgid ""
 2590 "If the remote user does not exist in the cache, it is created. The UID is "
 2591 "determined with the help of the SID, trusted domains will have UPGs and the "
 2592 "GID will have the same value as the UID. The home directory is set based on "
 2593 "the subdomain_homedir parameter. The shell will be empty by default, i.e. "
 2594 "the system defaults are used, but can be overwritten with the default_shell "
 2595 "parameter."
 2596 msgstr ""
 2597 
 2598 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2599 #: sssd.conf.5.xml:2050
 2600 msgid ""
 2601 "If there are SIDs of groups from domains sssd knows about, the user will be "
 2602 "added to those groups."
 2603 msgstr ""
 2604 
 2605 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2606 #: sssd.conf.5.xml:2056
 2607 msgid "These options can be used to configure the PAC responder."
 2608 msgstr ""
 2609 
 2610 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2611 #: sssd.conf.5.xml:2060 sssd-ifp.5.xml:50
 2612 msgid "allowed_uids (string)"
 2613 msgstr ""
 2614 
 2615 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2616 #: sssd.conf.5.xml:2063
 2617 msgid ""
 2618 "Specifies the comma-separated list of UID values or user names that are "
 2619 "allowed to access the PAC responder. User names are resolved to UIDs at "
 2620 "startup."
 2621 msgstr ""
 2622 
 2623 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2624 #: sssd.conf.5.xml:2069
 2625 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 2626 msgstr ""
 2627 
 2628 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2629 #: sssd.conf.5.xml:2073
 2630 msgid ""
 2631 "Please note that although the UID 0 is used as the default it will be "
 2632 "overwritten with this option. If you still want to allow the root user to "
 2633 "access the PAC responder, which would be the typical case, you have to add 0 "
 2634 "to the list of allowed UIDs as well."
 2635 msgstr ""
 2636 
 2637 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2638 #: sssd.conf.5.xml:2082
 2639 msgid "pac_lifetime (integer)"
 2640 msgstr ""
 2641 
 2642 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2643 #: sssd.conf.5.xml:2085
 2644 msgid ""
 2645 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 2646 "data can be used to determine the group memberships of a user."
 2647 msgstr ""
 2648 
 2649 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2650 #: sssd.conf.5.xml:2098
 2651 msgid "Session recording configuration options"
 2652 msgstr ""
 2653 
 2654 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2655 #: sssd.conf.5.xml:2100
 2656 msgid ""
 2657 "Session recording works in conjunction with <citerefentry> "
 2658 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
 2659 "citerefentry>, a part of tlog package, to log what users see and type when "
 2660 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 2661 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2662 msgstr ""
 2663 
 2664 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2665 #: sssd.conf.5.xml:2113
 2666 msgid "These options can be used to configure session recording."
 2667 msgstr ""
 2668 
 2669 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2670 #: sssd.conf.5.xml:2117 sssd-session-recording.5.xml:64
 2671 msgid "scope (string)"
 2672 msgstr ""
 2673 
 2674 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2675 #: sssd.conf.5.xml:2124 sssd-session-recording.5.xml:71
 2676 msgid "\"none\""
 2677 msgstr ""
 2678 
 2679 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2680 #: sssd.conf.5.xml:2127 sssd-session-recording.5.xml:74
 2681 msgid "No users are recorded."
 2682 msgstr ""
 2683 
 2684 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2685 #: sssd.conf.5.xml:2132 sssd-session-recording.5.xml:79
 2686 msgid "\"some\""
 2687 msgstr ""
 2688 
 2689 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2690 #: sssd.conf.5.xml:2135 sssd-session-recording.5.xml:82
 2691 msgid ""
 2692 "Users/groups specified by <replaceable>users</replaceable> and "
 2693 "<replaceable>groups</replaceable> options are recorded."
 2694 msgstr ""
 2695 
 2696 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2697 #: sssd.conf.5.xml:2144 sssd-session-recording.5.xml:91
 2698 msgid "\"all\""
 2699 msgstr ""
 2700 
 2701 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2702 #: sssd.conf.5.xml:2147 sssd-session-recording.5.xml:94
 2703 msgid "All users are recorded."
 2704 msgstr ""
 2705 
 2706 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2707 #: sssd.conf.5.xml:2120 sssd-session-recording.5.xml:67
 2708 msgid ""
 2709 "One of the following strings specifying the scope of session recording: "
 2710 "<placeholder type=\"variablelist\" id=\"0\"/>"
 2711 msgstr ""
 2712 
 2713 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2714 #: sssd.conf.5.xml:2154 sssd-session-recording.5.xml:101
 2715 msgid "Default: \"none\""
 2716 msgstr ""
 2717 
 2718 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2719 #: sssd.conf.5.xml:2159 sssd-session-recording.5.xml:106
 2720 msgid "users (string)"
 2721 msgstr ""
 2722 
 2723 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2724 #: sssd.conf.5.xml:2162 sssd-session-recording.5.xml:109
 2725 msgid ""
 2726 "A comma-separated list of users which should have session recording enabled. "
 2727 "Matches user names as returned by NSS. I.e. after the possible space "
 2728 "replacement, case changes, etc."
 2729 msgstr ""
 2730 
 2731 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2732 #: sssd.conf.5.xml:2168 sssd-session-recording.5.xml:115
 2733 msgid "Default: Empty. Matches no users."
 2734 msgstr ""
 2735 
 2736 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2737 #: sssd.conf.5.xml:2173 sssd-session-recording.5.xml:120
 2738 msgid "groups (string)"
 2739 msgstr ""
 2740 
 2741 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2742 #: sssd.conf.5.xml:2176 sssd-session-recording.5.xml:123
 2743 msgid ""
 2744 "A comma-separated list of groups, members of which should have session "
 2745 "recording enabled. Matches group names as returned by NSS. I.e. after the "
 2746 "possible space replacement, case changes, etc."
 2747 msgstr ""
 2748 
 2749 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2750 #: sssd.conf.5.xml:2182 sssd.conf.5.xml:2214 sssd-session-recording.5.xml:129
 2751 #: sssd-session-recording.5.xml:161
 2752 msgid ""
 2753 "NOTE: using this option (having it set to anything) has a considerable "
 2754 "performance cost, because each uncached request for a user requires "
 2755 "retrieving and matching the groups the user is member of."
 2756 msgstr ""
 2757 
 2758 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2759 #: sssd.conf.5.xml:2189 sssd-session-recording.5.xml:136
 2760 msgid "Default: Empty. Matches no groups."
 2761 msgstr ""
 2762 
 2763 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2764 #: sssd.conf.5.xml:2194 sssd-session-recording.5.xml:141
 2765 #, fuzzy
 2766 #| msgid "re_expression (string)"
 2767 msgid "exclude_users (string)"
 2768 msgstr "re_expression (tekst)"
 2769 
 2770 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2771 #: sssd.conf.5.xml:2197 sssd-session-recording.5.xml:144
 2772 msgid ""
 2773 "A comma-separated list of users to be excluded from recording, only "
 2774 "applicable with 'scope=all'."
 2775 msgstr ""
 2776 
 2777 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2778 #: sssd.conf.5.xml:2201 sssd-session-recording.5.xml:148
 2779 msgid "Default: Empty. No users excluded."
 2780 msgstr ""
 2781 
 2782 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2783 #: sssd.conf.5.xml:2206 sssd-session-recording.5.xml:153
 2784 msgid "exclude_groups (string)"
 2785 msgstr ""
 2786 
 2787 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2788 #: sssd.conf.5.xml:2209 sssd-session-recording.5.xml:156
 2789 msgid ""
 2790 "A comma-separated list of groups, members of which should be excluded from "
 2791 "recording. Only applicable with 'scope=all'."
 2792 msgstr ""
 2793 
 2794 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2795 #: sssd.conf.5.xml:2221 sssd-session-recording.5.xml:168
 2796 msgid "Default: Empty. No groups excluded."
 2797 msgstr ""
 2798 
 2799 #. type: Content of: <reference><refentry><refsect1><title>
 2800 #: sssd.conf.5.xml:2231
 2801 msgid "DOMAIN SECTIONS"
 2802 msgstr ""
 2803 
 2804 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2805 #: sssd.conf.5.xml:2238
 2806 msgid "enabled"
 2807 msgstr ""
 2808 
 2809 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2810 #: sssd.conf.5.xml:2241
 2811 msgid ""
 2812 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 2813 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
 2814 "always <quote>disabled</quote>. If this option is not set, the domain is "
 2815 "enabled only if it is listed in the domains option in the <quote>[sssd]</"
 2816 "quote> section."
 2817 msgstr ""
 2818 
 2819 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2820 #: sssd.conf.5.xml:2253
 2821 msgid "domain_type (string)"
 2822 msgstr ""
 2823 
 2824 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2825 #: sssd.conf.5.xml:2256
 2826 msgid ""
 2827 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 2828 "as the Name Service Switch or by applications that do not need POSIX data to "
 2829 "be present or generated. Only objects from POSIX domains are available to "
 2830 "the operating system interfaces and utilities."
 2831 msgstr ""
 2832 
 2833 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2834 #: sssd.conf.5.xml:2264
 2835 msgid ""
 2836 "Allowed values for this option are <quote>posix</quote> and "
 2837 "<quote>application</quote>."
 2838 msgstr ""
 2839 
 2840 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2841 #: sssd.conf.5.xml:2268
 2842 msgid ""
 2843 "POSIX domains are reachable by all services. Application domains are only "
 2844 "reachable from the InfoPipe responder (see <citerefentry> "
 2845 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 2846 "citerefentry>) and the PAM responder."
 2847 msgstr ""
 2848 
 2849 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2850 #: sssd.conf.5.xml:2276
 2851 msgid ""
 2852 "NOTE: The application domains are currently well tested with "
 2853 "<quote>id_provider=ldap</quote> only."
 2854 msgstr ""
 2855 
 2856 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2857 #: sssd.conf.5.xml:2280
 2858 msgid ""
 2859 "For an easy way to configure a non-POSIX domains, please see the "
 2860 "<quote>Application domains</quote> section."
 2861 msgstr ""
 2862 
 2863 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2864 #: sssd.conf.5.xml:2284
 2865 msgid "Default: posix"
 2866 msgstr ""
 2867 
 2868 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2869 #: sssd.conf.5.xml:2290
 2870 msgid "min_id,max_id (integer)"
 2871 msgstr ""
 2872 
 2873 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2874 #: sssd.conf.5.xml:2293
 2875 msgid ""
 2876 "UID and GID limits for the domain. If a domain contains an entry that is "
 2877 "outside these limits, it is ignored."
 2878 msgstr ""
 2879 
 2880 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2881 #: sssd.conf.5.xml:2298
 2882 msgid ""
 2883 "For users, this affects the primary GID limit. The user will not be returned "
 2884 "to NSS if either the UID or the primary GID is outside the range. For non-"
 2885 "primary group memberships, those that are in range will be reported as "
 2886 "expected."
 2887 msgstr ""
 2888 
 2889 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2890 #: sssd.conf.5.xml:2305
 2891 msgid ""
 2892 "These ID limits affect even saving entries to cache, not only returning them "
 2893 "by name or ID."
 2894 msgstr ""
 2895 
 2896 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2897 #: sssd.conf.5.xml:2309
 2898 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 2899 msgstr ""
 2900 
 2901 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2902 #: sssd.conf.5.xml:2315
 2903 msgid "enumerate (bool)"
 2904 msgstr ""
 2905 
 2906 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2907 #: sssd.conf.5.xml:2318
 2908 msgid ""
 2909 "Determines if a domain can be enumerated, that is, whether the domain can "
 2910 "list all the users and group it contains. Note that it is not required to "
 2911 "enable enumeration in order for secondary groups to be displayed. This "
 2912 "parameter can have one of the following values:"
 2913 msgstr ""
 2914 
 2915 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2916 #: sssd.conf.5.xml:2326
 2917 msgid "TRUE = Users and groups are enumerated"
 2918 msgstr ""
 2919 
 2920 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2921 #: sssd.conf.5.xml:2329
 2922 msgid "FALSE = No enumerations for this domain"
 2923 msgstr ""
 2924 
 2925 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2926 #: sssd.conf.5.xml:2332 sssd.conf.5.xml:2602 sssd.conf.5.xml:2778
 2927 msgid "Default: FALSE"
 2928 msgstr ""
 2929 
 2930 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2931 #: sssd.conf.5.xml:2335
 2932 msgid ""
 2933 "Enumerating a domain requires SSSD to download and store ALL user and group "
 2934 "entries from the remote server."
 2935 msgstr ""
 2936 
 2937 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2938 #: sssd.conf.5.xml:2340
 2939 msgid ""
 2940 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 2941 "enumeration is running. It may take up to several minutes after SSSD startup "
 2942 "to fully complete enumerations.  During this time, individual requests for "
 2943 "information will go directly to LDAP, though it may be slow, due to the "
 2944 "heavy enumeration processing. Saving a large number of entries to cache "
 2945 "after the enumeration completes might also be CPU intensive as the "
 2946 "memberships have to be recomputed. This can lead to the <quote>sssd_be</"
 2947 "quote> process becoming unresponsive or even restarted by the internal "
 2948 "watchdog."
 2949 msgstr ""
 2950 
 2951 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2952 #: sssd.conf.5.xml:2355
 2953 msgid ""
 2954 "While the first enumeration is running, requests for the complete user or "
 2955 "group lists may return no results until it completes."
 2956 msgstr ""
 2957 
 2958 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2959 #: sssd.conf.5.xml:2360
 2960 msgid ""
 2961 "Further, enabling enumeration may increase the time necessary to detect "
 2962 "network disconnection, as longer timeouts are required to ensure that "
 2963 "enumeration lookups are completed successfully.  For more information, refer "
 2964 "to the man pages for the specific id_provider in use."
 2965 msgstr ""
 2966 
 2967 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2968 #: sssd.conf.5.xml:2368
 2969 msgid ""
 2970 "For the reasons cited above, enabling enumeration is not recommended, "
 2971 "especially in large environments."
 2972 msgstr ""
 2973 
 2974 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2975 #: sssd.conf.5.xml:2376
 2976 msgid "subdomain_enumerate (string)"
 2977 msgstr ""
 2978 
 2979 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2980 #: sssd.conf.5.xml:2383
 2981 msgid "all"
 2982 msgstr ""
 2983 
 2984 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2985 #: sssd.conf.5.xml:2384
 2986 msgid "All discovered trusted domains will be enumerated"
 2987 msgstr ""
 2988 
 2989 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2990 #: sssd.conf.5.xml:2387
 2991 msgid "none"
 2992 msgstr ""
 2993 
 2994 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2995 #: sssd.conf.5.xml:2388
 2996 msgid "No discovered trusted domains will be enumerated"
 2997 msgstr ""
 2998 
 2999 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3000 #: sssd.conf.5.xml:2379
 3001 msgid ""
 3002 "Whether any of autodetected trusted domains should be enumerated. The "
 3003 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
 3004 "Optionally, a list of one or more domain names can enable enumeration just "
 3005 "for these trusted domains."
 3006 msgstr ""
 3007 
 3008 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3009 #: sssd.conf.5.xml:2402
 3010 msgid "entry_cache_timeout (integer)"
 3011 msgstr ""
 3012 
 3013 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3014 #: sssd.conf.5.xml:2405
 3015 msgid ""
 3016 "How many seconds should nss_sss consider entries valid before asking the "
 3017 "backend again"
 3018 msgstr ""
 3019 
 3020 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3021 #: sssd.conf.5.xml:2409
 3022 msgid ""
 3023 "The cache expiration timestamps are stored as attributes of individual "
 3024 "objects in the cache. Therefore, changing the cache timeout only has effect "
 3025 "for newly added or expired entries.  You should run the <citerefentry> "
 3026 "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
 3027 "citerefentry> tool in order to force refresh of entries that have already "
 3028 "been cached."
 3029 msgstr ""
 3030 
 3031 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3032 #: sssd.conf.5.xml:2422
 3033 msgid "Default: 5400"
 3034 msgstr ""
 3035 
 3036 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3037 #: sssd.conf.5.xml:2428
 3038 msgid "entry_cache_user_timeout (integer)"
 3039 msgstr ""
 3040 
 3041 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3042 #: sssd.conf.5.xml:2431
 3043 msgid ""
 3044 "How many seconds should nss_sss consider user entries valid before asking "
 3045 "the backend again"
 3046 msgstr ""
 3047 
 3048 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3049 #: sssd.conf.5.xml:2435 sssd.conf.5.xml:2448 sssd.conf.5.xml:2461
 3050 #: sssd.conf.5.xml:2474 sssd.conf.5.xml:2488 sssd.conf.5.xml:2501
 3051 #: sssd.conf.5.xml:2515 sssd.conf.5.xml:2529 sssd.conf.5.xml:2542
 3052 msgid "Default: entry_cache_timeout"
 3053 msgstr ""
 3054 
 3055 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3056 #: sssd.conf.5.xml:2441
 3057 msgid "entry_cache_group_timeout (integer)"
 3058 msgstr ""
 3059 
 3060 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3061 #: sssd.conf.5.xml:2444
 3062 msgid ""
 3063 "How many seconds should nss_sss consider group entries valid before asking "
 3064 "the backend again"
 3065 msgstr ""
 3066 
 3067 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3068 #: sssd.conf.5.xml:2454
 3069 msgid "entry_cache_netgroup_timeout (integer)"
 3070 msgstr ""
 3071 
 3072 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3073 #: sssd.conf.5.xml:2457
 3074 msgid ""
 3075 "How many seconds should nss_sss consider netgroup entries valid before "
 3076 "asking the backend again"
 3077 msgstr ""
 3078 
 3079 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3080 #: sssd.conf.5.xml:2467
 3081 msgid "entry_cache_service_timeout (integer)"
 3082 msgstr ""
 3083 
 3084 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3085 #: sssd.conf.5.xml:2470
 3086 msgid ""
 3087 "How many seconds should nss_sss consider service entries valid before asking "
 3088 "the backend again"
 3089 msgstr ""
 3090 
 3091 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3092 #: sssd.conf.5.xml:2480
 3093 msgid "entry_cache_resolver_timeout (integer)"
 3094 msgstr ""
 3095 
 3096 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3097 #: sssd.conf.5.xml:2483
 3098 msgid ""
 3099 "How many seconds should nss_sss consider hosts and networks entries valid "
 3100 "before asking the backend again"
 3101 msgstr ""
 3102 
 3103 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3104 #: sssd.conf.5.xml:2494
 3105 msgid "entry_cache_sudo_timeout (integer)"
 3106 msgstr ""
 3107 
 3108 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3109 #: sssd.conf.5.xml:2497
 3110 msgid ""
 3111 "How many seconds should sudo consider rules valid before asking the backend "
 3112 "again"
 3113 msgstr ""
 3114 
 3115 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3116 #: sssd.conf.5.xml:2507
 3117 msgid "entry_cache_autofs_timeout (integer)"
 3118 msgstr ""
 3119 
 3120 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3121 #: sssd.conf.5.xml:2510
 3122 msgid ""
 3123 "How many seconds should the autofs service consider automounter maps valid "
 3124 "before asking the backend again"
 3125 msgstr ""
 3126 
 3127 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3128 #: sssd.conf.5.xml:2521
 3129 msgid "entry_cache_ssh_host_timeout (integer)"
 3130 msgstr ""
 3131 
 3132 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3133 #: sssd.conf.5.xml:2524
 3134 msgid ""
 3135 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 3136 "the host key for."
 3137 msgstr ""
 3138 
 3139 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3140 #: sssd.conf.5.xml:2535
 3141 msgid "entry_cache_computer_timeout (integer)"
 3142 msgstr ""
 3143 
 3144 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3145 #: sssd.conf.5.xml:2538
 3146 msgid ""
 3147 "How many seconds to keep the local computer entry before asking the backend "
 3148 "again"
 3149 msgstr ""
 3150 
 3151 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3152 #: sssd.conf.5.xml:2548
 3153 msgid "refresh_expired_interval (integer)"
 3154 msgstr ""
 3155 
 3156 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3157 #: sssd.conf.5.xml:2551
 3158 msgid ""
 3159 "Specifies how many seconds SSSD has to wait before triggering a background "
 3160 "refresh task which will refresh all expired or nearly expired records."
 3161 msgstr ""
 3162 
 3163 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3164 #: sssd.conf.5.xml:2556
 3165 msgid ""
 3166 "The background refresh will process users, groups and netgroups in the "
 3167 "cache. For users who have performed the initgroups (get group membership for "
 3168 "user, typically ran at login)  operation in the past, both the user entry "
 3169 "and the group membership are updated."
 3170 msgstr ""
 3171 
 3172 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3173 #: sssd.conf.5.xml:2564
 3174 msgid "This option is automatically inherited for all trusted domains."
 3175 msgstr ""
 3176 
 3177 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3178 #: sssd.conf.5.xml:2568
 3179 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 3180 msgstr ""
 3181 
 3182 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3183 #: sssd.conf.5.xml:2572
 3184 msgid ""
 3185 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 3186 "has already passed.  If there are existing cached entries, the background "
 3187 "task will refer to their original cache timeout values instead of current "
 3188 "configuration value.  This may lead to a situation in which background "
 3189 "refresh task appears to not be working. This is done by design to improve "
 3190 "offline mode operation and reuse of existing valid cache entries.  To make "
 3191 "this change instant the user may want to manually invalidate existing cache."
 3192 msgstr ""
 3193 
 3194 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3195 #: sssd.conf.5.xml:2585 sssd-ldap.5.xml:350 sssd-ipa.5.xml:269
 3196 msgid "Default: 0 (disabled)"
 3197 msgstr ""
 3198 
 3199 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3200 #: sssd.conf.5.xml:2591
 3201 msgid "cache_credentials (bool)"
 3202 msgstr ""
 3203 
 3204 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3205 #: sssd.conf.5.xml:2594
 3206 msgid "Determines if user credentials are also cached in the local LDB cache"
 3207 msgstr ""
 3208 
 3209 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3210 #: sssd.conf.5.xml:2598
 3211 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 3212 msgstr ""
 3213 
 3214 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3215 #: sssd.conf.5.xml:2608
 3216 msgid "cache_credentials_minimal_first_factor_length (int)"
 3217 msgstr ""
 3218 
 3219 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3220 #: sssd.conf.5.xml:2611
 3221 msgid ""
 3222 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 3223 "this value determines the minimal length the first authentication factor "
 3224 "(long term password) must have to be saved as SHA512 hash into the cache."
 3225 msgstr ""
 3226 
 3227 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3228 #: sssd.conf.5.xml:2618
 3229 msgid ""
 3230 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 3231 "the cache which would make them easy targets for brute-force attacks."
 3232 msgstr ""
 3233 
 3234 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3235 #: sssd.conf.5.xml:2629
 3236 msgid "account_cache_expiration (integer)"
 3237 msgstr ""
 3238 
 3239 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3240 #: sssd.conf.5.xml:2632
 3241 msgid ""
 3242 "Number of days entries are left in cache after last successful login before "
 3243 "being removed during a cleanup of the cache. 0 means keep forever.  The "
 3244 "value of this parameter must be greater than or equal to "
 3245 "offline_credentials_expiration."
 3246 msgstr ""
 3247 
 3248 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3249 #: sssd.conf.5.xml:2639
 3250 msgid "Default: 0 (unlimited)"
 3251 msgstr ""
 3252 
 3253 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3254 #: sssd.conf.5.xml:2644
 3255 msgid "pwd_expiration_warning (integer)"
 3256 msgstr ""
 3257 
 3258 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3259 #: sssd.conf.5.xml:2655
 3260 msgid ""
 3261 "Please note that the backend server has to provide information about the "
 3262 "expiration time of the password.  If this information is missing, sssd "
 3263 "cannot display a warning. Also an auth provider has to be configured for the "
 3264 "backend."
 3265 msgstr ""
 3266 
 3267 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3268 #: sssd.conf.5.xml:2662
 3269 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 3270 msgstr ""
 3271 
 3272 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3273 #: sssd.conf.5.xml:2668
 3274 msgid "id_provider (string)"
 3275 msgstr ""
 3276 
 3277 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3278 #: sssd.conf.5.xml:2671
 3279 msgid ""
 3280 "The identification provider used for the domain.  Supported ID providers are:"
 3281 msgstr ""
 3282 
 3283 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3284 #: sssd.conf.5.xml:2675
 3285 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 3286 msgstr ""
 3287 
 3288 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3289 #: sssd.conf.5.xml:2678
 3290 msgid ""
 3291 "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 3292 msgstr ""
 3293 
 3294 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3295 #: sssd.conf.5.xml:2682
 3296 msgid ""
 3297 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 3298 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3299 "information on how to mirror local users and groups into SSSD."
 3300 msgstr ""
 3301 
 3302 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3303 #: sssd.conf.5.xml:2690
 3304 msgid ""
 3305 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 3306 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3307 "information on configuring LDAP."
 3308 msgstr ""
 3309 
 3310 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3311 #: sssd.conf.5.xml:2698 sssd.conf.5.xml:2804 sssd.conf.5.xml:2859
 3312 #: sssd.conf.5.xml:2922
 3313 msgid ""
 3314 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 3315 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
 3316 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3317 "FreeIPA."
 3318 msgstr ""
 3319 
 3320 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3321 #: sssd.conf.5.xml:2707 sssd.conf.5.xml:2813 sssd.conf.5.xml:2868
 3322 #: sssd.conf.5.xml:2931
 3323 msgid ""
 3324 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 3325 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3326 "citerefentry> for more information on configuring Active Directory."
 3327 msgstr ""
 3328 
 3329 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3330 #: sssd.conf.5.xml:2718
 3331 msgid "use_fully_qualified_names (bool)"
 3332 msgstr ""
 3333 
 3334 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3335 #: sssd.conf.5.xml:2721
 3336 msgid ""
 3337 "Use the full name and domain (as formatted by the domain's full_name_format) "
 3338 "as the user's login name reported to NSS."
 3339 msgstr ""
 3340 
 3341 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3342 #: sssd.conf.5.xml:2726
 3343 msgid ""
 3344 "If set to TRUE, all requests to this domain must use fully qualified names. "
 3345 "For example, if used in LOCAL domain that contains a \"test\" user, "
 3346 "<command>getent passwd test</command> wouldn't find the user while "
 3347 "<command>getent passwd test@LOCAL</command> would."
 3348 msgstr ""
 3349 
 3350 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3351 #: sssd.conf.5.xml:2734
 3352 msgid ""
 3353 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 3354 "include nested netgroups without qualified names. For netgroups, all domains "
 3355 "will be searched when an unqualified name is requested."
 3356 msgstr ""
 3357 
 3358 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3359 #: sssd.conf.5.xml:2741
 3360 msgid ""
 3361 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 3362 "default_domain_suffix is used)"
 3363 msgstr ""
 3364 
 3365 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3366 #: sssd.conf.5.xml:2748
 3367 msgid "ignore_group_members (bool)"
 3368 msgstr ""
 3369 
 3370 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3371 #: sssd.conf.5.xml:2751
 3372 msgid "Do not return group members for group lookups."
 3373 msgstr ""
 3374 
 3375 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3376 #: sssd.conf.5.xml:2754
 3377 msgid ""
 3378 "If set to TRUE, the group membership attribute is not requested from the "
 3379 "ldap server, and group members are not returned when processing group lookup "
 3380 "calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
 3381 "<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
 3382 "<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
 3383 "citerefentry>.  As an effect, <quote>getent group $groupname</quote> would "
 3384 "return the requested group as if it was empty."
 3385 msgstr ""
 3386 
 3387 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3388 #: sssd.conf.5.xml:2772
 3389 msgid ""
 3390 "Enabling this option can also make access provider checks for group "
 3391 "membership significantly faster, especially for groups containing many "
 3392 "members."
 3393 msgstr ""
 3394 
 3395 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3396 #: sssd.conf.5.xml:2783
 3397 msgid "auth_provider (string)"
 3398 msgstr ""
 3399 
 3400 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3401 #: sssd.conf.5.xml:2786
 3402 msgid ""
 3403 "The authentication provider used for the domain.  Supported auth providers "
 3404 "are:"
 3405 msgstr ""
 3406 
 3407 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3408 #: sssd.conf.5.xml:2790 sssd.conf.5.xml:2852
 3409 msgid ""
 3410 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 3411 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3412 "citerefentry> for more information on configuring LDAP."
 3413 msgstr ""
 3414 
 3415 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3416 #: sssd.conf.5.xml:2797
 3417 msgid ""
 3418 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 3419 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3420 "citerefentry> for more information on configuring Kerberos."
 3421 msgstr ""
 3422 
 3423 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3424 #: sssd.conf.5.xml:2821
 3425 msgid ""
 3426 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 3427 msgstr ""
 3428 
 3429 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3430 #: sssd.conf.5.xml:2824
 3431 msgid "<quote>local</quote>: SSSD internal provider for local users"
 3432 msgstr ""
 3433 
 3434 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3435 #: sssd.conf.5.xml:2828
 3436 msgid "<quote>none</quote> disables authentication explicitly."
 3437 msgstr ""
 3438 
 3439 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3440 #: sssd.conf.5.xml:2831
 3441 msgid ""
 3442 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3443 "authentication requests."
 3444 msgstr ""
 3445 
 3446 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3447 #: sssd.conf.5.xml:2837
 3448 msgid "access_provider (string)"
 3449 msgstr ""
 3450 
 3451 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3452 #: sssd.conf.5.xml:2840
 3453 msgid ""
 3454 "The access control provider used for the domain.  There are two built-in "
 3455 "access providers (in addition to any included in installed backends)  "
 3456 "Internal special providers are:"
 3457 msgstr ""
 3458 
 3459 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3460 #: sssd.conf.5.xml:2846
 3461 msgid ""
 3462 "<quote>permit</quote> always allow access. It's the only permitted access "
 3463 "provider for a local domain."
 3464 msgstr ""
 3465 
 3466 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3467 #: sssd.conf.5.xml:2849
 3468 msgid "<quote>deny</quote> always deny access."
 3469 msgstr ""
 3470 
 3471 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3472 #: sssd.conf.5.xml:2876
 3473 msgid ""
 3474 "<quote>simple</quote> access control based on access or deny lists. See "
 3475 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 3476 "manvolnum></citerefentry> for more information on configuring the simple "
 3477 "access module."
 3478 msgstr ""
 3479 
 3480 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3481 #: sssd.conf.5.xml:2883
 3482 msgid ""
 3483 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 3484 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 3485 "citerefentry> for more information on configuring Kerberos."
 3486 msgstr ""
 3487 
 3488 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3489 #: sssd.conf.5.xml:2890
 3490 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 3491 msgstr ""
 3492 
 3493 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3494 #: sssd.conf.5.xml:2893
 3495 msgid "Default: <quote>permit</quote>"
 3496 msgstr ""
 3497 
 3498 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3499 #: sssd.conf.5.xml:2898
 3500 msgid "chpass_provider (string)"
 3501 msgstr ""
 3502 
 3503 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3504 #: sssd.conf.5.xml:2901
 3505 msgid ""
 3506 "The provider which should handle change password operations for the domain.  "
 3507 "Supported change password providers are:"
 3508 msgstr ""
 3509 
 3510 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3511 #: sssd.conf.5.xml:2906
 3512 msgid ""
 3513 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 3514 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3515 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3516 msgstr ""
 3517 
 3518 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3519 #: sssd.conf.5.xml:2914
 3520 msgid ""
 3521 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 3522 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3523 "citerefentry> for more information on configuring Kerberos."
 3524 msgstr ""
 3525 
 3526 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3527 #: sssd.conf.5.xml:2939
 3528 msgid ""
 3529 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 3530 msgstr ""
 3531 
 3532 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3533 #: sssd.conf.5.xml:2943
 3534 msgid "<quote>none</quote> disallows password changes explicitly."
 3535 msgstr ""
 3536 
 3537 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3538 #: sssd.conf.5.xml:2946
 3539 msgid ""
 3540 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 3541 "change password requests."
 3542 msgstr ""
 3543 
 3544 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3545 #: sssd.conf.5.xml:2953
 3546 msgid "sudo_provider (string)"
 3547 msgstr ""
 3548 
 3549 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3550 #: sssd.conf.5.xml:2956
 3551 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 3552 msgstr ""
 3553 
 3554 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3555 #: sssd.conf.5.xml:2960
 3556 msgid ""
 3557 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 3558 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3559 "citerefentry> for more information on configuring LDAP."
 3560 msgstr ""
 3561 
 3562 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3563 #: sssd.conf.5.xml:2968
 3564 msgid ""
 3565 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 3566 "settings."
 3567 msgstr ""
 3568 
 3569 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3570 #: sssd.conf.5.xml:2972
 3571 msgid ""
 3572 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 3573 "settings."
 3574 msgstr ""
 3575 
 3576 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3577 #: sssd.conf.5.xml:2976
 3578 msgid "<quote>none</quote> disables SUDO explicitly."
 3579 msgstr ""
 3580 
 3581 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3582 #: sssd.conf.5.xml:2979 sssd.conf.5.xml:3065 sssd.conf.5.xml:3135
 3583 #: sssd.conf.5.xml:3160 sssd.conf.5.xml:3196
 3584 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 3585 msgstr ""
 3586 
 3587 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3588 #: sssd.conf.5.xml:2983
 3589 msgid ""
 3590 "The detailed instructions for configuration of sudo_provider are in the "
 3591 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
 3592 "<manvolnum>5</manvolnum> </citerefentry>.  There are many configuration "
 3593 "options that can be used to adjust the behavior. Please refer to "
 3594 "\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
 3595 "<manvolnum>5</manvolnum> </citerefentry>."
 3596 msgstr ""
 3597 
 3598 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3599 #: sssd.conf.5.xml:2998
 3600 msgid ""
 3601 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 3602 "background unless the sudo provider is explicitly disabled. Set "
 3603 "<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
 3604 "activity in SSSD if you do not want to use sudo with SSSD at all."
 3605 msgstr ""
 3606 
 3607 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3608 #: sssd.conf.5.xml:3008
 3609 msgid "selinux_provider (string)"
 3610 msgstr ""
 3611 
 3612 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3613 #: sssd.conf.5.xml:3011
 3614 msgid ""
 3615 "The provider which should handle loading of selinux settings. Note that this "
 3616 "provider will be called right after access provider ends.  Supported selinux "
 3617 "providers are:"
 3618 msgstr ""
 3619 
 3620 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3621 #: sssd.conf.5.xml:3017
 3622 msgid ""
 3623 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 3624 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3625 "manvolnum> </citerefentry> for more information on configuring IPA."
 3626 msgstr ""
 3627 
 3628 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3629 #: sssd.conf.5.xml:3025
 3630 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 3631 msgstr ""
 3632 
 3633 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3634 #: sssd.conf.5.xml:3028
 3635 msgid ""
 3636 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3637 "selinux loading requests."
 3638 msgstr ""
 3639 
 3640 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3641 #: sssd.conf.5.xml:3034
 3642 msgid "subdomains_provider (string)"
 3643 msgstr ""
 3644 
 3645 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3646 #: sssd.conf.5.xml:3037
 3647 msgid ""
 3648 "The provider which should handle fetching of subdomains. This value should "
 3649 "be always the same as id_provider.  Supported subdomain providers are:"
 3650 msgstr ""
 3651 
 3652 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3653 #: sssd.conf.5.xml:3043
 3654 msgid ""
 3655 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 3656 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3657 "manvolnum> </citerefentry> for more information on configuring IPA."
 3658 msgstr ""
 3659 
 3660 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3661 #: sssd.conf.5.xml:3052
 3662 msgid ""
 3663 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 3664 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
 3665 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3666 "the AD provider."
 3667 msgstr ""
 3668 
 3669 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3670 #: sssd.conf.5.xml:3061
 3671 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 3672 msgstr ""
 3673 
 3674 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3675 #: sssd.conf.5.xml:3071
 3676 msgid "session_provider (string)"
 3677 msgstr ""
 3678 
 3679 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3680 #: sssd.conf.5.xml:3074
 3681 msgid ""
 3682 "The provider which configures and manages user session related tasks. The "
 3683 "only user session task currently provided is the integration with Fleet "
 3684 "Commander, which works only with IPA.  Supported session providers are:"
 3685 msgstr ""
 3686 
 3687 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3688 #: sssd.conf.5.xml:3081
 3689 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 3690 msgstr ""
 3691 
 3692 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3693 #: sssd.conf.5.xml:3085
 3694 msgid ""
 3695 "<quote>none</quote> does not perform any kind of user session related tasks."
 3696 msgstr ""
 3697 
 3698 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3699 #: sssd.conf.5.xml:3089
 3700 msgid ""
 3701 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 3702 "session related tasks."
 3703 msgstr ""
 3704 
 3705 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3706 #: sssd.conf.5.xml:3093
 3707 msgid ""
 3708 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 3709 "SSSD must be running as \"root\" and not as the unprivileged user."
 3710 msgstr ""
 3711 
 3712 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3713 #: sssd.conf.5.xml:3101
 3714 msgid "autofs_provider (string)"
 3715 msgstr ""
 3716 
 3717 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3718 #: sssd.conf.5.xml:3104
 3719 msgid ""
 3720 "The autofs provider used for the domain.  Supported autofs providers are:"
 3721 msgstr ""
 3722 
 3723 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3724 #: sssd.conf.5.xml:3108
 3725 msgid ""
 3726 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 3727 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3728 "citerefentry> for more information on configuring LDAP."
 3729 msgstr ""
 3730 
 3731 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3732 #: sssd.conf.5.xml:3115
 3733 msgid ""
 3734 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 3735 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
 3736 "citerefentry> for more information on configuring IPA."
 3737 msgstr ""
 3738 
 3739 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3740 #: sssd.conf.5.xml:3123
 3741 msgid ""
 3742 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 3743 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3744 "citerefentry> for more information on configuring the AD provider."
 3745 msgstr ""
 3746 
 3747 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3748 #: sssd.conf.5.xml:3132
 3749 msgid "<quote>none</quote> disables autofs explicitly."
 3750 msgstr ""
 3751 
 3752 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3753 #: sssd.conf.5.xml:3142
 3754 msgid "hostid_provider (string)"
 3755 msgstr ""
 3756 
 3757 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3758 #: sssd.conf.5.xml:3145
 3759 msgid ""
 3760 "The provider used for retrieving host identity information.  Supported "
 3761 "hostid providers are:"
 3762 msgstr ""
 3763 
 3764 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3765 #: sssd.conf.5.xml:3149
 3766 msgid ""
 3767 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 3768 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3769 "manvolnum> </citerefentry> for more information on configuring IPA."
 3770 msgstr ""
 3771 
 3772 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3773 #: sssd.conf.5.xml:3157
 3774 msgid "<quote>none</quote> disables hostid explicitly."
 3775 msgstr ""
 3776 
 3777 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3778 #: sssd.conf.5.xml:3167
 3779 msgid "resolver_provider (string)"
 3780 msgstr ""
 3781 
 3782 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3783 #: sssd.conf.5.xml:3170
 3784 msgid ""
 3785 "The provider which should handle hosts and networks lookups. Supported "
 3786 "resolver providers are:"
 3787 msgstr ""
 3788 
 3789 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3790 #: sssd.conf.5.xml:3174
 3791 msgid ""
 3792 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 3793 "<quote>proxy_resolver_lib_name</quote>"
 3794 msgstr ""
 3795 
 3796 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3797 #: sssd.conf.5.xml:3178
 3798 msgid ""
 3799 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 3800 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3801 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3802 msgstr ""
 3803 
 3804 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3805 #: sssd.conf.5.xml:3185
 3806 msgid ""
 3807 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 3808 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
 3809 "manvolnum> </citerefentry> for more information on configuring the AD "
 3810 "provider."
 3811 msgstr ""
 3812 
 3813 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3814 #: sssd.conf.5.xml:3193
 3815 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 3816 msgstr ""
 3817 
 3818 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3819 #: sssd.conf.5.xml:3206
 3820 msgid ""
 3821 "Regular expression for this domain that describes how to parse the string "
 3822 "containing user name and domain into these components.  The \"domain\" can "
 3823 "match either the SSSD configuration domain name, or, in the case of IPA "
 3824 "trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
 3825 "the domain."
 3826 msgstr ""
 3827 
 3828 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3829 #: sssd.conf.5.xml:3215
 3830 msgid ""
 3831 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 3832 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
 3833 "P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
 3834 "user names:"
 3835 msgstr ""
 3836 
 3837 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3838 #: sssd.conf.5.xml:3220
 3839 msgid "username"
 3840 msgstr ""
 3841 
 3842 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3843 #: sssd.conf.5.xml:3223
 3844 msgid "username@domain.name"
 3845 msgstr ""
 3846 
 3847 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3848 #: sssd.conf.5.xml:3226
 3849 msgid "domain\\username"
 3850 msgstr ""
 3851 
 3852 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3853 #: sssd.conf.5.xml:3229
 3854 msgid ""
 3855 "While the first two correspond to the general default the third one is "
 3856 "introduced to allow easy integration of users from Windows domains."
 3857 msgstr ""
 3858 
 3859 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3860 #: sssd.conf.5.xml:3234
 3861 msgid ""
 3862 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 3863 "which translates to \"the name is everything up to the <quote>@</quote> "
 3864 "sign, the domain everything after that\""
 3865 msgstr ""
 3866 "Standaard: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 3867 "wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
 3868 "het domein alles daarna\""
 3869 
 3870 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3871 #: sssd.conf.5.xml:3240
 3872 msgid ""
 3873 "NOTE: Some Active Directory groups, typically those used for MS Exchange "
 3874 "contain an <quote>@</quote> sign in the name, which clashes with the default "
 3875 "re_expression value for the AD and IPA providers. To support these groups, "
 3876 "consider changing the re_expression value to: <quote>((?P&lt;name&gt;.+)@(?"
 3877 "P&lt;domain&gt;[^@]+$))</quote>."
 3878 msgstr ""
 3879 
 3880 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3881 #: sssd.conf.5.xml:3291
 3882 msgid "Default: <quote>%1$s@%2$s</quote>."
 3883 msgstr "Standaard: <quote>%1$s@%2$s</quote>."
 3884 
 3885 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3886 #: sssd.conf.5.xml:3297
 3887 msgid "lookup_family_order (string)"
 3888 msgstr ""
 3889 
 3890 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3891 #: sssd.conf.5.xml:3300
 3892 msgid ""
 3893 "Provides the ability to select preferred address family to use when "
 3894 "performing DNS lookups."
 3895 msgstr ""
 3896 
 3897 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3898 #: sssd.conf.5.xml:3304
 3899 msgid "Supported values:"
 3900 msgstr ""
 3901 
 3902 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3903 #: sssd.conf.5.xml:3307
 3904 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 3905 msgstr ""
 3906 
 3907 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3908 #: sssd.conf.5.xml:3310
 3909 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 3910 msgstr ""
 3911 
 3912 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3913 #: sssd.conf.5.xml:3313
 3914 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 3915 msgstr ""
 3916 
 3917 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3918 #: sssd.conf.5.xml:3316
 3919 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 3920 msgstr ""
 3921 
 3922 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3923 #: sssd.conf.5.xml:3319
 3924 msgid "Default: ipv4_first"
 3925 msgstr ""
 3926 
 3927 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3928 #: sssd.conf.5.xml:3325
 3929 msgid "dns_resolver_timeout (integer)"
 3930 msgstr ""
 3931 
 3932 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3933 #: sssd.conf.5.xml:3328
 3934 msgid ""
 3935 "Defines the amount of time (in seconds) to wait for a reply from the "
 3936 "internal fail over service before assuming that the service is unreachable. "
 3937 "If this timeout is reached, the domain will continue to operate in offline "
 3938 "mode."
 3939 msgstr ""
 3940 
 3941 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3942 #: sssd.conf.5.xml:3335
 3943 msgid ""
 3944 "Please see the section <quote>FAILOVER</quote> for more information about "
 3945 "the service resolution."
 3946 msgstr ""
 3947 
 3948 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3949 #: sssd.conf.5.xml:3346
 3950 msgid "dns_discovery_domain (string)"
 3951 msgstr ""
 3952 
 3953 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3954 #: sssd.conf.5.xml:3349
 3955 msgid ""
 3956 "If service discovery is used in the back end, specifies the domain part of "
 3957 "the service discovery DNS query."
 3958 msgstr ""
 3959 
 3960 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3961 #: sssd.conf.5.xml:3353
 3962 msgid "Default: Use the domain part of machine's hostname"
 3963 msgstr ""
 3964 
 3965 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3966 #: sssd.conf.5.xml:3359
 3967 msgid "override_gid (integer)"
 3968 msgstr ""
 3969 
 3970 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3971 #: sssd.conf.5.xml:3362
 3972 msgid "Override the primary GID value with the one specified."
 3973 msgstr ""
 3974 
 3975 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3976 #: sssd.conf.5.xml:3368
 3977 msgid "case_sensitive (string)"
 3978 msgstr ""
 3979 
 3980 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3981 #: sssd.conf.5.xml:3379
 3982 msgid "True"
 3983 msgstr ""
 3984 
 3985 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3986 #: sssd.conf.5.xml:3382
 3987 msgid "Case sensitive. This value is invalid for AD provider."
 3988 msgstr ""
 3989 
 3990 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3991 #: sssd.conf.5.xml:3388
 3992 msgid "False"
 3993 msgstr ""
 3994 
 3995 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3996 #: sssd.conf.5.xml:3390
 3997 msgid "Case insensitive."
 3998 msgstr ""
 3999 
 4000 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4001 #: sssd.conf.5.xml:3394
 4002 msgid "Preserving"
 4003 msgstr ""
 4004 
 4005 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4006 #: sssd.conf.5.xml:3397
 4007 msgid ""
 4008 "Same as False (case insensitive), but does not lowercase names in the result "
 4009 "of NSS operations. Note that name aliases (and in case of services also "
 4010 "protocol names) are still lowercased in the output."
 4011 msgstr ""
 4012 
 4013 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4014 #: sssd.conf.5.xml:3405
 4015 msgid ""
 4016 "If you want to set this value for trusted domain with IPA provider, you need "
 4017 "to set it on both the client and SSSD on the server."
 4018 msgstr ""
 4019 
 4020 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4021 #: sssd.conf.5.xml:3371
 4022 msgid ""
 4023 "Treat user and group names as case sensitive.  <phrase condition="
 4024 "\"enable_local_provider\"> At the moment, this option is not supported in "
 4025 "the local provider.  </phrase> Possible option values are: <placeholder type="
 4026 "\"variablelist\" id=\"0\"/>"
 4027 msgstr ""
 4028 
 4029 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4030 #: sssd.conf.5.xml:3415
 4031 msgid ""
 4032 "This option can be also set per subdomain or inherited via "
 4033 "<emphasis>subdomain_inherit</emphasis>."
 4034 msgstr ""
 4035 
 4036 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4037 #: sssd.conf.5.xml:3420
 4038 msgid "Default: True (False for AD provider)"
 4039 msgstr ""
 4040 
 4041 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4042 #: sssd.conf.5.xml:3426
 4043 msgid "subdomain_inherit (string)"
 4044 msgstr ""
 4045 
 4046 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4047 #: sssd.conf.5.xml:3429
 4048 msgid ""
 4049 "Specifies a list of configuration parameters that should be inherited by a "
 4050 "subdomain. Please note that only selected parameters can be inherited.  "
 4051 "Currently the following options can be inherited:"
 4052 msgstr ""
 4053 
 4054 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4055 #: sssd.conf.5.xml:3435
 4056 msgid "ignore_group_members"
 4057 msgstr ""
 4058 
 4059 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4060 #: sssd.conf.5.xml:3438
 4061 msgid "ldap_purge_cache_timeout"
 4062 msgstr ""
 4063 
 4064 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4065 #: sssd.conf.5.xml:3441 sssd-ldap.5.xml:390
 4066 msgid "ldap_use_tokengroups"
 4067 msgstr ""
 4068 
 4069 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4070 #: sssd.conf.5.xml:3444
 4071 msgid "ldap_user_principal"
 4072 msgstr ""
 4073 
 4074 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4075 #: sssd.conf.5.xml:3447
 4076 msgid ""
 4077 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 4078 "is not set explicitly)"
 4079 msgstr ""
 4080 
 4081 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4082 #: sssd.conf.5.xml:3451
 4083 msgid "auto_private_groups"
 4084 msgstr ""
 4085 
 4086 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4087 #: sssd.conf.5.xml:3454
 4088 msgid "case_sensitive"
 4089 msgstr ""
 4090 
 4091 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4092 #: sssd.conf.5.xml:3459
 4093 #, no-wrap
 4094 msgid ""
 4095 "subdomain_inherit = ldap_purge_cache_timeout\n"
 4096 "                            "
 4097 msgstr ""
 4098 
 4099 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4100 #: sssd.conf.5.xml:3466
 4101 msgid "Note: This option only works with the IPA and AD provider."
 4102 msgstr ""
 4103 
 4104 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4105 #: sssd.conf.5.xml:3473
 4106 msgid "subdomain_homedir (string)"
 4107 msgstr ""
 4108 
 4109 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4110 #: sssd.conf.5.xml:3484
 4111 msgid "%F"
 4112 msgstr ""
 4113 
 4114 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4115 #: sssd.conf.5.xml:3485
 4116 msgid "flat (NetBIOS) name of a subdomain."
 4117 msgstr ""
 4118 
 4119 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4120 #: sssd.conf.5.xml:3476
 4121 msgid ""
 4122 "Use this homedir as default value for all subdomains within this domain in "
 4123 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
 4124 "possible values. In addition to those, the expansion below can only be used "
 4125 "with <emphasis>subdomain_homedir</emphasis>.  <placeholder type="
 4126 "\"variablelist\" id=\"0\"/>"
 4127 msgstr ""
 4128 
 4129 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4130 #: sssd.conf.5.xml:3490
 4131 msgid ""
 4132 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 4133 msgstr ""
 4134 
 4135 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4136 #: sssd.conf.5.xml:3494
 4137 msgid "Default: <filename>/home/%d/%u</filename>"
 4138 msgstr ""
 4139 
 4140 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4141 #: sssd.conf.5.xml:3499
 4142 msgid "realmd_tags (string)"
 4143 msgstr ""
 4144 
 4145 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4146 #: sssd.conf.5.xml:3502
 4147 msgid ""
 4148 "Various tags stored by the realmd configuration service for this domain."
 4149 msgstr ""
 4150 
 4151 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4152 #: sssd.conf.5.xml:3508
 4153 msgid "cached_auth_timeout (int)"
 4154 msgstr ""
 4155 
 4156 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4157 #: sssd.conf.5.xml:3511
 4158 msgid ""
 4159 "Specifies time in seconds since last successful online authentication for "
 4160 "which user will be authenticated using cached credentials while SSSD is in "
 4161 "the online mode. If the credentials are incorrect, SSSD falls back to online "
 4162 "authentication."
 4163 msgstr ""
 4164 
 4165 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4166 #: sssd.conf.5.xml:3519
 4167 msgid ""
 4168 "This option's value is inherited by all trusted domains. At the moment it is "
 4169 "not possible to set a different value per trusted domain."
 4170 msgstr ""
 4171 
 4172 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4173 #: sssd.conf.5.xml:3524
 4174 msgid "Special value 0 implies that this feature is disabled."
 4175 msgstr ""
 4176 
 4177 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4178 #: sssd.conf.5.xml:3528
 4179 msgid ""
 4180 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 4181 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
 4182 "<quote>initgroups.</quote>"
 4183 msgstr ""
 4184 
 4185 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4186 #: sssd.conf.5.xml:3539
 4187 msgid "auto_private_groups (string)"
 4188 msgstr ""
 4189 
 4190 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4191 #: sssd.conf.5.xml:3545
 4192 msgid "true"
 4193 msgstr ""
 4194 
 4195 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4196 #: sssd.conf.5.xml:3548
 4197 msgid ""
 4198 "Create user's private group unconditionally from user's UID number.  The GID "
 4199 "number is ignored in this case."
 4200 msgstr ""
 4201 
 4202 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4203 #: sssd.conf.5.xml:3552
 4204 msgid ""
 4205 "NOTE: Because the GID number and the user private group are inferred from "
 4206 "the UID number, it is not supported to have multiple entries with the same "
 4207 "UID or GID number with this option. In other words, enabling this option "
 4208 "enforces uniqueness across the ID space."
 4209 msgstr ""
 4210 
 4211 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4212 #: sssd.conf.5.xml:3561
 4213 msgid "false"
 4214 msgstr ""
 4215 
 4216 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4217 #: sssd.conf.5.xml:3564
 4218 msgid ""
 4219 "Always use the user's primary GID number. The GID number must refer to a "
 4220 "group object in the LDAP database."
 4221 msgstr ""
 4222 
 4223 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4224 #: sssd.conf.5.xml:3570
 4225 msgid "hybrid"
 4226 msgstr ""
 4227 
 4228 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4229 #: sssd.conf.5.xml:3573
 4230 msgid ""
 4231 "A primary group is autogenerated for user entries whose UID and GID numbers "
 4232 "have the same value and at the same time the GID number does not correspond "
 4233 "to a real group object in LDAP.  If the values are the same, but the primary "
 4234 "GID in the user entry is also used by a group object, the primary GID of the "
 4235 "user resolves to that group object."
 4236 msgstr ""
 4237 
 4238 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4239 #: sssd.conf.5.xml:3586
 4240 msgid ""
 4241 "If the UID and GID of a user are different, then the GID must correspond to "
 4242 "a group entry, otherwise the GID is simply not resolvable."
 4243 msgstr ""
 4244 
 4245 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4246 #: sssd.conf.5.xml:3593
 4247 msgid ""
 4248 "This feature is useful for environments that wish to stop maintaining a "
 4249 "separate group objects for the user private groups, but also wish to retain "
 4250 "the existing user private groups."
 4251 msgstr ""
 4252 
 4253 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4254 #: sssd.conf.5.xml:3542
 4255 msgid ""
 4256 "This option takes any of three available values: <placeholder type="
 4257 "\"variablelist\" id=\"0\"/>"
 4258 msgstr ""
 4259 
 4260 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4261 #: sssd.conf.5.xml:3605
 4262 msgid ""
 4263 "For subdomains, the default value is False for subdomains that use assigned "
 4264 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 4265 msgstr ""
 4266 
 4267 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4268 #: sssd.conf.5.xml:3613
 4269 #, no-wrap
 4270 msgid ""
 4271 "[domain/forest.domain/sub.domain]\n"
 4272 "auto_private_groups = false\n"
 4273 msgstr ""
 4274 
 4275 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4276 #: sssd.conf.5.xml:3619
 4277 #, no-wrap
 4278 msgid ""
 4279 "[domain/forest.domain]\n"
 4280 "subdomain_inherit = auto_private_groups\n"
 4281 "auto_private_groups = false\n"
 4282 msgstr ""
 4283 
 4284 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4285 #: sssd.conf.5.xml:3610
 4286 msgid ""
 4287 "The value of auto_private_groups can either be set per subdomains in a "
 4288 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
 4289 "globally for all subdomains in the main domain section using the "
 4290 "subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>"
 4291 msgstr ""
 4292 
 4293 #. type: Content of: <reference><refentry><refsect1><para>
 4294 #: sssd.conf.5.xml:2233
 4295 msgid ""
 4296 "These configuration options can be present in a domain configuration "
 4297 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 4298 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 4299 msgstr ""
 4300 
 4301 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4302 #: sssd.conf.5.xml:3634
 4303 msgid "proxy_pam_target (string)"
 4304 msgstr ""
 4305 
 4306 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4307 #: sssd.conf.5.xml:3637
 4308 msgid "The proxy target PAM proxies to."
 4309 msgstr ""
 4310 
 4311 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4312 #: sssd.conf.5.xml:3640
 4313 msgid ""
 4314 "Default: not set by default, you have to take an existing pam configuration "
 4315 "or create a new one and add the service name here."
 4316 msgstr ""
 4317 
 4318 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4319 #: sssd.conf.5.xml:3648
 4320 msgid "proxy_lib_name (string)"
 4321 msgstr ""
 4322 
 4323 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4324 #: sssd.conf.5.xml:3651
 4325 msgid ""
 4326 "The name of the NSS library to use in proxy domains. The NSS functions "
 4327 "searched for in the library are in the form of _nss_$(libName)_$(function), "
 4328 "for example _nss_files_getpwent."
 4329 msgstr ""
 4330 
 4331 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4332 #: sssd.conf.5.xml:3661
 4333 msgid "proxy_resolver_lib_name (string)"
 4334 msgstr ""
 4335 
 4336 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4337 #: sssd.conf.5.xml:3664
 4338 msgid ""
 4339 "The name of the NSS library to use for hosts and networks lookups in proxy "
 4340 "domains. The NSS functions searched for in the library are in the form of "
 4341 "_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r."
 4342 msgstr ""
 4343 
 4344 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4345 #: sssd.conf.5.xml:3675
 4346 msgid "proxy_fast_alias (boolean)"
 4347 msgstr ""
 4348 
 4349 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4350 #: sssd.conf.5.xml:3678
 4351 msgid ""
 4352 "When a user or group is looked up by name in the proxy provider, a second "
 4353 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
 4354 "name was an alias. Setting this option to true would cause the SSSD to "
 4355 "perform the ID lookup from cache for performance reasons."
 4356 msgstr ""
 4357 
 4358 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4359 #: sssd.conf.5.xml:3692
 4360 msgid "proxy_max_children (integer)"
 4361 msgstr ""
 4362 
 4363 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4364 #: sssd.conf.5.xml:3695
 4365 msgid ""
 4366 "This option specifies the number of pre-forked proxy children. It is useful "
 4367 "for high-load SSSD environments where sssd may run out of available child "
 4368 "slots, which would cause some issues due to the requests being queued."
 4369 msgstr ""
 4370 
 4371 #. type: Content of: <reference><refentry><refsect1><para>
 4372 #: sssd.conf.5.xml:3630
 4373 msgid ""
 4374 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 4375 "\"0\"/>"
 4376 msgstr ""
 4377 
 4378 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4379 #: sssd.conf.5.xml:3711
 4380 msgid "Application domains"
 4381 msgstr ""
 4382 
 4383 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4384 #: sssd.conf.5.xml:3713
 4385 msgid ""
 4386 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 4387 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
 4388 "applications as a gateway to an LDAP directory where users and groups are "
 4389 "stored. However, contrary to the traditional SSSD deployment where all users "
 4390 "and groups either have POSIX attributes or those attributes can be inferred "
 4391 "from the Windows SIDs, in many cases the users and groups in the application "
 4392 "support scenario have no POSIX attributes.  Instead of setting a "
 4393 "<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
 4394 "administrator can set up an <quote>[application/<replaceable>NAME</"
 4395 "replaceable>]</quote> section that internally represents a domain with type "
 4396 "<quote>application</quote> optionally inherits settings from a tradition "
 4397 "SSSD domain."
 4398 msgstr ""
 4399 
 4400 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4401 #: sssd.conf.5.xml:3733
 4402 msgid ""
 4403 "Please note that the application domain must still be explicitly enabled in "
 4404 "the <quote>domains</quote> parameter so that the lookup order between the "
 4405 "application domain and its POSIX sibling domain is set correctly."
 4406 msgstr ""
 4407 
 4408 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 4409 #: sssd.conf.5.xml:3739
 4410 msgid "Application domain parameters"
 4411 msgstr ""
 4412 
 4413 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4414 #: sssd.conf.5.xml:3741
 4415 msgid "inherit_from (string)"
 4416 msgstr ""
 4417 
 4418 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4419 #: sssd.conf.5.xml:3744
 4420 msgid ""
 4421 "The SSSD POSIX-type domain the application domain inherits all settings "
 4422 "from. The application domain can moreover add its own settings to the "
 4423 "application settings that augment or override the <quote>sibling</quote> "
 4424 "domain settings."
 4425 msgstr ""
 4426 
 4427 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4428 #: sssd.conf.5.xml:3758
 4429 msgid ""
 4430 "The following example illustrates the use of an application domain. In this "
 4431 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
 4432 "through the NSS responder. In addition, the application domain also requests "
 4433 "the telephoneNumber attribute, stores it as the phone attribute in the cache "
 4434 "and makes the phone attribute reachable through the D-Bus interface."
 4435 msgstr ""
 4436 
 4437 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
 4438 #: sssd.conf.5.xml:3766
 4439 #, no-wrap
 4440 msgid ""
 4441 "[sssd]\n"
 4442 "domains = appdom, posixdom\n"
 4443 "\n"
 4444 "[ifp]\n"
 4445 "user_attributes = +phone\n"
 4446 "\n"
 4447 "[domain/posixdom]\n"
 4448 "id_provider = ldap\n"
 4449 "ldap_uri = ldap://ldap.example.com\n"
 4450 "ldap_search_base = dc=example,dc=com\n"
 4451 "\n"
 4452 "[application/appdom]\n"
 4453 "inherit_from = posixdom\n"
 4454 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 4455 msgstr ""
 4456 
 4457 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4458 #: sssd.conf.5.xml:3784
 4459 msgid "The local domain section"
 4460 msgstr ""
 4461 
 4462 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4463 #: sssd.conf.5.xml:3786
 4464 msgid ""
 4465 "This section contains settings for domain that stores users and groups in "
 4466 "SSSD native database, that is, a domain that uses "
 4467 "<replaceable>id_provider=local</replaceable>."
 4468 msgstr ""
 4469 
 4470 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4471 #: sssd.conf.5.xml:3793
 4472 msgid "default_shell (string)"
 4473 msgstr ""
 4474 
 4475 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4476 #: sssd.conf.5.xml:3796
 4477 msgid "The default shell for users created with SSSD userspace tools."
 4478 msgstr ""
 4479 
 4480 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4481 #: sssd.conf.5.xml:3800
 4482 msgid "Default: <filename>/bin/bash</filename>"
 4483 msgstr ""
 4484 
 4485 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4486 #: sssd.conf.5.xml:3805
 4487 msgid "base_directory (string)"
 4488 msgstr ""
 4489 
 4490 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4491 #: sssd.conf.5.xml:3808
 4492 msgid ""
 4493 "The tools append the login name to <replaceable>base_directory</replaceable> "
 4494 "and use that as the home directory."
 4495 msgstr ""
 4496 
 4497 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4498 #: sssd.conf.5.xml:3813
 4499 msgid "Default: <filename>/home</filename>"
 4500 msgstr ""
 4501 
 4502 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4503 #: sssd.conf.5.xml:3818
 4504 msgid "create_homedir (bool)"
 4505 msgstr ""
 4506 
 4507 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4508 #: sssd.conf.5.xml:3821
 4509 msgid ""
 4510 "Indicate if a home directory should be created by default for new users.  "
 4511 "Can be overridden on command line."
 4512 msgstr ""
 4513 
 4514 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4515 #: sssd.conf.5.xml:3825 sssd.conf.5.xml:3837
 4516 msgid "Default: TRUE"
 4517 msgstr ""
 4518 
 4519 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4520 #: sssd.conf.5.xml:3830
 4521 msgid "remove_homedir (bool)"
 4522 msgstr ""
 4523 
 4524 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4525 #: sssd.conf.5.xml:3833
 4526 msgid ""
 4527 "Indicate if a home directory should be removed by default for deleted "
 4528 "users.  Can be overridden on command line."
 4529 msgstr ""
 4530 
 4531 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4532 #: sssd.conf.5.xml:3842
 4533 msgid "homedir_umask (integer)"
 4534 msgstr ""
 4535 
 4536 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4537 #: sssd.conf.5.xml:3845
 4538 msgid ""
 4539 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 4540 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 4541 "on a newly created home directory."
 4542 msgstr ""
 4543 
 4544 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4545 #: sssd.conf.5.xml:3853
 4546 msgid "Default: 077"
 4547 msgstr ""
 4548 
 4549 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4550 #: sssd.conf.5.xml:3858
 4551 msgid "skel_dir (string)"
 4552 msgstr ""
 4553 
 4554 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4555 #: sssd.conf.5.xml:3861
 4556 msgid ""
 4557 "The skeleton directory, which contains files and directories to be copied in "
 4558 "the user's home directory, when the home directory is created by "
 4559 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 4560 "manvolnum> </citerefentry>"
 4561 msgstr ""
 4562 
 4563 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4564 #: sssd.conf.5.xml:3871
 4565 msgid "Default: <filename>/etc/skel</filename>"
 4566 msgstr ""
 4567 
 4568 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4569 #: sssd.conf.5.xml:3876
 4570 msgid "mail_dir (string)"
 4571 msgstr ""
 4572 
 4573 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4574 #: sssd.conf.5.xml:3879
 4575 msgid ""
 4576 "The mail spool directory. This is needed to manipulate the mailbox when its "
 4577 "corresponding user account is modified or deleted.  If not specified, a "
 4578 "default value is used."
 4579 msgstr ""
 4580 
 4581 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4582 #: sssd.conf.5.xml:3886
 4583 msgid "Default: <filename>/var/mail</filename>"
 4584 msgstr ""
 4585 
 4586 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4587 #: sssd.conf.5.xml:3891
 4588 msgid "userdel_cmd (string)"
 4589 msgstr ""
 4590 
 4591 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4592 #: sssd.conf.5.xml:3894
 4593 msgid ""
 4594 "The command that is run after a user is removed.  The command us passed the "
 4595 "username of the user being removed as the first and only parameter. The "
 4596 "return code of the command is not taken into account."
 4597 msgstr ""
 4598 
 4599 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4600 #: sssd.conf.5.xml:3900
 4601 msgid "Default: None, no command is run"
 4602 msgstr ""
 4603 
 4604 #. type: Content of: <reference><refentry><refsect1><title>
 4605 #: sssd.conf.5.xml:3910
 4606 msgid "TRUSTED DOMAIN SECTION"
 4607 msgstr ""
 4608 
 4609 #. type: Content of: <reference><refentry><refsect1><para>
 4610 #: sssd.conf.5.xml:3912
 4611 msgid ""
 4612 "Some options used in the domain section can also be used in the trusted "
 4613 "domain section, that is, in a section called <quote>[domain/"
 4614 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
 4615 "replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
 4616 "domain. Please refer to examples below for explanation.  Currently supported "
 4617 "options in the trusted domain section are:"
 4618 msgstr ""
 4619 
 4620 #. type: Content of: <reference><refentry><refsect1><para>
 4621 #: sssd.conf.5.xml:3919
 4622 msgid "ldap_search_base,"
 4623 msgstr ""
 4624 
 4625 #. type: Content of: <reference><refentry><refsect1><para>
 4626 #: sssd.conf.5.xml:3920
 4627 msgid "ldap_user_search_base,"
 4628 msgstr ""
 4629 
 4630 #. type: Content of: <reference><refentry><refsect1><para>
 4631 #: sssd.conf.5.xml:3921
 4632 msgid "ldap_group_search_base,"
 4633 msgstr ""
 4634 
 4635 #. type: Content of: <reference><refentry><refsect1><para>
 4636 #: sssd.conf.5.xml:3922
 4637 msgid "ldap_netgroup_search_base,"
 4638 msgstr ""
 4639 
 4640 #. type: Content of: <reference><refentry><refsect1><para>
 4641 #: sssd.conf.5.xml:3923
 4642 msgid "ldap_service_search_base,"
 4643 msgstr ""
 4644 
 4645 #. type: Content of: <reference><refentry><refsect1><para>
 4646 #: sssd.conf.5.xml:3924
 4647 msgid "ldap_sasl_mech,"
 4648 msgstr ""
 4649 
 4650 #. type: Content of: <reference><refentry><refsect1><para>
 4651 #: sssd.conf.5.xml:3925
 4652 msgid "ad_server,"
 4653 msgstr ""
 4654 
 4655 #. type: Content of: <reference><refentry><refsect1><para>
 4656 #: sssd.conf.5.xml:3926
 4657 msgid "ad_backup_server,"
 4658 msgstr ""
 4659 
 4660 #. type: Content of: <reference><refentry><refsect1><para>
 4661 #: sssd.conf.5.xml:3927
 4662 msgid "ad_site,"
 4663 msgstr ""
 4664 
 4665 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 4666 #: sssd.conf.5.xml:3928 sssd-ipa.5.xml:811
 4667 msgid "use_fully_qualified_names"
 4668 msgstr ""
 4669 
 4670 #. type: Content of: <reference><refentry><refsect1><para>
 4671 #: sssd.conf.5.xml:3932
 4672 msgid ""
 4673 "For more details about these options see their individual description in the "
 4674 "manual page."
 4675 msgstr ""
 4676 
 4677 #. type: Content of: <reference><refentry><refsect1><title>
 4678 #: sssd.conf.5.xml:3938
 4679 msgid "CERTIFICATE MAPPING SECTION"
 4680 msgstr ""
 4681 
 4682 #. type: Content of: <reference><refentry><refsect1><para>
 4683 #: sssd.conf.5.xml:3940
 4684 msgid ""
 4685 "To allow authentication with Smartcards and certificates SSSD must be able "
 4686 "to map certificates to users. This can be done by adding the full "
 4687 "certificate to the LDAP object of the user or to a local override. While "
 4688 "using the full certificate is required to use the Smartcard authentication "
 4689 "feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 4690 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it "
 4691 "might be cumbersome or not even possible to do this for the general case "
 4692 "where local services use PAM for authentication."
 4693 msgstr ""
 4694 
 4695 #. type: Content of: <reference><refentry><refsect1><para>
 4696 #: sssd.conf.5.xml:3954
 4697 msgid ""
 4698 "To make the mapping more flexible mapping and matching rules were added to "
 4699 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
 4700 "<manvolnum>5</manvolnum> </citerefentry> for details)."
 4701 msgstr ""
 4702 
 4703 #. type: Content of: <reference><refentry><refsect1><para>
 4704 #: sssd.conf.5.xml:3963
 4705 msgid ""
 4706 "A mapping and matching rule can be added to the SSSD configuration in a "
 4707 "section on its own with a name like <quote>[certmap/"
 4708 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</"
 4709 "replaceable>]</quote>.  In this section the following options are allowed:"
 4710 msgstr ""
 4711 
 4712 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4713 #: sssd.conf.5.xml:3970
 4714 msgid "matchrule (string)"
 4715 msgstr ""
 4716 
 4717 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4718 #: sssd.conf.5.xml:3973
 4719 msgid ""
 4720 "Only certificates from the Smartcard which matches this rule will be "
 4721 "processed, all others are ignored."
 4722 msgstr ""
 4723 
 4724 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4725 #: sssd.conf.5.xml:3977
 4726 msgid ""
 4727 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 4728 "Extended Key Usage <quote>clientAuth</quote>"
 4729 msgstr ""
 4730 
 4731 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4732 #: sssd.conf.5.xml:3984
 4733 msgid "maprule (string)"
 4734 msgstr ""
 4735 
 4736 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4737 #: sssd.conf.5.xml:3987
 4738 msgid "Defines how the user is found for a given certificate."
 4739 msgstr ""
 4740 
 4741 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4742 #: sssd.conf.5.xml:3993
 4743 msgid ""
 4744 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 4745 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 4746 msgstr ""
 4747 
 4748 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4749 #: sssd.conf.5.xml:3999
 4750 msgid ""
 4751 "The RULE_NAME for the <quote>files</quote> provider which tries to find a "
 4752 "user with the same name."
 4753 msgstr ""
 4754 
 4755 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4756 #: sssd.conf.5.xml:4008
 4757 msgid "domains (string)"
 4758 msgstr ""
 4759 
 4760 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4761 #: sssd.conf.5.xml:4011
 4762 msgid ""
 4763 "Comma separated list of domain names the rule should be applied. By default "
 4764 "a rule is only valid in the domain configured in sssd.conf. If the provider "
 4765 "supports subdomains this option can be used to add the rule to subdomains as "
 4766 "well."
 4767 msgstr ""
 4768 
 4769 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4770 #: sssd.conf.5.xml:4018
 4771 msgid "Default: the configured domain in sssd.conf"
 4772 msgstr ""
 4773 
 4774 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4775 #: sssd.conf.5.xml:4023
 4776 msgid "priority (integer)"
 4777 msgstr ""
 4778 
 4779 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4780 #: sssd.conf.5.xml:4026
 4781 msgid ""
 4782 "Unsigned integer value defining the priority of the rule. The higher the "
 4783 "number the lower the priority.  <quote>0</quote> stands for the highest "
 4784 "priority while <quote>4294967295</quote> is the lowest."
 4785 msgstr ""
 4786 
 4787 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4788 #: sssd.conf.5.xml:4032
 4789 msgid "Default: the lowest priority"
 4790 msgstr ""
 4791 
 4792 #. type: Content of: <reference><refentry><refsect1><para>
 4793 #: sssd.conf.5.xml:4038
 4794 msgid ""
 4795 "To make the configuration simple and reduce the amount of configuration "
 4796 "options the <quote>files</quote> provider has some special properties:"
 4797 msgstr ""
 4798 
 4799 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4800 #: sssd.conf.5.xml:4044
 4801 msgid ""
 4802 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 4803 "matching user"
 4804 msgstr ""
 4805 
 4806 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4807 #: sssd.conf.5.xml:4050
 4808 msgid ""
 4809 "if a maprule is used both a single user name or a template like "
 4810 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
 4811 "<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</"
 4812 "quote>"
 4813 msgstr ""
 4814 
 4815 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4816 #: sssd.conf.5.xml:4059
 4817 msgid "the <quote>domains</quote> option is ignored"
 4818 msgstr ""
 4819 
 4820 #. type: Content of: <reference><refentry><refsect1><title>
 4821 #: sssd.conf.5.xml:4067
 4822 msgid "PROMPTING CONFIGURATION SECTION"
 4823 msgstr ""
 4824 
 4825 #. type: Content of: <reference><refentry><refsect1><para>
 4826 #: sssd.conf.5.xml:4069
 4827 msgid ""
 4828 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 4829 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
 4830 "which authentication methods are available for the user trying to log in.  "
 4831 "Based on the results pam_sss will prompt the user for appropriate "
 4832 "credentials."
 4833 msgstr ""
 4834 
 4835 #. type: Content of: <reference><refentry><refsect1><para>
 4836 #: sssd.conf.5.xml:4077
 4837 msgid ""
 4838 "With the growing number of authentication methods and the possibility that "
 4839 "there are multiple ones for a single user the heuristic used by pam_sss to "
 4840 "select the prompting might not be suitable for all use cases. The following "
 4841 "options should provide a better flexibility here."
 4842 msgstr ""
 4843 
 4844 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4845 #: sssd.conf.5.xml:4089
 4846 msgid "[prompting/password]"
 4847 msgstr ""
 4848 
 4849 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4850 #: sssd.conf.5.xml:4092
 4851 msgid "password_prompt"
 4852 msgstr ""
 4853 
 4854 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4855 #: sssd.conf.5.xml:4093
 4856 msgid "to change the string of the password prompt"
 4857 msgstr ""
 4858 
 4859 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4860 #: sssd.conf.5.xml:4091
 4861 msgid ""
 4862 "to configure password prompting, allowed options are: <placeholder type="
 4863 "\"variablelist\" id=\"0\"/>"
 4864 msgstr ""
 4865 
 4866 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4867 #: sssd.conf.5.xml:4101
 4868 msgid "[prompting/2fa]"
 4869 msgstr ""
 4870 
 4871 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4872 #: sssd.conf.5.xml:4105
 4873 msgid "first_prompt"
 4874 msgstr ""
 4875 
 4876 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4877 #: sssd.conf.5.xml:4106
 4878 msgid "to change the string of the prompt for the first factor"
 4879 msgstr ""
 4880 
 4881 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4882 #: sssd.conf.5.xml:4109
 4883 msgid "second_prompt"
 4884 msgstr ""
 4885 
 4886 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4887 #: sssd.conf.5.xml:4110
 4888 msgid "to change the string of the prompt for the second factor"
 4889 msgstr ""
 4890 
 4891 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4892 #: sssd.conf.5.xml:4113
 4893 msgid "single_prompt"
 4894 msgstr ""
 4895 
 4896 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4897 #: sssd.conf.5.xml:4114
 4898 msgid ""
 4899 "boolean value, if True there will be only a single prompt using the value of "
 4900 "first_prompt where it is expected that both factors are entered as a single "
 4901 "string"
 4902 msgstr ""
 4903 
 4904 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4905 #: sssd.conf.5.xml:4103
 4906 msgid ""
 4907 "to configure two-factor authentication prompting, allowed options are: "
 4908 "<placeholder type=\"variablelist\" id=\"0\"/>"
 4909 msgstr ""
 4910 
 4911 #. type: Content of: <reference><refentry><refsect1><para>
 4912 #: sssd.conf.5.xml:4084
 4913 msgid ""
 4914 "Each supported authentication method has its own configuration subsection "
 4915 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
 4916 "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>"
 4917 msgstr ""
 4918 
 4919 #. type: Content of: <reference><refentry><refsect1><para>
 4920 #: sssd.conf.5.xml:4126
 4921 msgid ""
 4922 "It is possible to add a subsection for specific PAM services, e.g. "
 4923 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
 4924 "for this service."
 4925 msgstr ""
 4926 
 4927 #. type: Content of: <reference><refentry><refsect1><title>
 4928 #: sssd.conf.5.xml:4133 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 4929 msgid "EXAMPLES"
 4930 msgstr ""
 4931 
 4932 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4933 #: sssd.conf.5.xml:4139
 4934 #, no-wrap
 4935 msgid ""
 4936 "[sssd]\n"
 4937 "domains = LDAP\n"
 4938 "services = nss, pam\n"
 4939 "config_file_version = 2\n"
 4940 "\n"
 4941 "[nss]\n"
 4942 "filter_groups = root\n"
 4943 "filter_users = root\n"
 4944 "\n"
 4945 "[pam]\n"
 4946 "\n"
 4947 "[domain/LDAP]\n"
 4948 "id_provider = ldap\n"
 4949 "ldap_uri = ldap://ldap.example.com\n"
 4950 "ldap_search_base = dc=example,dc=com\n"
 4951 "\n"
 4952 "auth_provider = krb5\n"
 4953 "krb5_server = kerberos.example.com\n"
 4954 "krb5_realm = EXAMPLE.COM\n"
 4955 "cache_credentials = true\n"
 4956 "\n"
 4957 "min_id = 10000\n"
 4958 "max_id = 20000\n"
 4959 "enumerate = False\n"
 4960 msgstr ""
 4961 
 4962 #. type: Content of: <reference><refentry><refsect1><para>
 4963 #: sssd.conf.5.xml:4135
 4964 msgid ""
 4965 "1. The following example shows a typical SSSD config. It does not describe "
 4966 "configuration of the domains themselves - refer to documentation on "
 4967 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 4968 "id=\"0\"/>"
 4969 msgstr ""
 4970 
 4971 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4972 #: sssd.conf.5.xml:4172
 4973 #, no-wrap
 4974 msgid ""
 4975 "[domain/ipa.com/child.ad.com]\n"
 4976 "use_fully_qualified_names = false\n"
 4977 msgstr ""
 4978 
 4979 #. type: Content of: <reference><refentry><refsect1><para>
 4980 #: sssd.conf.5.xml:4166
 4981 msgid ""
 4982 "2. The following example shows configuration of IPA AD trust where the AD "
 4983 "forest consists of two domains in a parent-child structure.  Suppose IPA "
 4984 "domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
 4985 "(child.ad.com). To enable shortnames in the child domain the following "
 4986 "configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
 4987 ">"
 4988 msgstr ""
 4989 
 4990 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4991 #: sssd.conf.5.xml:4186
 4992 #, no-wrap
 4993 msgid ""
 4994 "[certmap/my.domain/rule_name]\n"
 4995 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$\n"
 4996 "maprule = (userCertificate;binary={cert!bin})\n"
 4997 "domains = my.domain, your.domain\n"
 4998 "priority = 10\n"
 4999 "\n"
 5000 "[certmap/files/myname]\n"
 5001 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$&lt;SUBJECT&gt;^CN=User.Name,DC=MY,DC=DOMAIN$\n"
 5002 msgstr ""
 5003 
 5004 #. type: Content of: <reference><refentry><refsect1><para>
 5005 #: sssd.conf.5.xml:4177
 5006 msgid ""
 5007 "3. The following example shows the configuration for two certificate mapping "
 5008 "rules. The first is valid for the configured domain <quote>my.domain</quote> "
 5009 "and additionally for the subdomains <quote>your.domain</quote> and uses the "
 5010 "full certificate in the search filter. The second example is valid for the "
 5011 "domain <quote>files</quote> where it is assumed the files provider is used "
 5012 "for this domain and contains a matching rule for the local user "
 5013 "<quote>myname</quote>.  <placeholder type=\"programlisting\" id=\"0\"/>"
 5014 msgstr ""
 5015 
 5016 #. type: Content of: <reference><refentry><refnamediv><refname>
 5017 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 5018 msgid "sssd-ldap"
 5019 msgstr ""
 5020 
 5021 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 5022 #: sssd-ldap.5.xml:17
 5023 msgid "SSSD LDAP provider"
 5024 msgstr ""
 5025 
 5026 #. type: Content of: <reference><refentry><refsect1><para>
 5027 #: sssd-ldap.5.xml:23
 5028 msgid ""
 5029 "This manual page describes the configuration of LDAP domains for "
 5030 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 5031 "</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
 5032 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 5033 "manvolnum> </citerefentry> manual page for detailed syntax information."
 5034 msgstr ""
 5035 
 5036 #. type: Content of: <reference><refentry><refsect1><para>
 5037 #: sssd-ldap.5.xml:35
 5038 msgid "You can configure SSSD to use more than one LDAP domain."
 5039 msgstr ""
 5040 
 5041 #. type: Content of: <reference><refentry><refsect1><para>
 5042 #: sssd-ldap.5.xml:38
 5043 msgid ""
 5044 "LDAP back end supports id, auth, access and chpass providers. If you want to "
 5045 "authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
 5046 "<command>sssd</command> <emphasis>does not</emphasis> support authentication "
 5047 "over an unencrypted channel.  If the LDAP server is used only as an identity "
 5048 "provider, an encrypted channel is not needed. Please refer to "
 5049 "<quote>ldap_access_filter</quote> config option for more information about "
 5050 "using LDAP as an access provider."
 5051 msgstr ""
 5052 
 5053 #. type: Content of: <reference><refentry><refsect1><title>
 5054 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 5055 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:78
 5056 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:166
 5057 msgid "CONFIGURATION OPTIONS"
 5058 msgstr ""
 5059 
 5060 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5061 #: sssd-ldap.5.xml:66
 5062 msgid "ldap_uri, ldap_backup_uri (string)"
 5063 msgstr ""
 5064 
 5065 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5066 #: sssd-ldap.5.xml:69
 5067 msgid ""
 5068 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5069 "should connect in the order of preference. Refer to the <quote>FAILOVER</"
 5070 "quote> section for more information on failover and server redundancy.  If "
 5071 "neither option is specified, service discovery is enabled. For more "
 5072 "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 5073 msgstr ""
 5074 
 5075 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 5076 #: sssd-ldap.5.xml:76 sssd-secrets.5.xml:264
 5077 msgid "The format of the URI must match the format defined in RFC 2732:"
 5078 msgstr ""
 5079 
 5080 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5081 #: sssd-ldap.5.xml:79
 5082 msgid "ldap[s]://&lt;host&gt;[:port]"
 5083 msgstr ""
 5084 
 5085 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5086 #: sssd-ldap.5.xml:82
 5087 msgid ""
 5088 "For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
 5089 msgstr ""
 5090 
 5091 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5092 #: sssd-ldap.5.xml:85
 5093 msgid "example: ldap://[fc00::126:25]:389"
 5094 msgstr ""
 5095 
 5096 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5097 #: sssd-ldap.5.xml:91
 5098 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
 5099 msgstr ""
 5100 
 5101 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5102 #: sssd-ldap.5.xml:94
 5103 msgid ""
 5104 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5105 "should connect in the order of preference to change the password of a user. "
 5106 "Refer to the <quote>FAILOVER</quote> section for more information on "
 5107 "failover and server redundancy."
 5108 msgstr ""
 5109 
 5110 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5111 #: sssd-ldap.5.xml:101
 5112 msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
 5113 msgstr ""
 5114 
 5115 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5116 #: sssd-ldap.5.xml:105
 5117 msgid "Default: empty, i.e. ldap_uri is used."
 5118 msgstr ""
 5119 
 5120 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5121 #: sssd-ldap.5.xml:111
 5122 msgid "ldap_search_base (string)"
 5123 msgstr ""
 5124 
 5125 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5126 #: sssd-ldap.5.xml:114
 5127 msgid "The default base DN to use for performing LDAP user operations."
 5128 msgstr ""
 5129 
 5130 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5131 #: sssd-ldap.5.xml:118
 5132 msgid ""
 5133 "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
 5134 "syntax:"
 5135 msgstr ""
 5136 
 5137 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5138 #: sssd-ldap.5.xml:122
 5139 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 5140 msgstr ""
 5141 
 5142 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5143 #: sssd-ldap.5.xml:125
 5144 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
 5145 msgstr ""
 5146 
 5147 #. type: Content of: <listitem><para>
 5148 #: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18
 5149 msgid ""
 5150 "The filter must be a valid LDAP search filter as specified by http://www."
 5151 "ietf.org/rfc/rfc2254.txt"
 5152 msgstr ""
 5153 
 5154 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5155 #: sssd-ldap.5.xml:132 sssd-ad.5.xml:288 sss_override.8.xml:143
 5156 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453
 5157 msgid "Examples:"
 5158 msgstr ""
 5159 
 5160 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5161 #: sssd-ldap.5.xml:135
 5162 msgid ""
 5163 "ldap_search_base = dc=example,dc=com (which is equivalent to)  "
 5164 "ldap_search_base = dc=example,dc=com?subtree?"
 5165 msgstr ""
 5166 
 5167 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5168 #: sssd-ldap.5.xml:140
 5169 msgid ""
 5170 "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
 5171 "(host=thishost)?dc=example.com?subtree?"
 5172 msgstr ""
 5173 
 5174 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5175 #: sssd-ldap.5.xml:143
 5176 msgid ""
 5177 "Note: It is unsupported to have multiple search bases which reference "
 5178 "identically-named objects (for example, groups with the same name in two "
 5179 "different search bases). This will lead to unpredictable behavior on client "
 5180 "machines."
 5181 msgstr ""
 5182 
 5183 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5184 #: sssd-ldap.5.xml:150
 5185 msgid ""
 5186 "Default: If not set, the value of the defaultNamingContext or namingContexts "
 5187 "attribute from the RootDSE of the LDAP server is used. If "
 5188 "defaultNamingContext does not exist or has an empty value namingContexts is "
 5189 "used.  The namingContexts attribute must have a single value with the DN of "
 5190 "the search base of the LDAP server to make this work. Multiple values are "
 5191 "are not supported."
 5192 msgstr ""
 5193 
 5194 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5195 #: sssd-ldap.5.xml:164
 5196 msgid "ldap_schema (string)"
 5197 msgstr ""
 5198 
 5199 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5200 #: sssd-ldap.5.xml:167
 5201 msgid ""
 5202 "Specifies the Schema Type in use on the target LDAP server.  Depending on "
 5203 "the selected schema, the default attribute names retrieved from the servers "
 5204 "may vary.  The way that some attributes are handled may also differ."
 5205 msgstr ""
 5206 
 5207 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5208 #: sssd-ldap.5.xml:174
 5209 msgid "Four schema types are currently supported:"
 5210 msgstr ""
 5211 
 5212 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5213 #: sssd-ldap.5.xml:178
 5214 msgid "rfc2307"
 5215 msgstr ""
 5216 
 5217 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5218 #: sssd-ldap.5.xml:183
 5219 msgid "rfc2307bis"
 5220 msgstr ""
 5221 
 5222 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5223 #: sssd-ldap.5.xml:188
 5224 msgid "IPA"
 5225 msgstr ""
 5226 
 5227 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5228 #: sssd-ldap.5.xml:193
 5229 msgid "AD"
 5230 msgstr ""
 5231 
 5232 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5233 #: sssd-ldap.5.xml:199
 5234 msgid ""
 5235 "The main difference between these schema types is how group memberships are "
 5236 "recorded in the server.  With rfc2307, group members are listed by name in "
 5237 "the <emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, "
 5238 "group members are listed by DN and stored in the <emphasis>member</emphasis> "
 5239 "attribute.  The AD schema type sets the attributes to correspond with Active "
 5240 "Directory 2008r2 values."
 5241 msgstr ""
 5242 
 5243 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5244 #: sssd-ldap.5.xml:209
 5245 msgid "Default: rfc2307"
 5246 msgstr ""
 5247 
 5248 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5249 #: sssd-ldap.5.xml:215
 5250 msgid "ldap_pwmodify_mode (string)"
 5251 msgstr ""
 5252 
 5253 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5254 #: sssd-ldap.5.xml:218
 5255 msgid "Specify the operation that is used to modify user password."
 5256 msgstr ""
 5257 
 5258 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5259 #: sssd-ldap.5.xml:222
 5260 msgid "Two modes are currently supported:"
 5261 msgstr ""
 5262 
 5263 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5264 #: sssd-ldap.5.xml:226
 5265 msgid "exop - Password Modify Extended Operation (RFC 3062)"
 5266 msgstr ""
 5267 
 5268 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5269 #: sssd-ldap.5.xml:232
 5270 msgid "ldap_modify - Direct modification of userPassword (not recommended)."
 5271 msgstr ""
 5272 
 5273 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5274 #: sssd-ldap.5.xml:239
 5275 msgid ""
 5276 "Note: First, a new connection is established to verify current password by "
 5277 "binding as the user that requested password change. If successful, this "
 5278 "connection is used to change the password therefore the user must have write "
 5279 "access to userPassword attribute."
 5280 msgstr ""
 5281 
 5282 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5283 #: sssd-ldap.5.xml:247
 5284 msgid "Default: exop"
 5285 msgstr ""
 5286 
 5287 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5288 #: sssd-ldap.5.xml:253
 5289 msgid "ldap_default_bind_dn (string)"
 5290 msgstr ""
 5291 
 5292 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5293 #: sssd-ldap.5.xml:256
 5294 msgid "The default bind DN to use for performing LDAP operations."
 5295 msgstr ""
 5296 
 5297 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5298 #: sssd-ldap.5.xml:263
 5299 msgid "ldap_default_authtok_type (string)"
 5300 msgstr ""
 5301 
 5302 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5303 #: sssd-ldap.5.xml:266
 5304 msgid "The type of the authentication token of the default bind DN."
 5305 msgstr ""
 5306 
 5307 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5308 #: sssd-ldap.5.xml:270
 5309 msgid "The two mechanisms currently supported are:"
 5310 msgstr ""
 5311 
 5312 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5313 #: sssd-ldap.5.xml:273
 5314 msgid "password"
 5315 msgstr ""
 5316 
 5317 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5318 #: sssd-ldap.5.xml:276
 5319 msgid "obfuscated_password"
 5320 msgstr ""
 5321 
 5322 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5323 #: sssd-ldap.5.xml:279
 5324 msgid "Default: password"
 5325 msgstr ""
 5326 
 5327 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5328 #: sssd-ldap.5.xml:282
 5329 msgid ""
 5330 "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> "
 5331 "<manvolnum>8</manvolnum> </citerefentry> manual page for more information."
 5332 msgstr ""
 5333 
 5334 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5335 #: sssd-ldap.5.xml:293
 5336 msgid "ldap_default_authtok (string)"
 5337 msgstr ""
 5338 
 5339 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5340 #: sssd-ldap.5.xml:296
 5341 msgid "The authentication token of the default bind DN."
 5342 msgstr ""
 5343 
 5344 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5345 #: sssd-ldap.5.xml:302
 5346 msgid "ldap_force_upper_case_realm (boolean)"
 5347 msgstr ""
 5348 
 5349 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5350 #: sssd-ldap.5.xml:305
 5351 msgid ""
 5352 "Some directory servers, for example Active Directory, might deliver the "
 5353 "realm part of the UPN in lower case, which might cause the authentication to "
 5354 "fail. Set this option to a non-zero value if you want to use an upper-case "
 5355 "realm."
 5356 msgstr ""
 5357 
 5358 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5359 #: sssd-ldap.5.xml:318
 5360 msgid "ldap_enumeration_refresh_timeout (integer)"
 5361 msgstr ""
 5362 
 5363 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5364 #: sssd-ldap.5.xml:321
 5365 msgid ""
 5366 "Specifies how many seconds SSSD has to wait before refreshing its cache of "
 5367 "enumerated records."
 5368 msgstr ""
 5369 
 5370 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5371 #: sssd-ldap.5.xml:332
 5372 msgid "ldap_purge_cache_timeout (integer)"
 5373 msgstr ""
 5374 
 5375 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5376 #: sssd-ldap.5.xml:335
 5377 msgid ""
 5378 "Determine how often to check the cache for inactive entries (such as groups "
 5379 "with no members and users who have never logged in) and remove them to save "
 5380 "space."
 5381 msgstr ""
 5382 
 5383 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5384 #: sssd-ldap.5.xml:341
 5385 msgid ""
 5386 "Setting this option to zero will disable the cache cleanup operation. Please "
 5387 "note that if enumeration is enabled, the cleanup task is required in order "
 5388 "to detect entries removed from the server and can't be disabled. By default, "
 5389 "the cleanup task will run every 3 hours with enumeration enabled."
 5390 msgstr ""
 5391 
 5392 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5393 #: sssd-ldap.5.xml:356
 5394 msgid "ldap_group_nesting_level (integer)"
 5395 msgstr ""
 5396 
 5397 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5398 #: sssd-ldap.5.xml:359
 5399 msgid ""
 5400 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 5401 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
 5402 "follow. This option has no effect on the RFC2307 schema."
 5403 msgstr ""
 5404 
 5405 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5406 #: sssd-ldap.5.xml:366
 5407 msgid ""
 5408 "Note: This option specifies the guaranteed level of nested groups to be "
 5409 "processed for any lookup. However, nested groups beyond this limit "
 5410 "<emphasis>may be</emphasis> returned if previous lookups already resolved "
 5411 "the deeper nesting levels.  Also, subsequent lookups for other groups may "
 5412 "enlarge the result set for original lookup if re-queried."
 5413 msgstr ""
 5414 
 5415 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5416 #: sssd-ldap.5.xml:375
 5417 msgid ""
 5418 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 5419 "at all. However, when connected to Active-Directory Server 2008 and later "
 5420 "using <quote>id_provider=ad</quote> it is furthermore required to disable "
 5421 "usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
 5422 "restrict group nesting."
 5423 msgstr ""
 5424 
 5425 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5426 #: sssd-ldap.5.xml:384
 5427 msgid "Default: 2"
 5428 msgstr ""
 5429 
 5430 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5431 #: sssd-ldap.5.xml:393
 5432 msgid ""
 5433 "This options enables or disables use of Token-Groups attribute when "
 5434 "performing initgroup for users from Active Directory Server 2008 and later."
 5435 msgstr ""
 5436 
 5437 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5438 #: sssd-ldap.5.xml:398
 5439 msgid "Default: True for AD and IPA otherwise False."
 5440 msgstr ""
 5441 
 5442 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5443 #: sssd-ldap.5.xml:404
 5444 msgid "ldap_host_search_base (string)"
 5445 msgstr ""
 5446 
 5447 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5448 #: sssd-ldap.5.xml:407
 5449 msgid "Optional. Use the given string as search base for host objects."
 5450 msgstr ""
 5451 
 5452 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5453 #: sssd-ldap.5.xml:411 sssd-ipa.5.xml:389 sssd-ipa.5.xml:408 sssd-ipa.5.xml:427
 5454 #: sssd-ipa.5.xml:446
 5455 msgid ""
 5456 "See <quote>ldap_search_base</quote> for information about configuring "
 5457 "multiple search bases."
 5458 msgstr ""
 5459 
 5460 #. type: Content of: <listitem><para>
 5461 #: sssd-ldap.5.xml:416 sssd-ipa.5.xml:394 include/ldap_search_bases.xml:27
 5462 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 5463 msgstr ""
 5464 
 5465 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5466 #: sssd-ldap.5.xml:423
 5467 msgid "ldap_service_search_base (string)"
 5468 msgstr ""
 5469 
 5470 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5471 #: sssd-ldap.5.xml:428
 5472 msgid "ldap_iphost_search_base (string)"
 5473 msgstr ""
 5474 
 5475 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5476 #: sssd-ldap.5.xml:433
 5477 msgid "ldap_ipnetwork_search_base (string)"
 5478 msgstr ""
 5479 
 5480 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5481 #: sssd-ldap.5.xml:438
 5482 msgid "ldap_search_timeout (integer)"
 5483 msgstr ""
 5484 
 5485 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5486 #: sssd-ldap.5.xml:441
 5487 msgid ""
 5488 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 5489 "before they are cancelled and cached results are returned (and offline mode "
 5490 "is entered)"
 5491 msgstr ""
 5492 
 5493 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5494 #: sssd-ldap.5.xml:447
 5495 msgid ""
 5496 "Note: this option is subject to change in future versions of the SSSD. It "
 5497 "will likely be replaced at some point by a series of timeouts for specific "
 5498 "lookup types."
 5499 msgstr ""
 5500 
 5501 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5502 #: sssd-ldap.5.xml:459
 5503 msgid "ldap_enumeration_search_timeout (integer)"
 5504 msgstr ""
 5505 
 5506 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5507 #: sssd-ldap.5.xml:462
 5508 msgid ""
 5509 "Specifies the timeout (in seconds) that ldap searches for user and group "
 5510 "enumerations are allowed to run before they are cancelled and cached results "
 5511 "are returned (and offline mode is entered)"
 5512 msgstr ""
 5513 
 5514 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5515 #: sssd-ldap.5.xml:475
 5516 msgid "ldap_network_timeout (integer)"
 5517 msgstr ""
 5518 
 5519 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5520 #: sssd-ldap.5.xml:478
 5521 msgid ""
 5522 "Specifies the timeout (in seconds) after which the <citerefentry> "
 5523 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
 5524 "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
 5525 "manvolnum> </citerefentry> following a <citerefentry> "
 5526 "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
 5527 "citerefentry> returns in case of no activity."
 5528 msgstr ""
 5529 
 5530 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5531 #: sssd-ldap.5.xml:501
 5532 msgid "ldap_opt_timeout (integer)"
 5533 msgstr ""
 5534 
 5535 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5536 #: sssd-ldap.5.xml:504
 5537 msgid ""
 5538 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 5539 "will abort if no response is received. Also controls the timeout when "
 5540 "communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
 5541 "operation, password change extended operation and the StartTLS operation."
 5542 msgstr ""
 5543 
 5544 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5545 #: sssd-ldap.5.xml:519
 5546 msgid "ldap_connection_expire_timeout (integer)"
 5547 msgstr ""
 5548 
 5549 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5550 #: sssd-ldap.5.xml:522
 5551 msgid ""
 5552 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 5553 "maintained. After this time, the connection will be re-established. If used "
 5554 "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
 5555 "the TGT lifetime)  will be used."
 5556 msgstr ""
 5557 
 5558 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5559 #: sssd-ldap.5.xml:530
 5560 msgid ""
 5561 "This timeout can be extended of a random value specified by "
 5562 "<emphasis>ldap_connection_expire_offset</emphasis>"
 5563 msgstr ""
 5564 
 5565 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5566 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:1565
 5567 msgid "Default: 900 (15 minutes)"
 5568 msgstr ""
 5569 
 5570 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5571 #: sssd-ldap.5.xml:541
 5572 msgid "ldap_connection_expire_offset (integer)"
 5573 msgstr ""
 5574 
 5575 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5576 #: sssd-ldap.5.xml:544
 5577 msgid ""
 5578 "Random offset between 0 and configured value is added to "
 5579 "<emphasis>ldap_connection_expire_timeout</emphasis>."
 5580 msgstr ""
 5581 
 5582 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5583 #: sssd-ldap.5.xml:555
 5584 msgid "ldap_page_size (integer)"
 5585 msgstr ""
 5586 
 5587 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5588 #: sssd-ldap.5.xml:558
 5589 msgid ""
 5590 "Specify the number of records to retrieve from LDAP in a single request. "
 5591 "Some LDAP servers enforce a maximum limit per-request."
 5592 msgstr ""
 5593 
 5594 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 5595 #: sssd-ldap.5.xml:563 include/failover.xml:84
 5596 msgid "Default: 1000"
 5597 msgstr ""
 5598 
 5599 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5600 #: sssd-ldap.5.xml:569
 5601 msgid "ldap_disable_paging (boolean)"
 5602 msgstr ""
 5603 
 5604 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5605 #: sssd-ldap.5.xml:572
 5606 msgid ""
 5607 "Disable the LDAP paging control. This option should be used if the LDAP "
 5608 "server reports that it supports the LDAP paging control in its RootDSE but "
 5609 "it is not enabled or does not behave properly."
 5610 msgstr ""
 5611 
 5612 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5613 #: sssd-ldap.5.xml:578
 5614 msgid ""
 5615 "Example: OpenLDAP servers with the paging control module installed on the "
 5616 "server but not enabled will report it in the RootDSE but be unable to use it."
 5617 msgstr ""
 5618 
 5619 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5620 #: sssd-ldap.5.xml:584
 5621 msgid ""
 5622 "Example: 389 DS has a bug where it can only support a one paging control at "
 5623 "a time on a single connection. On busy clients, this can result in some "
 5624 "requests being denied."
 5625 msgstr ""
 5626 
 5627 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5628 #: sssd-ldap.5.xml:596
 5629 msgid "ldap_disable_range_retrieval (boolean)"
 5630 msgstr ""
 5631 
 5632 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5633 #: sssd-ldap.5.xml:599
 5634 msgid "Disable Active Directory range retrieval."
 5635 msgstr ""
 5636 
 5637 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5638 #: sssd-ldap.5.xml:602
 5639 msgid ""
 5640 "Active Directory limits the number of members to be retrieved in a single "
 5641 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
 5642 "group contains more members, the reply would include an AD-specific range "
 5643 "extension. This option disables parsing of the range extension, therefore "
 5644 "large groups will appear as having no members."
 5645 msgstr ""
 5646 
 5647 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5648 #: sssd-ldap.5.xml:617
 5649 msgid "ldap_sasl_minssf (integer)"
 5650 msgstr ""
 5651 
 5652 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5653 #: sssd-ldap.5.xml:620
 5654 msgid ""
 5655 "When communicating with an LDAP server using SASL, specify the minimum "
 5656 "security level necessary to establish the connection. The values of this "
 5657 "option are defined by OpenLDAP."
 5658 msgstr ""
 5659 
 5660 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5661 #: sssd-ldap.5.xml:626 sssd-ldap.5.xml:642
 5662 msgid "Default: Use the system default (usually specified by ldap.conf)"
 5663 msgstr ""
 5664 
 5665 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5666 #: sssd-ldap.5.xml:633
 5667 msgid "ldap_sasl_maxssf (integer)"
 5668 msgstr ""
 5669 
 5670 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5671 #: sssd-ldap.5.xml:636
 5672 msgid ""
 5673 "When communicating with an LDAP server using SASL, specify the maximal "
 5674 "security level necessary to establish the connection. The values of this "
 5675 "option are defined by OpenLDAP."
 5676 msgstr ""
 5677 
 5678 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5679 #: sssd-ldap.5.xml:649
 5680 msgid "ldap_deref_threshold (integer)"
 5681 msgstr ""
 5682 
 5683 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5684 #: sssd-ldap.5.xml:652
 5685 msgid ""
 5686 "Specify the number of group members that must be missing from the internal "
 5687 "cache in order to trigger a dereference lookup. If less members are missing, "
 5688 "they are looked up individually."
 5689 msgstr ""
 5690 
 5691 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5692 #: sssd-ldap.5.xml:658
 5693 msgid ""
 5694 "You can turn off dereference lookups completely by setting the value to 0. "
 5695 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
 5696 "provider, that are only implemented using the dereference call, so even with "
 5697 "dereference explicitly disabled, those parts will still use dereference if "
 5698 "the server supports it and advertises the dereference control in the rootDSE "
 5699 "object."
 5700 msgstr ""
 5701 
 5702 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5703 #: sssd-ldap.5.xml:669
 5704 msgid ""
 5705 "A dereference lookup is a means of fetching all group members in a single "
 5706 "LDAP call.  Different LDAP servers may implement different dereference "
 5707 "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
 5708 "Directory."
 5709 msgstr ""
 5710 
 5711 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5712 #: sssd-ldap.5.xml:677
 5713 msgid ""
 5714 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 5715 "filter, then the dereference lookup performance enhancement will be disabled "
 5716 "regardless of this setting."
 5717 msgstr ""
 5718 
 5719 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5720 #: sssd-ldap.5.xml:690
 5721 msgid "ldap_tls_reqcert (string)"
 5722 msgstr ""
 5723 
 5724 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5725 #: sssd-ldap.5.xml:693
 5726 msgid ""
 5727 "Specifies what checks to perform on server certificates in a TLS session, if "
 5728 "any. It can be specified as one of the following values:"
 5729 msgstr ""
 5730 
 5731 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5732 #: sssd-ldap.5.xml:699
 5733 msgid ""
 5734 "<emphasis>never</emphasis> = The client will not request or check any server "
 5735 "certificate."
 5736 msgstr ""
 5737 
 5738 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5739 #: sssd-ldap.5.xml:703
 5740 msgid ""
 5741 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 5742 "certificate is provided, the session proceeds normally. If a bad certificate "
 5743 "is provided, it will be ignored and the session proceeds normally."
 5744 msgstr ""
 5745 
 5746 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5747 #: sssd-ldap.5.xml:710
 5748 msgid ""
 5749 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 5750 "certificate is provided, the session proceeds normally. If a bad certificate "
 5751 "is provided, the session is immediately terminated."
 5752 msgstr ""
 5753 
 5754 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5755 #: sssd-ldap.5.xml:716
 5756 msgid ""
 5757 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 5758 "certificate is provided, or a bad certificate is provided, the session is "
 5759 "immediately terminated."
 5760 msgstr ""
 5761 
 5762 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5763 #: sssd-ldap.5.xml:722
 5764 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 5765 msgstr ""
 5766 
 5767 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5768 #: sssd-ldap.5.xml:726
 5769 msgid "Default: hard"
 5770 msgstr ""
 5771 
 5772 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5773 #: sssd-ldap.5.xml:732
 5774 msgid "ldap_tls_cacert (string)"
 5775 msgstr ""
 5776 
 5777 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5778 #: sssd-ldap.5.xml:735
 5779 msgid ""
 5780 "Specifies the file that contains certificates for all of the Certificate "
 5781 "Authorities that <command>sssd</command> will recognize."
 5782 msgstr ""
 5783 
 5784 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5785 #: sssd-ldap.5.xml:740 sssd-ldap.5.xml:758 sssd-ldap.5.xml:799
 5786 msgid ""
 5787 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 5788 "conf</filename>"
 5789 msgstr ""
 5790 
 5791 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5792 #: sssd-ldap.5.xml:747
 5793 msgid "ldap_tls_cacertdir (string)"
 5794 msgstr ""
 5795 
 5796 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5797 #: sssd-ldap.5.xml:750
 5798 msgid ""
 5799 "Specifies the path of a directory that contains Certificate Authority "
 5800 "certificates in separate individual files. Typically the file names need to "
 5801 "be the hash of the certificate followed by '.0'.  If available, "
 5802 "<command>cacertdir_rehash</command> can be used to create the correct names."
 5803 msgstr ""
 5804 
 5805 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5806 #: sssd-ldap.5.xml:765
 5807 msgid "ldap_tls_cert (string)"
 5808 msgstr ""
 5809 
 5810 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5811 #: sssd-ldap.5.xml:768
 5812 msgid "Specifies the file that contains the certificate for the client's key."
 5813 msgstr ""
 5814 
 5815 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5816 #: sssd-ldap.5.xml:778
 5817 msgid "ldap_tls_key (string)"
 5818 msgstr ""
 5819 
 5820 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5821 #: sssd-ldap.5.xml:781
 5822 msgid "Specifies the file that contains the client's key."
 5823 msgstr ""
 5824 
 5825 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5826 #: sssd-ldap.5.xml:790
 5827 msgid "ldap_tls_cipher_suite (string)"
 5828 msgstr ""
 5829 
 5830 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5831 #: sssd-ldap.5.xml:793
 5832 msgid ""
 5833 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 5834 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
 5835 "<manvolnum>5</manvolnum></citerefentry> for format."
 5836 msgstr ""
 5837 
 5838 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5839 #: sssd-ldap.5.xml:806
 5840 msgid "ldap_id_use_start_tls (boolean)"
 5841 msgstr ""
 5842 
 5843 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5844 #: sssd-ldap.5.xml:809
 5845 msgid ""
 5846 "Specifies that the id_provider connection must also use <systemitem class="
 5847 "\"protocol\">tls</systemitem> to protect the channel."
 5848 msgstr ""
 5849 
 5850 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5851 #: sssd-ldap.5.xml:819
 5852 msgid "ldap_id_mapping (boolean)"
 5853 msgstr ""
 5854 
 5855 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5856 #: sssd-ldap.5.xml:822
 5857 msgid ""
 5858 "Specifies that SSSD should attempt to map user and group IDs from the "
 5859 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
 5860 "on ldap_user_uid_number and ldap_group_gid_number."
 5861 msgstr ""
 5862 
 5863 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5864 #: sssd-ldap.5.xml:828
 5865 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 5866 msgstr ""
 5867 
 5868 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5869 #: sssd-ldap.5.xml:838
 5870 msgid "ldap_min_id, ldap_max_id (integer)"
 5871 msgstr ""
 5872 
 5873 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5874 #: sssd-ldap.5.xml:841
 5875 msgid ""
 5876 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 5877 "set to true the allowed ID range for ldap_user_uid_number and "
 5878 "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
 5879 "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
 5880 "can be set to restrict the allowed range for the IDs which are read directly "
 5881 "from the server. Sub-domains can then pick other ranges to map IDs."
 5882 msgstr ""
 5883 
 5884 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5885 #: sssd-ldap.5.xml:853
 5886 msgid "Default: not set (both options are set to 0)"
 5887 msgstr ""
 5888 
 5889 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5890 #: sssd-ldap.5.xml:859
 5891 msgid "ldap_sasl_mech (string)"
 5892 msgstr ""
 5893 
 5894 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5895 #: sssd-ldap.5.xml:862
 5896 msgid ""
 5897 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 5898 "tested and supported."
 5899 msgstr ""
 5900 
 5901 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5902 #: sssd-ldap.5.xml:866
 5903 msgid ""
 5904 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 5905 "automatically inherited to the sub-domains. If a different value is needed "
 5906 "for a sub-domain it can be overwritten by setting ldap_sasl_mech for this "
 5907 "sub-domain explicitly.  Please see TRUSTED DOMAIN SECTION in "
 5908 "<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 5909 "manvolnum></citerefentry> for details."
 5910 msgstr ""
 5911 
 5912 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5913 #: sssd-ldap.5.xml:882
 5914 msgid "ldap_sasl_authid (string)"
 5915 msgstr ""
 5916 
 5917 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 5918 #: sssd-ldap.5.xml:894
 5919 #, no-wrap
 5920 msgid ""
 5921 "hostname@REALM\n"
 5922 "netbiosname$@REALM\n"
 5923 "host/hostname@REALM\n"
 5924 "*$@REALM\n"
 5925 "host/*@REALM\n"
 5926 "host/*\n"
 5927 "                            "
 5928 msgstr ""
 5929 
 5930 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5931 #: sssd-ldap.5.xml:885
 5932 msgid ""
 5933 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 5934 "this represents the Kerberos principal used for authentication to the "
 5935 "directory.  This option can either contain the full principal (for example "
 5936 "host/myhost@EXAMPLE.COM) or just the principal name (for example host/"
 5937 "myhost).  By default, the value is not set and the following principals are "
 5938 "used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are "
 5939 "found, the first principal in keytab is returned."
 5940 msgstr ""
 5941 
 5942 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5943 #: sssd-ldap.5.xml:905
 5944 msgid "Default: host/hostname@REALM"
 5945 msgstr ""
 5946 
 5947 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5948 #: sssd-ldap.5.xml:911
 5949 msgid "ldap_sasl_realm (string)"
 5950 msgstr ""
 5951 
 5952 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5953 #: sssd-ldap.5.xml:914
 5954 msgid ""
 5955 "Specify the SASL realm to use. When not specified, this option defaults to "
 5956 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
 5957 "well, this option is ignored."
 5958 msgstr ""
 5959 
 5960 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5961 #: sssd-ldap.5.xml:920
 5962 msgid "Default: the value of krb5_realm."
 5963 msgstr ""
 5964 
 5965 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5966 #: sssd-ldap.5.xml:926
 5967 msgid "ldap_sasl_canonicalize (boolean)"
 5968 msgstr ""
 5969 
 5970 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5971 #: sssd-ldap.5.xml:929
 5972 msgid ""
 5973 "If set to true, the LDAP library would perform a reverse lookup to "
 5974 "canonicalize the host name during a SASL bind."
 5975 msgstr ""
 5976 
 5977 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5978 #: sssd-ldap.5.xml:934
 5979 msgid "Default: false;"
 5980 msgstr ""
 5981 
 5982 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5983 #: sssd-ldap.5.xml:940
 5984 msgid "ldap_krb5_keytab (string)"
 5985 msgstr ""
 5986 
 5987 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5988 #: sssd-ldap.5.xml:943
 5989 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 5990 msgstr ""
 5991 
 5992 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5993 #: sssd-ldap.5.xml:947
 5994 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 5995 msgstr ""
 5996 
 5997 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5998 #: sssd-ldap.5.xml:953
 5999 msgid "ldap_krb5_init_creds (boolean)"
 6000 msgstr ""
 6001 
 6002 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6003 #: sssd-ldap.5.xml:956
 6004 msgid ""
 6005 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 6006 "action is performed only if SASL is used and the mechanism selected is "
 6007 "GSSAPI or GSS-SPNEGO."
 6008 msgstr ""
 6009 
 6010 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6011 #: sssd-ldap.5.xml:968
 6012 msgid "ldap_krb5_ticket_lifetime (integer)"
 6013 msgstr ""
 6014 
 6015 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6016 #: sssd-ldap.5.xml:971
 6017 msgid ""
 6018 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 6019 msgstr ""
 6020 
 6021 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6022 #: sssd-ldap.5.xml:975 sssd-ad.5.xml:1229
 6023 msgid "Default: 86400 (24 hours)"
 6024 msgstr ""
 6025 
 6026 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6027 #: sssd-ldap.5.xml:981 sssd-krb5.5.xml:74
 6028 msgid "krb5_server, krb5_backup_server (string)"
 6029 msgstr ""
 6030 
 6031 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6032 #: sssd-ldap.5.xml:984
 6033 msgid ""
 6034 "Specifies the comma-separated list of IP addresses or hostnames of the "
 6035 "Kerberos servers to which SSSD should connect in the order of preference. "
 6036 "For more information on failover and server redundancy, see the "
 6037 "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 6038 "colon) may be appended to the addresses or hostnames.  If empty, service "
 6039 "discovery is enabled - for more information, refer to the <quote>SERVICE "
 6040 "DISCOVERY</quote> section."
 6041 msgstr ""
 6042 
 6043 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6044 #: sssd-ldap.5.xml:996 sssd-krb5.5.xml:89
 6045 msgid ""
 6046 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 6047 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 6048 "none are found."
 6049 msgstr ""
 6050 
 6051 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6052 #: sssd-ldap.5.xml:1001 sssd-krb5.5.xml:94
 6053 msgid ""
 6054 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 6055 "While the legacy name is recognized for the time being, users are advised to "
 6056 "migrate their config files to use <quote>krb5_server</quote> instead."
 6057 msgstr ""
 6058 
 6059 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6060 #: sssd-ldap.5.xml:1010 sssd-ipa.5.xml:458 sssd-krb5.5.xml:103
 6061 msgid "krb5_realm (string)"
 6062 msgstr ""
 6063 
 6064 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6065 #: sssd-ldap.5.xml:1013
 6066 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 6067 msgstr ""
 6068 
 6069 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6070 #: sssd-ldap.5.xml:1017
 6071 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 6072 msgstr ""
 6073 
 6074 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6075 #: sssd-ldap.5.xml:1023 sssd-krb5.5.xml:462
 6076 msgid "krb5_canonicalize (boolean)"
 6077 msgstr ""
 6078 
 6079 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6080 #: sssd-ldap.5.xml:1026
 6081 msgid ""
 6082 "Specifies if the host principal should be canonicalized when connecting to "
 6083 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 6084 msgstr ""
 6085 
 6086 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6087 #: sssd-ldap.5.xml:1038 sssd-krb5.5.xml:477
 6088 msgid "krb5_use_kdcinfo (boolean)"
 6089 msgstr ""
 6090 
 6091 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6092 #: sssd-ldap.5.xml:1041 sssd-krb5.5.xml:480
 6093 msgid ""
 6094 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 6095 "which KDCs to use. This option is on by default, if you disable it, you need "
 6096 "to configure the Kerberos library using the <citerefentry> "
 6097 "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 6098 "citerefentry> configuration file."
 6099 msgstr ""
 6100 
 6101 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6102 #: sssd-ldap.5.xml:1052 sssd-krb5.5.xml:491
 6103 msgid ""
 6104 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 6105 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
 6106 "information on the locator plugin."
 6107 msgstr ""
 6108 
 6109 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6110 #: sssd-ldap.5.xml:1066
 6111 msgid "ldap_pwd_policy (string)"
 6112 msgstr ""
 6113 
 6114 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6115 #: sssd-ldap.5.xml:1069
 6116 msgid ""
 6117 "Select the policy to evaluate the password expiration on the client side. "
 6118 "The following values are allowed:"
 6119 msgstr ""
 6120 
 6121 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6122 #: sssd-ldap.5.xml:1074
 6123 msgid ""
 6124 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 6125 "cannot disable server-side password policies."
 6126 msgstr ""
 6127 
 6128 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6129 #: sssd-ldap.5.xml:1079
 6130 msgid ""
 6131 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 6132 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 6133 "evaluate if the password has expired."
 6134 msgstr ""
 6135 
 6136 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6137 #: sssd-ldap.5.xml:1085
 6138 msgid ""
 6139 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 6140 "to determine if the password has expired. Use chpass_provider=krb5 to update "
 6141 "these attributes when the password is changed."
 6142 msgstr ""
 6143 
 6144 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6145 #: sssd-ldap.5.xml:1094
 6146 msgid ""
 6147 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 6148 "side, it always takes precedence over policy set with this option."
 6149 msgstr ""
 6150 
 6151 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6152 #: sssd-ldap.5.xml:1102
 6153 msgid "ldap_referrals (boolean)"
 6154 msgstr ""
 6155 
 6156 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6157 #: sssd-ldap.5.xml:1105
 6158 msgid "Specifies whether automatic referral chasing should be enabled."
 6159 msgstr ""
 6160 
 6161 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6162 #: sssd-ldap.5.xml:1109
 6163 msgid ""
 6164 "Please note that sssd only supports referral chasing when it is compiled "
 6165 "with OpenLDAP version 2.4.13 or higher."
 6166 msgstr ""
 6167 
 6168 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6169 #: sssd-ldap.5.xml:1114
 6170 msgid ""
 6171 "Chasing referrals may incur a performance penalty in environments that use "
 6172 "them heavily, a notable example is Microsoft Active Directory. If your setup "
 6173 "does not in fact require the use of referrals, setting this option to false "
 6174 "might bring a noticeable performance improvement.  Setting this option to "
 6175 "false is therefore recommended in case the SSSD LDAP provider is used "
 6176 "together with Microsoft Active Directory as a backend. Even if SSSD would be "
 6177 "able to follow the referral to a different AD DC no additional data would be "
 6178 "available."
 6179 msgstr ""
 6180 
 6181 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6182 #: sssd-ldap.5.xml:1133
 6183 msgid "ldap_dns_service_name (string)"
 6184 msgstr ""
 6185 
 6186 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6187 #: sssd-ldap.5.xml:1136
 6188 msgid "Specifies the service name to use when service discovery is enabled."
 6189 msgstr ""
 6190 
 6191 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6192 #: sssd-ldap.5.xml:1140
 6193 msgid "Default: ldap"
 6194 msgstr ""
 6195 
 6196 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6197 #: sssd-ldap.5.xml:1146
 6198 msgid "ldap_chpass_dns_service_name (string)"
 6199 msgstr ""
 6200 
 6201 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6202 #: sssd-ldap.5.xml:1149
 6203 msgid ""
 6204 "Specifies the service name to use to find an LDAP server which allows "
 6205 "password changes when service discovery is enabled."
 6206 msgstr ""
 6207 
 6208 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6209 #: sssd-ldap.5.xml:1154
 6210 msgid "Default: not set, i.e. service discovery is disabled"
 6211 msgstr ""
 6212 
 6213 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6214 #: sssd-ldap.5.xml:1160
 6215 msgid "ldap_chpass_update_last_change (bool)"
 6216 msgstr ""
 6217 
 6218 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6219 #: sssd-ldap.5.xml:1163
 6220 msgid ""
 6221 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 6222 "days since the Epoch after a password change operation."
 6223 msgstr ""
 6224 
 6225 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6226 #: sssd-ldap.5.xml:1175
 6227 msgid "ldap_access_filter (string)"
 6228 msgstr ""
 6229 
 6230 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6231 #: sssd-ldap.5.xml:1178
 6232 msgid ""
 6233 "If using access_provider = ldap and ldap_access_order = filter (default), "
 6234 "this option is mandatory. It specifies an LDAP search filter criteria that "
 6235 "must be met for the user to be granted access on this host. If "
 6236 "access_provider = ldap, ldap_access_order = filter and this option is not "
 6237 "set, it will result in all users being denied access.  Use access_provider = "
 6238 "permit to change this default behavior. Please note that this filter is "
 6239 "applied on the LDAP user entry only and thus filtering based on nested "
 6240 "groups may not work (e.g. memberOf attribute on AD entries points only to "
 6241 "direct parents). If filtering based on nested groups is required, please see "
 6242 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
 6243 "manvolnum> </citerefentry>."
 6244 msgstr ""
 6245 
 6246 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6247 #: sssd-ldap.5.xml:1198
 6248 msgid "Example:"
 6249 msgstr ""
 6250 
 6251 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 6252 #: sssd-ldap.5.xml:1201
 6253 #, no-wrap
 6254 msgid ""
 6255 "access_provider = ldap\n"
 6256 "ldap_access_filter = (employeeType=admin)\n"
 6257 "                        "
 6258 msgstr ""
 6259 
 6260 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6261 #: sssd-ldap.5.xml:1205
 6262 msgid ""
 6263 "This example means that access to this host is restricted to users whose "
 6264 "employeeType attribute is set to \"admin\"."
 6265 msgstr ""
 6266 
 6267 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6268 #: sssd-ldap.5.xml:1210
 6269 msgid ""
 6270 "Offline caching for this feature is limited to determining whether the "
 6271 "user's last online login was granted access permission. If they were granted "
 6272 "access during their last login, they will continue to be granted access "
 6273 "while offline and vice versa."
 6274 msgstr ""
 6275 
 6276 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6277 #: sssd-ldap.5.xml:1218 sssd-ldap.5.xml:1275
 6278 msgid "Default: Empty"
 6279 msgstr ""
 6280 
 6281 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6282 #: sssd-ldap.5.xml:1224
 6283 msgid "ldap_account_expire_policy (string)"
 6284 msgstr ""
 6285 
 6286 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6287 #: sssd-ldap.5.xml:1227
 6288 msgid ""
 6289 "With this option a client side evaluation of access control attributes can "
 6290 "be enabled."
 6291 msgstr ""
 6292 
 6293 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6294 #: sssd-ldap.5.xml:1231
 6295 msgid ""
 6296 "Please note that it is always recommended to use server side access control, "
 6297 "i.e. the LDAP server should deny the bind request with a suitable error code "
 6298 "even if the password is correct."
 6299 msgstr ""
 6300 
 6301 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6302 #: sssd-ldap.5.xml:1238
 6303 msgid "The following values are allowed:"
 6304 msgstr ""
 6305 
 6306 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6307 #: sssd-ldap.5.xml:1241
 6308 msgid ""
 6309 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 6310 "determine if the account is expired."
 6311 msgstr ""
 6312 
 6313 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6314 #: sssd-ldap.5.xml:1246
 6315 msgid ""
 6316 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 6317 "ldap_user_ad_user_account_control and allow access if the second bit is not "
 6318 "set. If the attribute is missing access is granted. Also the expiration time "
 6319 "of the account is checked."
 6320 msgstr ""
 6321 
 6322 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6323 #: sssd-ldap.5.xml:1253
 6324 msgid ""
 6325 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 6326 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 6327 "allowed or not."
 6328 msgstr ""
 6329 
 6330 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6331 #: sssd-ldap.5.xml:1259
 6332 msgid ""
 6333 "<emphasis>nds</emphasis>: the values of "
 6334 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 6335 "ldap_user_nds_login_expiration_time are used to check if access is allowed. "
 6336 "If both attributes are missing access is granted."
 6337 msgstr ""
 6338 
 6339 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6340 #: sssd-ldap.5.xml:1268
 6341 msgid ""
 6342 "Please note that the ldap_access_order configuration option <emphasis>must</"
 6343 "emphasis> include <quote>expire</quote> in order for the "
 6344 "ldap_account_expire_policy option to work."
 6345 msgstr ""
 6346 
 6347 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6348 #: sssd-ldap.5.xml:1281
 6349 msgid "ldap_access_order (string)"
 6350 msgstr ""
 6351 
 6352 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6353 #: sssd-ldap.5.xml:1284
 6354 msgid "Comma separated list of access control options.  Allowed values are:"
 6355 msgstr ""
 6356 
 6357 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6358 #: sssd-ldap.5.xml:1288
 6359 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 6360 msgstr ""
 6361 
 6362 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6363 #: sssd-ldap.5.xml:1291
 6364 msgid ""
 6365 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 6366 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6367 "and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn.  "
 6368 "Please note that 'access_provider = ldap' must be set for this feature to "
 6369 "work."
 6370 msgstr ""
 6371 
 6372 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6373 #: sssd-ldap.5.xml:1301
 6374 msgid ""
 6375 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 6376 "quote> option and might be removed in a future release.  </emphasis>"
 6377 msgstr ""
 6378 
 6379 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6380 #: sssd-ldap.5.xml:1308
 6381 msgid ""
 6382 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 6383 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6384 "and has value of '000001010000Z' or represents any time in the past.  The "
 6385 "value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
 6386 "denotes the UTC time zone.  Other time zones are not currently supported and "
 6387 "will result in \"access-denied\" when users attempt to log in.  Please see "
 6388 "the option ldap_pwdlockout_dn.  Please note that 'access_provider = ldap' "
 6389 "must be set for this feature to work."
 6390 msgstr ""
 6391 
 6392 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6393 #: sssd-ldap.5.xml:1325
 6394 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 6395 msgstr ""
 6396 
 6397 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6398 #: sssd-ldap.5.xml:1329
 6399 msgid ""
 6400 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 6401 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
 6402 "interested in being warned that password is about to expire and "
 6403 "authentication is based on using a different method than passwords - for "
 6404 "example SSH keys."
 6405 msgstr ""
 6406 
 6407 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6408 #: sssd-ldap.5.xml:1339
 6409 msgid ""
 6410 "The difference between these options is the action taken if user password is "
 6411 "expired: pwd_expire_policy_reject - user is denied to log in, "
 6412 "pwd_expire_policy_warn - user is still able to log in, "
 6413 "pwd_expire_policy_renew - user is prompted to change his password "
 6414 "immediately."
 6415 msgstr ""
 6416 
 6417 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6418 #: sssd-ldap.5.xml:1347
 6419 msgid ""
 6420 "Note If user password is expired no explicit message is prompted by SSSD."
 6421 msgstr ""
 6422 
 6423 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6424 #: sssd-ldap.5.xml:1351
 6425 msgid ""
 6426 "Please note that 'access_provider = ldap' must be set for this feature to "
 6427 "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
 6428 msgstr ""
 6429 
 6430 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6431 #: sssd-ldap.5.xml:1356
 6432 msgid ""
 6433 "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
 6434 "to determine access"
 6435 msgstr ""
 6436 
 6437 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6438 #: sssd-ldap.5.xml:1361
 6439 msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
 6440 msgstr ""
 6441 
 6442 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><