"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.4.2/src/man/po/pt.po" (19 Feb 2021, 720305 Bytes) of package /linux/misc/sssd-2.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PO translation source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # SOME DESCRIPTIVE TITLE
    2 # Copyright (C) YEAR Red Hat
    3 # This file is distributed under the same license as the sssd-docs package.
    4 #
    5 # Translators:
    6 # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011
    7 msgid ""
    8 msgstr ""
    9 "Project-Id-Version: sssd-docs 2.3.0\n"
   10 "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
   11 "POT-Creation-Date: 2021-02-19 16:49+0100\n"
   12 "PO-Revision-Date: 2014-12-15 12:05-0500\n"
   13 "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
   14 "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
   15 "pt/)\n"
   16 "Language: pt\n"
   17 "MIME-Version: 1.0\n"
   18 "Content-Type: text/plain; charset=UTF-8\n"
   19 "Content-Transfer-Encoding: 8bit\n"
   20 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
   21 "X-Generator: Zanata 4.6.2\n"
   22 
   23 #. type: Content of: <reference><title>
   24 #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
   25 #: pam_sss_gss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5
   26 #: sss-certmap.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5
   27 #: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
   28 #: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
   29 #: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
   30 #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
   31 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
   32 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
   33 #: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
   34 #: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5
   35 msgid "SSSD Manual pages"
   36 msgstr "Páginas de Manual de SSSD"
   37 
   38 #. type: Content of: <reference><refentry><refnamediv><refname>
   39 #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
   40 msgid "sss_groupmod"
   41 msgstr "sss_groupmod"
   42 
   43 #. type: Content of: <reference><refentry><refmeta><manvolnum>
   44 #: sss_groupmod.8.xml:11 pam_sss.8.xml:12 pam_sss_gss.8.xml:12
   45 #: sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11
   46 #: sss_override.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11
   47 #: sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11
   48 #: sss_usermod.8.xml:11 sss_cache.8.xml:11 sss_debuglevel.8.xml:11
   49 #: sss_seed.8.xml:11 idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
   50 msgid "8"
   51 msgstr "8"
   52 
   53 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
   54 #: sss_groupmod.8.xml:16
   55 msgid "modify a group"
   56 msgstr "modificar um grupo"
   57 
   58 #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
   59 #: sss_groupmod.8.xml:21
   60 msgid ""
   61 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
   62 "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
   63 "arg>"
   64 msgstr ""
   65 "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Opções</"
   66 "replaceable></arg> <arg choice='plain'> <replaceable>grupo</replaceable></"
   67 "arg>"
   68 
   69 #. type: Content of: <reference><refentry><refsect1><title>
   70 #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:63
   71 #: pam_sss_gss.8.xml:30 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22
   72 #: sss-certmap.5.xml:21 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21
   73 #: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30
   74 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
   75 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
   76 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
   77 #: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
   78 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
   79 #: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
   80 #: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21
   81 msgid "DESCRIPTION"
   82 msgstr "DESCRIÇÃO"
   83 
   84 #. type: Content of: <reference><refentry><refsect1><para>
   85 #: sss_groupmod.8.xml:32
   86 msgid ""
   87 "<command>sss_groupmod</command> modifies the group to reflect the changes "
   88 "that are specified on the command line."
   89 msgstr ""
   90 "<command>sss_groupmod</command> modifica o grupo para refletir as alterações "
   91 "que são especificadas na linha de comando."
   92 
   93 #. type: Content of: <reference><refentry><refsect1><title>
   94 #: sss_groupmod.8.xml:39 pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42
   95 #: sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39
   96 #: sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39
   97 #: sss_usermod.8.xml:39 sss_cache.8.xml:39 sss_seed.8.xml:42
   98 #: sss_ssh_authorizedkeys.1.xml:123 sss_ssh_knownhostsproxy.1.xml:62
   99 msgid "OPTIONS"
  100 msgstr "Opções"
  101 
  102 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  103 #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
  104 msgid ""
  105 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
  106 "replaceable>"
  107 msgstr ""
  108 "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
  109 "replaceable>"
  110 
  111 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  112 #: sss_groupmod.8.xml:48
  113 msgid ""
  114 "Append this group to groups specified by the <replaceable>GROUPS</"
  115 "replaceable> parameter.  The <replaceable>GROUPS</replaceable> parameter is "
  116 "a comma separated list of group names."
  117 msgstr ""
  118 "Acrescente este grupo para grupos especificados pelo parâmetro de "
  119 "<replaceable>GROUPS</replaceable>.  O parâmetro de <replaceable>GROUPS</"
  120 "replaceable> é uma lista separada por vírgulas de nomes de grupo."
  121 
  122 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
  123 #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
  124 msgid ""
  125 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
  126 "replaceable>"
  127 msgstr ""
  128 "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
  129 "replaceable>"
  130 
  131 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  132 #: sss_groupmod.8.xml:62
  133 msgid ""
  134 "Remove this group from groups specified by the <replaceable>GROUPS</"
  135 "replaceable> parameter."
  136 msgstr ""
  137 "Remova este grupo de grupos especificados pelo parâmetro de "
  138 "<replaceable>GROUPS</replaceable>."
  139 
  140 #. type: Content of: <reference><refentry><refnamediv><refname>
  141 #: sssd.conf.5.xml:10 sssd.conf.5.xml:16
  142 msgid "sssd.conf"
  143 msgstr "sssd.conf"
  144 
  145 #. type: Content of: <reference><refentry><refmeta><manvolnum>
  146 #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
  147 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
  148 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
  149 #: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
  150 #: sssd-systemtap.5.xml:11 sssd-ldap-attributes.5.xml:11
  151 msgid "5"
  152 msgstr "5"
  153 
  154 #. type: Content of: <reference><refentry><refmeta><refmiscinfo>
  155 #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
  156 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
  157 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
  158 #: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
  159 #: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12
  160 msgid "File Formats and Conventions"
  161 msgstr "Formatos de ficheiros e convenções"
  162 
  163 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
  164 #: sssd.conf.5.xml:17
  165 msgid "the configuration file for SSSD"
  166 msgstr "o ficheiro de configuração para SSSD"
  167 
  168 #. type: Content of: <reference><refentry><refsect1><title>
  169 #: sssd.conf.5.xml:21
  170 msgid "FILE FORMAT"
  171 msgstr "FORMATAR FICHEIRO"
  172 
  173 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
  174 #: sssd.conf.5.xml:29
  175 #, no-wrap
  176 msgid ""
  177 "<replaceable>[section]</replaceable>\n"
  178 "<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
  179 "<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
  180 "            "
  181 msgstr ""
  182 
  183 #. type: Content of: <reference><refentry><refsect1><para>
  184 #: sssd.conf.5.xml:24
  185 msgid ""
  186 "The file has an ini-style syntax and consists of sections and parameters. A "
  187 "section begins with the name of the section in square brackets and continues "
  188 "until the next section begins. An example of section with single and multi-"
  189 "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
  190 msgstr ""
  191 
  192 #. type: Content of: <reference><refentry><refsect1><para>
  193 #: sssd.conf.5.xml:36
  194 msgid ""
  195 "The data types used are string (no quotes needed), integer and bool (with "
  196 "values of <quote>TRUE/FALSE</quote>)."
  197 msgstr ""
  198 "Os tipos de dados usados são cadeia de caracteres (sem aspas necessárias), "
  199 "inteiro e bool (com valores de <quote>TRUE/FALSE</quote>)."
  200 
  201 #. type: Content of: <reference><refentry><refsect1><para>
  202 #: sssd.conf.5.xml:41
  203 msgid ""
  204 "A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
  205 "(<quote>;</quote>).  Inline comments are not supported."
  206 msgstr ""
  207 
  208 #. type: Content of: <reference><refentry><refsect1><para>
  209 #: sssd.conf.5.xml:47
  210 msgid ""
  211 "All sections can have an optional <replaceable>description</replaceable> "
  212 "parameter. Its function is only as a label for the section."
  213 msgstr ""
  214 "Todas as seções podem ter um parâmetro opcional <replaceable>description</"
  215 "replaceable>. Sua função é apenas como um rótulo para a secção."
  216 
  217 #. type: Content of: <reference><refentry><refsect1><para>
  218 #: sssd.conf.5.xml:53
  219 msgid ""
  220 "<filename>sssd.conf</filename> must be a regular file, owned by root and "
  221 "only root may read from or write to the file."
  222 msgstr ""
  223 "<filename>sssd.conf</filename> deve ser um ficheiro regular, pertencente a "
  224 "raiz e somente raiz pode ler ou gravar o arquivo."
  225 
  226 #. type: Content of: <reference><refentry><refsect1><title>
  227 #: sssd.conf.5.xml:59
  228 msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
  229 msgstr ""
  230 
  231 #. type: Content of: <reference><refentry><refsect1><para>
  232 #: sssd.conf.5.xml:62
  233 msgid ""
  234 "The configuration file <filename>sssd.conf</filename> will include "
  235 "configuration snippets using the include directory <filename>conf.d</"
  236 "filename>. This feature is available if SSSD was compiled with libini "
  237 "version 1.3.0 or later."
  238 msgstr ""
  239 
  240 #. type: Content of: <reference><refentry><refsect1><para>
  241 #: sssd.conf.5.xml:69
  242 msgid ""
  243 "Any file placed in <filename>conf.d</filename> that ends in "
  244 "<quote><filename>.conf</filename></quote> and does not begin with a dot "
  245 "(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
  246 "to configure SSSD."
  247 msgstr ""
  248 
  249 #. type: Content of: <reference><refentry><refsect1><para>
  250 #: sssd.conf.5.xml:77
  251 msgid ""
  252 "The configuration snippets from <filename>conf.d</filename> have higher "
  253 "priority than <filename>sssd.conf</filename> and will override "
  254 "<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
  255 "present in <filename>conf.d</filename>, then they are included in "
  256 "alphabetical order (based on locale).  Files included later have higher "
  257 "priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
  258 "<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
  259 "(higher number means higher priority)."
  260 msgstr ""
  261 
  262 #. type: Content of: <reference><refentry><refsect1><para>
  263 #: sssd.conf.5.xml:91
  264 msgid ""
  265 "The snippet files require the same owner and permissions as <filename>sssd."
  266 "conf</filename>. Which are by default root:root and 0600."
  267 msgstr ""
  268 
  269 #. type: Content of: <reference><refentry><refsect1><title>
  270 #: sssd.conf.5.xml:98
  271 msgid "GENERAL OPTIONS"
  272 msgstr ""
  273 
  274 #. type: Content of: <reference><refentry><refsect1><para>
  275 #: sssd.conf.5.xml:100
  276 msgid "Following options are usable in more than one configuration sections."
  277 msgstr ""
  278 
  279 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  280 #: sssd.conf.5.xml:104
  281 msgid "Options usable in all sections"
  282 msgstr ""
  283 
  284 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  285 #: sssd.conf.5.xml:108
  286 msgid "debug_level (integer)"
  287 msgstr ""
  288 
  289 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  290 #: sssd.conf.5.xml:112
  291 msgid "debug (integer)"
  292 msgstr ""
  293 
  294 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  295 #: sssd.conf.5.xml:115
  296 msgid ""
  297 "SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
  298 "for <replaceable>debug_level</replaceable> as a convenience feature. If both "
  299 "are specified, the value of <replaceable>debug_level</replaceable> will be "
  300 "used."
  301 msgstr ""
  302 
  303 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  304 #: sssd.conf.5.xml:125
  305 msgid "debug_timestamps (bool)"
  306 msgstr ""
  307 
  308 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  309 #: sssd.conf.5.xml:128
  310 msgid ""
  311 "Add a timestamp to the debug messages.  If journald is enabled for SSSD "
  312 "debug logging this option is ignored."
  313 msgstr ""
  314 
  315 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
  316 #: sssd.conf.5.xml:133 sssd.conf.5.xml:331 sssd.conf.5.xml:612
  317 #: sssd.conf.5.xml:941 sssd.conf.5.xml:1936 sssd.conf.5.xml:1966
  318 #: sssd-ldap.5.xml:962 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1127
  319 #: sssd-ldap.5.xml:1579 sssd-ldap.5.xml:1644 sssd-ipa.5.xml:341
  320 #: sssd-ad.5.xml:229 sssd-ad.5.xml:343 sssd-ad.5.xml:1177 sssd-ad.5.xml:1325
  321 #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
  322 msgid "Default: true"
  323 msgstr ""
  324 
  325 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  326 #: sssd.conf.5.xml:138
  327 msgid "debug_microseconds (bool)"
  328 msgstr "debug_microseconds (bool)"
  329 
  330 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  331 #: sssd.conf.5.xml:141
  332 msgid ""
  333 "Add microseconds to the timestamp in debug messages.  If journald is enabled "
  334 "for SSSD debug logging this option is ignored."
  335 msgstr ""
  336 
  337 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  338 #: sssd.conf.5.xml:146 sssd.conf.5.xml:609 sssd.conf.5.xml:823
  339 #: sssd.conf.5.xml:1869 sssd.conf.5.xml:3686 sssd-ldap.5.xml:312
  340 #: sssd-ldap.5.xml:813 sssd-ldap.5.xml:832 sssd-ldap.5.xml:1032
  341 #: sssd-ldap.5.xml:1463 sssd-ldap.5.xml:1668 sssd-ipa.5.xml:151
  342 #: sssd-ipa.5.xml:253 sssd-ipa.5.xml:589 sssd-ad.5.xml:1083 sssd-krb5.5.xml:266
  343 #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471 sssd-krb5.5.xml:573
  344 msgid "Default: false"
  345 msgstr "Padrão: false"
  346 
  347 #. type: Content of: outside any tag (error?)
  348 #: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1520
  349 #: sssd-ldap.5.xml:1691 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
  350 #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
  351 #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
  352 #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
  353 #: sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028
  354 #: sssd-ldap-attributes.5.xml:1186 sssd-ldap-attributes.5.xml:1231
  355 #: include/autofs_attributes.xml:1
  356 msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
  357 msgstr ""
  358 
  359 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  360 #: sssd.conf.5.xml:155
  361 msgid "Options usable in SERVICE and DOMAIN sections"
  362 msgstr ""
  363 
  364 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  365 #: sssd.conf.5.xml:159
  366 msgid "timeout (integer)"
  367 msgstr "timeout (integer)"
  368 
  369 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  370 #: sssd.conf.5.xml:162
  371 msgid ""
  372 "Timeout in seconds between heartbeats for this service. This is used to "
  373 "ensure that the process is alive and capable of answering requests. Note "
  374 "that after three missed heartbeats the process will terminate itself."
  375 msgstr ""
  376 
  377 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  378 #: sssd.conf.5.xml:169 sssd.conf.5.xml:1161 sssd.conf.5.xml:1550
  379 #: sssd.conf.5.xml:3702 sssd-ldap.5.xml:684 include/ldap_id_mapping.xml:264
  380 msgid "Default: 10"
  381 msgstr "Padrão: 10"
  382 
  383 #. type: Content of: <reference><refentry><refsect1><title>
  384 #: sssd.conf.5.xml:179
  385 msgid "SPECIAL SECTIONS"
  386 msgstr "SECÇÕES ESPECIAIS"
  387 
  388 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  389 #: sssd.conf.5.xml:182
  390 msgid "The [sssd] section"
  391 msgstr "A seção [SSSD]"
  392 
  393 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
  394 #: sssd.conf.5.xml:191 sssd.conf.5.xml:3791
  395 msgid "Section parameters"
  396 msgstr "Parâmetros de secção"
  397 
  398 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  399 #: sssd.conf.5.xml:193
  400 msgid "config_file_version (integer)"
  401 msgstr "config_file_version (integer)"
  402 
  403 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  404 #: sssd.conf.5.xml:196
  405 msgid ""
  406 "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
  407 "version 2."
  408 msgstr ""
  409 "Indica qual é a sintaxe do arquivo config. SSSD 0.6.0 e posterior utilização "
  410 "versão 2."
  411 
  412 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  413 #: sssd.conf.5.xml:202
  414 msgid "services"
  415 msgstr "serviços"
  416 
  417 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  418 #: sssd.conf.5.xml:205
  419 msgid ""
  420 "Comma separated list of services that are started when sssd itself starts.  "
  421 "<phrase condition=\"have_systemd\"> The services' list is optional on "
  422 "platforms where systemd is supported, as they will either be socket or D-Bus "
  423 "activated when needed.  </phrase>"
  424 msgstr ""
  425 
  426 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  427 #: sssd.conf.5.xml:214
  428 msgid ""
  429 "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
  430 "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
  431 "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
  432 "phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
  433 msgstr ""
  434 
  435 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  436 #: sssd.conf.5.xml:222
  437 msgid ""
  438 "<phrase condition=\"have_systemd\"> By default, all services are disabled "
  439 "and the administrator must enable the ones allowed to be used by executing: "
  440 "\"systemctl enable sssd-@service@.socket\".  </phrase>"
  441 msgstr ""
  442 
  443 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  444 #: sssd.conf.5.xml:231 sssd.conf.5.xml:683
  445 msgid "reconnection_retries (integer)"
  446 msgstr "reconnection_retries (integer)"
  447 
  448 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  449 #: sssd.conf.5.xml:234 sssd.conf.5.xml:686
  450 msgid ""
  451 "Number of times services should attempt to reconnect in the event of a Data "
  452 "Provider crash or restart before they give up"
  453 msgstr ""
  454 "Número de vezes que os serviços devem tentar reconectar-se no caso de uma "
  455 "falha do provedor de dados ou reiniciar antes de eles desistirem"
  456 
  457 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  458 #: sssd.conf.5.xml:239 sssd.conf.5.xml:691 include/failover.xml:100
  459 msgid "Default: 3"
  460 msgstr "Padrão: 3"
  461 
  462 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  463 #: sssd.conf.5.xml:244
  464 msgid "domains"
  465 msgstr "domínios"
  466 
  467 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  468 #: sssd.conf.5.xml:247
  469 msgid ""
  470 "A domain is a database containing user information. SSSD can use more "
  471 "domains at the same time, but at least one must be configured or SSSD won't "
  472 "start.  This parameter describes the list of domains in the order you want "
  473 "them to be queried.  A domain name is recommended to contain only "
  474 "alphanumeric ASCII characters, dashes, dots and underscores. '/' character "
  475 "is forbidden."
  476 msgstr ""
  477 
  478 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  479 #: sssd.conf.5.xml:260 sssd.conf.5.xml:3203
  480 msgid "re_expression (string)"
  481 msgstr "re_expression (string)"
  482 
  483 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  484 #: sssd.conf.5.xml:263
  485 msgid ""
  486 "Default regular expression that describes how to parse the string containing "
  487 "user name and domain into these components."
  488 msgstr ""
  489 
  490 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  491 #: sssd.conf.5.xml:268
  492 msgid ""
  493 "Each domain can have an individual regular expression configured. For some "
  494 "ID providers there are also default regular expressions. See DOMAIN SECTIONS "
  495 "for more info on these regular expressions."
  496 msgstr ""
  497 
  498 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
  499 #: sssd.conf.5.xml:277 sssd.conf.5.xml:3251
  500 msgid "full_name_format (string)"
  501 msgstr "full_name_format (string)"
  502 
  503 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  504 #: sssd.conf.5.xml:280 sssd.conf.5.xml:3254
  505 msgid ""
  506 "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
  507 "manvolnum> </citerefentry>-compatible format that describes how to compose a "
  508 "fully qualified name from user name and domain name components."
  509 msgstr ""
  510 
  511 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  512 #: sssd.conf.5.xml:291 sssd.conf.5.xml:3265
  513 msgid "%1$s"
  514 msgstr ""
  515 
  516 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  517 #: sssd.conf.5.xml:292 sssd.conf.5.xml:3266
  518 msgid "user name"
  519 msgstr ""
  520 
  521 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  522 #: sssd.conf.5.xml:295 sssd.conf.5.xml:3269
  523 msgid "%2$s"
  524 msgstr ""
  525 
  526 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  527 #: sssd.conf.5.xml:298 sssd.conf.5.xml:3272
  528 msgid "domain name as specified in the SSSD config file."
  529 msgstr ""
  530 
  531 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  532 #: sssd.conf.5.xml:304 sssd.conf.5.xml:3278
  533 msgid "%3$s"
  534 msgstr ""
  535 
  536 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  537 #: sssd.conf.5.xml:307 sssd.conf.5.xml:3281
  538 msgid ""
  539 "domain flat name. Mostly usable for Active Directory domains, both directly "
  540 "configured or discovered via IPA trusts."
  541 msgstr ""
  542 
  543 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  544 #: sssd.conf.5.xml:288 sssd.conf.5.xml:3262
  545 msgid ""
  546 "The following expansions are supported: <placeholder type=\"variablelist\" "
  547 "id=\"0\"/>"
  548 msgstr ""
  549 
  550 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  551 #: sssd.conf.5.xml:317
  552 msgid ""
  553 "Each domain can have an individual format string configured.  See DOMAIN "
  554 "SECTIONS for more info on this option."
  555 msgstr ""
  556 
  557 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  558 #: sssd.conf.5.xml:323
  559 msgid "monitor_resolv_conf (boolean)"
  560 msgstr ""
  561 
  562 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  563 #: sssd.conf.5.xml:326
  564 msgid ""
  565 "Controls if SSSD should monitor the state of resolv.conf to identify when it "
  566 "needs to update its internal DNS resolver."
  567 msgstr ""
  568 
  569 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  570 #: sssd.conf.5.xml:336
  571 msgid "try_inotify (boolean)"
  572 msgstr "try_inotify (boolean)"
  573 
  574 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  575 #: sssd.conf.5.xml:339
  576 msgid ""
  577 "By default, SSSD will attempt to use inotify to monitor configuration files "
  578 "changes and will fall back to polling every five seconds if inotify cannot "
  579 "be used."
  580 msgstr ""
  581 
  582 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  583 #: sssd.conf.5.xml:345
  584 msgid ""
  585 "There are some limited situations where it is preferred that we should skip "
  586 "even trying to use inotify. In these rare cases, this option should be set "
  587 "to 'false'"
  588 msgstr ""
  589 
  590 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  591 #: sssd.conf.5.xml:351
  592 msgid ""
  593 "Default: true on platforms where inotify is supported. False on other "
  594 "platforms."
  595 msgstr ""
  596 
  597 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  598 #: sssd.conf.5.xml:355
  599 msgid ""
  600 "Note: this option will have no effect on platforms where inotify is "
  601 "unavailable. On these platforms, polling will always be used."
  602 msgstr ""
  603 
  604 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  605 #: sssd.conf.5.xml:362
  606 msgid "krb5_rcache_dir (string)"
  607 msgstr "krb5_rcache_dir (string)"
  608 
  609 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  610 #: sssd.conf.5.xml:365
  611 msgid ""
  612 "Directory on the filesystem where SSSD should store Kerberos replay cache "
  613 "files."
  614 msgstr ""
  615 
  616 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  617 #: sssd.conf.5.xml:369
  618 msgid ""
  619 "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
  620 "SSSD to let libkrb5 decide the appropriate location for the replay cache."
  621 msgstr ""
  622 
  623 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  624 #: sssd.conf.5.xml:375
  625 msgid ""
  626 "Default: Distribution-specific and specified at build-time. "
  627 "(__LIBKRB5_DEFAULTS__ if not configured)"
  628 msgstr ""
  629 
  630 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  631 #: sssd.conf.5.xml:382
  632 msgid "user (string)"
  633 msgstr ""
  634 
  635 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  636 #: sssd.conf.5.xml:385
  637 msgid ""
  638 "The user to drop the privileges to where appropriate to avoid running as the "
  639 "root user.  <phrase condition=\"have_systemd\"> This option does not work "
  640 "when running socket-activated services, as the user set up to run the "
  641 "processes is set up during compilation time.  The way to override the "
  642 "systemd unit files is by creating the appropriate files in /etc/systemd/"
  643 "system/.  Keep in mind that any change in the socket user, group or "
  644 "permissions may result in a non-usable SSSD. The same may occur in case of "
  645 "changes of the user running the NSS responder.  </phrase>"
  646 msgstr ""
  647 
  648 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  649 #: sssd.conf.5.xml:403
  650 msgid "Default: not set, process will run as root"
  651 msgstr ""
  652 
  653 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  654 #: sssd.conf.5.xml:408
  655 msgid "default_domain_suffix (string)"
  656 msgstr ""
  657 
  658 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  659 #: sssd.conf.5.xml:411
  660 msgid ""
  661 "This string will be used as a default domain name for all names without a "
  662 "domain name component. The main use case is environments where the primary "
  663 "domain is intended for managing host policies and all users are located in a "
  664 "trusted domain.  The option allows those users to log in just with their "
  665 "user name without giving a domain name as well."
  666 msgstr ""
  667 
  668 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  669 #: sssd.conf.5.xml:421
  670 msgid ""
  671 "Please note that if this option is set all users from the primary domain "
  672 "have to use their fully qualified name, e.g. user@domain.name, to log in. "
  673 "Setting this option changes default of use_fully_qualified_names to True. It "
  674 "is not allowed to use this option together with use_fully_qualified_names "
  675 "set to False. One exception from this rule are domains with "
  676 "<quote>id_provider=files</quote> that always try to match the behaviour of "
  677 "nss_files and therefore their output is not qualified even when the "
  678 "default_domain_suffix option is used."
  679 msgstr ""
  680 
  681 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
  682 #: sssd.conf.5.xml:436 sssd.conf.5.xml:1348 sssd-ldap.5.xml:772
  683 #: sssd-ldap.5.xml:784 sssd-ldap.5.xml:876 sssd-ad.5.xml:897 sssd-ad.5.xml:972
  684 #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:609
  685 #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
  686 #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
  687 #: sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205
  688 #: include/ldap_id_mapping.xml:216
  689 msgid "Default: not set"
  690 msgstr ""
  691 
  692 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  693 #: sssd.conf.5.xml:441
  694 msgid "override_space (string)"
  695 msgstr ""
  696 
  697 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  698 #: sssd.conf.5.xml:444
  699 msgid ""
  700 "This parameter will replace spaces (space bar)  with the given character for "
  701 "user and group names.  e.g. (_). User name &quot;john doe&quot; will be "
  702 "&quot;john_doe&quot; This feature was added to help compatibility with shell "
  703 "scripts that have difficulty handling spaces, due to the default field "
  704 "separator in the shell."
  705 msgstr ""
  706 
  707 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  708 #: sssd.conf.5.xml:453
  709 msgid ""
  710 "Please note it is a configuration error to use a replacement character that "
  711 "might be used in user or group names. If a name contains the replacement "
  712 "character SSSD tries to return the unmodified name but in general the result "
  713 "of a lookup is undefined."
  714 msgstr ""
  715 
  716 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  717 #: sssd.conf.5.xml:461
  718 msgid "Default: not set (spaces will not be replaced)"
  719 msgstr ""
  720 
  721 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  722 #: sssd.conf.5.xml:466
  723 msgid "certificate_verification (string)"
  724 msgstr ""
  725 
  726 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  727 #: sssd.conf.5.xml:474
  728 msgid "no_ocsp"
  729 msgstr ""
  730 
  731 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  732 #: sssd.conf.5.xml:476
  733 msgid ""
  734 "Disables Online Certificate Status Protocol (OCSP) checks. This might be "
  735 "needed if the OCSP servers defined in the certificate are not reachable from "
  736 "the client."
  737 msgstr ""
  738 
  739 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  740 #: sssd.conf.5.xml:484
  741 msgid "soft_ocsp"
  742 msgstr ""
  743 
  744 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  745 #: sssd.conf.5.xml:486
  746 msgid ""
  747 "If a connection cannot be established to an OCSP responder the OCSP check is "
  748 "skipped.  This option should be used to allow authentication when the system "
  749 "is offline and the OCSP responder cannot be reached."
  750 msgstr ""
  751 
  752 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  753 #: sssd.conf.5.xml:496
  754 msgid "ocsp_dgst"
  755 msgstr ""
  756 
  757 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  758 #: sssd.conf.5.xml:498
  759 msgid ""
  760 "Digest (hash) function used to create the certificate ID for the OCSP "
  761 "request. Allowed values are:"
  762 msgstr ""
  763 
  764 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  765 #: sssd.conf.5.xml:502
  766 msgid "sha1"
  767 msgstr ""
  768 
  769 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  770 #: sssd.conf.5.xml:503
  771 msgid "sha256"
  772 msgstr ""
  773 
  774 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  775 #: sssd.conf.5.xml:504
  776 msgid "sha384"
  777 msgstr ""
  778 
  779 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
  780 #: sssd.conf.5.xml:505
  781 msgid "sha512"
  782 msgstr ""
  783 
  784 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  785 #: sssd.conf.5.xml:508
  786 msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)"
  787 msgstr ""
  788 
  789 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  790 #: sssd.conf.5.xml:514
  791 msgid "no_verification"
  792 msgstr ""
  793 
  794 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  795 #: sssd.conf.5.xml:516
  796 msgid ""
  797 "Disables verification completely.  This option should only be used for "
  798 "testing."
  799 msgstr ""
  800 
  801 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  802 #: sssd.conf.5.xml:522
  803 msgid "ocsp_default_responder=URL"
  804 msgstr ""
  805 
  806 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  807 #: sssd.conf.5.xml:524
  808 msgid ""
  809 "Sets the OCSP default responder which should be used instead of the one "
  810 "mentioned in the certificate. URL must be replaced with the URL of the OCSP "
  811 "default responder e.g.  http://example.com:80/ocsp."
  812 msgstr ""
  813 
  814 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  815 #: sssd.conf.5.xml:534
  816 msgid "ocsp_default_responder_signing_cert=NAME"
  817 msgstr ""
  818 
  819 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  820 #: sssd.conf.5.xml:536
  821 msgid ""
  822 "This option is currently ignored. All needed certificates must be available "
  823 "in the PEM file given by pam_cert_db_path."
  824 msgstr ""
  825 
  826 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  827 #: sssd.conf.5.xml:544
  828 msgid "crl_file=/PATH/TO/CRL/FILE"
  829 msgstr ""
  830 
  831 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  832 #: sssd.conf.5.xml:546
  833 msgid ""
  834 "Use the Certificate Revocation List (CRL) from the given file during the "
  835 "verification of the certificate. The CRL must be given in PEM format, see "
  836 "<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</"
  837 "manvolnum> </citerefentry> for details."
  838 msgstr ""
  839 
  840 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
  841 #: sssd.conf.5.xml:559
  842 msgid "soft_crl"
  843 msgstr ""
  844 
  845 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
  846 #: sssd.conf.5.xml:562
  847 msgid ""
  848 "If a Certificate Revocation List (CRL)  is expired ignore the CRL checks for "
  849 "the related certificates. This option should be used to allow authentication "
  850 "when the system is offline and the CRL cannot be renewed."
  851 msgstr ""
  852 
  853 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  854 #: sssd.conf.5.xml:469
  855 msgid ""
  856 "With this parameter the certificate verification can be tuned with a comma "
  857 "separated list of options. Supported options are: <placeholder type="
  858 "\"variablelist\" id=\"0\"/>"
  859 msgstr ""
  860 
  861 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  862 #: sssd.conf.5.xml:573
  863 msgid "Unknown options are reported but ignored."
  864 msgstr ""
  865 
  866 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  867 #: sssd.conf.5.xml:576
  868 msgid "Default: not set, i.e. do not restrict certificate verification"
  869 msgstr ""
  870 
  871 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  872 #: sssd.conf.5.xml:582
  873 msgid "disable_netlink (boolean)"
  874 msgstr ""
  875 
  876 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  877 #: sssd.conf.5.xml:585
  878 msgid ""
  879 "SSSD hooks into the netlink interface to monitor changes to routes, "
  880 "addresses, links and trigger certain actions."
  881 msgstr ""
  882 
  883 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  884 #: sssd.conf.5.xml:590
  885 msgid ""
  886 "The SSSD state changes caused by netlink events may be undesirable and can "
  887 "be disabled by setting this option to 'true'"
  888 msgstr ""
  889 
  890 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  891 #: sssd.conf.5.xml:595
  892 msgid "Default: false (netlink changes are detected)"
  893 msgstr ""
  894 
  895 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  896 #: sssd.conf.5.xml:600
  897 msgid "enable_files_domain (boolean)"
  898 msgstr ""
  899 
  900 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  901 #: sssd.conf.5.xml:603
  902 msgid ""
  903 "When this option is enabled, SSSD prepends an implicit domain with "
  904 "<quote>id_provider=files</quote> before any explicitly configured domains."
  905 msgstr ""
  906 
  907 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
  908 #: sssd.conf.5.xml:617
  909 msgid "domain_resolution_order"
  910 msgstr ""
  911 
  912 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  913 #: sssd.conf.5.xml:620
  914 msgid ""
  915 "Comma separated list of domains and subdomains representing the lookup order "
  916 "that will be followed.  The list doesn't have to include all possible "
  917 "domains as the missing domains will be looked up based on the order they're "
  918 "presented in the <quote>domains</quote> configuration option.  The "
  919 "subdomains which are not listed as part of <quote>lookup_order</quote> will "
  920 "be looked up in a random order for each parent domain."
  921 msgstr ""
  922 
  923 #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
  924 #: sssd.conf.5.xml:632
  925 msgid ""
  926 "Please, note that when this option is set the output format of all commands "
  927 "is always fully-qualified even when using short names for input, for all "
  928 "users but the ones managed by the files provider.  In case the administrator "
  929 "wants the output not fully-qualified, the full_name_format option can be "
  930 "used as shown below: <quote>full_name_format=%1$s</quote> However, keep in "
  931 "mind that during login, login applications often canonicalize the username "
  932 "by calling <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
  933 "<manvolnum>3</manvolnum> </citerefentry> which, if a shortname is returned "
  934 "for a qualified input (while trying to reach a user which exists in multiple "
  935 "domains) might re-route the login attempt into the domain which uses "
  936 "shortnames, making this workaround totally not recommended in cases where "
  937 "usernames may overlap between domains."
  938 msgstr ""
  939 
  940 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
  941 #: sssd.conf.5.xml:657 sssd.conf.5.xml:1562 sssd.conf.5.xml:3752
  942 #: sssd-ad.5.xml:164 sssd-ad.5.xml:304 sssd-ad.5.xml:318
  943 msgid "Default: Not set"
  944 msgstr ""
  945 
  946 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  947 #: sssd.conf.5.xml:184
  948 msgid ""
  949 "Individual pieces of SSSD functionality are provided by special SSSD "
  950 "services that are started and stopped together with SSSD.  The services are "
  951 "managed by a special service frequently called <quote>monitor</quote>. The "
  952 "<quote>[sssd]</quote> section is used to configure the monitor as well as "
  953 "some other important options like the identity domains.  <placeholder type="
  954 "\"variablelist\" id=\"0\"/>"
  955 msgstr ""
  956 
  957 #. type: Content of: <reference><refentry><refsect1><title>
  958 #: sssd.conf.5.xml:668
  959 msgid "SERVICES SECTIONS"
  960 msgstr ""
  961 
  962 #. type: Content of: <reference><refentry><refsect1><para>
  963 #: sssd.conf.5.xml:670
  964 msgid ""
  965 "Settings that can be used to configure different services are described in "
  966 "this section. They should reside in the [<replaceable>$NAME</replaceable>] "
  967 "section, for example, for NSS service, the section would be <quote>[nss]</"
  968 "quote>"
  969 msgstr ""
  970 
  971 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
  972 #: sssd.conf.5.xml:677
  973 msgid "General service configuration options"
  974 msgstr ""
  975 
  976 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
  977 #: sssd.conf.5.xml:679
  978 msgid "These options can be used to configure any service."
  979 msgstr ""
  980 
  981 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
  982 #: sssd.conf.5.xml:696
  983 msgid "fd_limit"
  984 msgstr ""
  985 
  986 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  987 #: sssd.conf.5.xml:699
  988 msgid ""
  989 "This option specifies the maximum number of file descriptors that may be "
  990 "opened at one time by this SSSD process. On systems where SSSD is granted "
  991 "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
  992 "systems without this capability, the resulting value will be the lower value "
  993 "of this or the limits.conf \"hard\" limit."
  994 msgstr ""
  995 
  996 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
  997 #: sssd.conf.5.xml:708
  998 msgid "Default: 8192 (or limits.conf \"hard\" limit)"
  999 msgstr ""
 1000 
 1001 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1002 #: sssd.conf.5.xml:713
 1003 msgid "client_idle_timeout"
 1004 msgstr ""
 1005 
 1006 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1007 #: sssd.conf.5.xml:716
 1008 msgid ""
 1009 "This option specifies the number of seconds that a client of an SSSD process "
 1010 "can hold onto a file descriptor without communicating on it. This value is "
 1011 "limited in order to avoid resource exhaustion on the system. The timeout "
 1012 "can't be shorter than 10 seconds. If a lower value is configured, it will be "
 1013 "adjusted to 10 seconds."
 1014 msgstr ""
 1015 
 1016 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1017 #: sssd.conf.5.xml:725
 1018 #, fuzzy
 1019 #| msgid "Default: 300"
 1020 msgid "Default: 60, KCM: 300"
 1021 msgstr "Padrão: 300"
 1022 
 1023 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1024 #: sssd.conf.5.xml:730
 1025 msgid "offline_timeout (integer)"
 1026 msgstr ""
 1027 
 1028 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1029 #: sssd.conf.5.xml:733
 1030 msgid ""
 1031 "When SSSD switches to offline mode the amount of time before it tries to go "
 1032 "back online will increase based upon the time spent disconnected.  This "
 1033 "value is in seconds and calculated by the following:"
 1034 msgstr ""
 1035 
 1036 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1037 #: sssd.conf.5.xml:740
 1038 msgid "offline_timeout + random_offset"
 1039 msgstr ""
 1040 
 1041 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1042 #: sssd.conf.5.xml:743
 1043 msgid ""
 1044 "The random offset value is from 0 to 30.  After each unsuccessful attempt to "
 1045 "go online, the new interval is recalculated by the following:"
 1046 msgstr ""
 1047 
 1048 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1049 #: sssd.conf.5.xml:748
 1050 msgid "new_interval = (old_interval * 2) + random_offset"
 1051 msgstr ""
 1052 
 1053 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1054 #: sssd.conf.5.xml:751
 1055 msgid ""
 1056 "Note that the maximum length of each interval is defined by "
 1057 "offline_timeout_max, which defaults to one hour. If the calculated length of "
 1058 "new_interval is greater than offline_timeout_max, it will be forced to the "
 1059 "offline_timeout_max value."
 1060 msgstr ""
 1061 
 1062 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1063 #: sssd.conf.5.xml:758 sssd.conf.5.xml:1072 sssd.conf.5.xml:1414
 1064 #: sssd.conf.5.xml:1651 sssd-ldap.5.xml:469
 1065 msgid "Default: 60"
 1066 msgstr "Padrão: 60"
 1067 
 1068 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1069 #: sssd.conf.5.xml:763
 1070 #, fuzzy
 1071 #| msgid "timeout (integer)"
 1072 msgid "offline_timeout_max (integer)"
 1073 msgstr "timeout (integer)"
 1074 
 1075 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1076 #: sssd.conf.5.xml:766
 1077 msgid ""
 1078 "Controls by how much the time between attempts to go online can be "
 1079 "incremented following unsuccessful attempts to go online."
 1080 msgstr ""
 1081 
 1082 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1083 #: sssd.conf.5.xml:771
 1084 msgid "A value of 0 disables the incrementing behaviour."
 1085 msgstr ""
 1086 
 1087 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1088 #: sssd.conf.5.xml:774
 1089 msgid ""
 1090 "The value of this parameter should be set in correlation to offline_timeout "
 1091 "parameter value."
 1092 msgstr ""
 1093 
 1094 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1095 #: sssd.conf.5.xml:778
 1096 msgid ""
 1097 "With offline_timeout set to 60 (default value) there is no point in setting "
 1098 "offlinet_timeout_max to less than 120 as it will saturate instantly. General "
 1099 "rule here should be to set offline_timeout_max to at least 4 times "
 1100 "offline_timeout."
 1101 msgstr ""
 1102 
 1103 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1104 #: sssd.conf.5.xml:784
 1105 msgid ""
 1106 "Although a value between 0 and offline_timeout may be specified, it has the "
 1107 "effect of overriding the offline_timeout value so is of little use."
 1108 msgstr ""
 1109 
 1110 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1111 #: sssd.conf.5.xml:789
 1112 #, fuzzy
 1113 #| msgid "Default: 300"
 1114 msgid "Default: 3600"
 1115 msgstr "Padrão: 300"
 1116 
 1117 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1118 #: sssd.conf.5.xml:794
 1119 msgid "responder_idle_timeout"
 1120 msgstr ""
 1121 
 1122 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1123 #: sssd.conf.5.xml:797
 1124 msgid ""
 1125 "This option specifies the number of seconds that an SSSD responder process "
 1126 "can be up without being used. This value is limited in order to avoid "
 1127 "resource exhaustion on the system.  The minimum acceptable value for this "
 1128 "option is 60 seconds.  Setting this option to 0 (zero) means that no timeout "
 1129 "will be set up to the responder.  This option only has effect when SSSD is "
 1130 "built with systemd support and when services are either socket or D-Bus "
 1131 "activated."
 1132 msgstr ""
 1133 
 1134 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1135 #: sssd.conf.5.xml:811 sssd.conf.5.xml:1085 sssd.conf.5.xml:2090
 1136 #: sssd-ldap.5.xml:326
 1137 msgid "Default: 300"
 1138 msgstr "Padrão: 300"
 1139 
 1140 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1141 #: sssd.conf.5.xml:816
 1142 msgid "cache_first"
 1143 msgstr ""
 1144 
 1145 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1146 #: sssd.conf.5.xml:819
 1147 msgid ""
 1148 "This option specifies whether the responder should query all caches before "
 1149 "querying the Data Providers."
 1150 msgstr ""
 1151 
 1152 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1153 #: sssd.conf.5.xml:831
 1154 msgid "NSS configuration options"
 1155 msgstr ""
 1156 
 1157 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1158 #: sssd.conf.5.xml:833
 1159 msgid ""
 1160 "These options can be used to configure the Name Service Switch (NSS) service."
 1161 msgstr ""
 1162 
 1163 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1164 #: sssd.conf.5.xml:838
 1165 msgid "enum_cache_timeout (integer)"
 1166 msgstr ""
 1167 
 1168 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1169 #: sssd.conf.5.xml:841
 1170 msgid ""
 1171 "How many seconds should nss_sss cache enumerations (requests for info about "
 1172 "all users)"
 1173 msgstr ""
 1174 
 1175 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1176 #: sssd.conf.5.xml:845
 1177 msgid "Default: 120"
 1178 msgstr ""
 1179 
 1180 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1181 #: sssd.conf.5.xml:850
 1182 msgid "entry_cache_nowait_percentage (integer)"
 1183 msgstr ""
 1184 
 1185 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1186 #: sssd.conf.5.xml:853
 1187 msgid ""
 1188 "The entry cache can be set to automatically update entries in the background "
 1189 "if they are requested beyond a percentage of the entry_cache_timeout value "
 1190 "for the domain."
 1191 msgstr ""
 1192 
 1193 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1194 #: sssd.conf.5.xml:859
 1195 msgid ""
 1196 "For example, if the domain's entry_cache_timeout is set to 30s and "
 1197 "entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
 1198 "after 15 seconds past the last cache update will be returned immediately, "
 1199 "but the SSSD will go and update the cache on its own, so that future "
 1200 "requests will not need to block waiting for a cache update."
 1201 msgstr ""
 1202 
 1203 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1204 #: sssd.conf.5.xml:869
 1205 msgid ""
 1206 "Valid values for this option are 0-99 and represent a percentage of the "
 1207 "entry_cache_timeout for each domain. For performance reasons, this "
 1208 "percentage will never reduce the nowait timeout to less than 10 seconds.  (0 "
 1209 "disables this feature)"
 1210 msgstr ""
 1211 
 1212 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1213 #: sssd.conf.5.xml:877 sssd.conf.5.xml:1890
 1214 msgid "Default: 50"
 1215 msgstr "Padrão: 50"
 1216 
 1217 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1218 #: sssd.conf.5.xml:882
 1219 msgid "entry_negative_timeout (integer)"
 1220 msgstr ""
 1221 
 1222 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1223 #: sssd.conf.5.xml:885
 1224 msgid ""
 1225 "Specifies for how many seconds nss_sss should cache negative cache hits "
 1226 "(that is, queries for invalid database entries, like nonexistent ones)  "
 1227 "before asking the back end again."
 1228 msgstr ""
 1229 
 1230 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1231 #: sssd.conf.5.xml:891 sssd.conf.5.xml:1914
 1232 msgid "Default: 15"
 1233 msgstr ""
 1234 
 1235 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1236 #: sssd.conf.5.xml:896
 1237 msgid "local_negative_timeout (integer)"
 1238 msgstr ""
 1239 
 1240 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1241 #: sssd.conf.5.xml:899
 1242 msgid ""
 1243 "Specifies for how many seconds nss_sss should keep local users and groups in "
 1244 "negative cache before trying to look it up in the back end again. Setting "
 1245 "the option to 0 disables this feature."
 1246 msgstr ""
 1247 
 1248 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1249 #: sssd.conf.5.xml:905
 1250 msgid "Default: 14400 (4 hours)"
 1251 msgstr ""
 1252 
 1253 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1254 #: sssd.conf.5.xml:910
 1255 msgid "filter_users, filter_groups (string)"
 1256 msgstr ""
 1257 
 1258 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1259 #: sssd.conf.5.xml:913
 1260 msgid ""
 1261 "Exclude certain users or groups from being fetched from the sss NSS "
 1262 "database. This is particularly useful for system accounts. This option can "
 1263 "also be set per-domain or include fully-qualified names to filter only users "
 1264 "from the particular domain or by a user principal name (UPN)."
 1265 msgstr ""
 1266 
 1267 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1268 #: sssd.conf.5.xml:921
 1269 msgid ""
 1270 "NOTE: The filter_groups option doesn't affect inheritance of nested group "
 1271 "members, since filtering happens after they are propagated for returning via "
 1272 "NSS. E.g. a group having a member group filtered out will still have the "
 1273 "member users of the latter listed."
 1274 msgstr ""
 1275 
 1276 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1277 #: sssd.conf.5.xml:929
 1278 msgid "Default: root"
 1279 msgstr ""
 1280 
 1281 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1282 #: sssd.conf.5.xml:934
 1283 msgid "filter_users_in_groups (bool)"
 1284 msgstr ""
 1285 
 1286 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1287 #: sssd.conf.5.xml:937
 1288 msgid ""
 1289 "If you want filtered user still be group members set this option to false."
 1290 msgstr ""
 1291 
 1292 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1293 #: sssd.conf.5.xml:948
 1294 msgid "fallback_homedir (string)"
 1295 msgstr ""
 1296 
 1297 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1298 #: sssd.conf.5.xml:951
 1299 msgid ""
 1300 "Set a default template for a user's home directory if one is not specified "
 1301 "explicitly by the domain's data provider."
 1302 msgstr ""
 1303 
 1304 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1305 #: sssd.conf.5.xml:956
 1306 msgid ""
 1307 "The available values for this option are the same as for override_homedir."
 1308 msgstr ""
 1309 
 1310 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1311 #: sssd.conf.5.xml:962
 1312 #, no-wrap
 1313 msgid ""
 1314 "fallback_homedir = /home/%u\n"
 1315 "                            "
 1316 msgstr ""
 1317 
 1318 #. type: Content of: <varlistentry><listitem><para>
 1319 #: sssd.conf.5.xml:960 sssd.conf.5.xml:1481 sssd.conf.5.xml:1500
 1320 #: sssd-krb5.5.xml:592 include/override_homedir.xml:59
 1321 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
 1322 msgstr ""
 1323 
 1324 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1325 #: sssd.conf.5.xml:966
 1326 msgid "Default: not set (no substitution for unset home directories)"
 1327 msgstr ""
 1328 
 1329 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1330 #: sssd.conf.5.xml:972
 1331 msgid "override_shell (string)"
 1332 msgstr ""
 1333 
 1334 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1335 #: sssd.conf.5.xml:975
 1336 msgid ""
 1337 "Override the login shell for all users. This option supersedes any other "
 1338 "shell options if it takes effect and can be set either in the [nss] section "
 1339 "or per-domain."
 1340 msgstr ""
 1341 
 1342 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1343 #: sssd.conf.5.xml:981
 1344 msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
 1345 msgstr ""
 1346 
 1347 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1348 #: sssd.conf.5.xml:987
 1349 msgid "allowed_shells (string)"
 1350 msgstr "allowed_shells (string)"
 1351 
 1352 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1353 #: sssd.conf.5.xml:990
 1354 msgid ""
 1355 "Restrict user shell to one of the listed values. The order of evaluation is:"
 1356 msgstr ""
 1357 
 1358 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1359 #: sssd.conf.5.xml:993
 1360 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
 1361 msgstr ""
 1362 
 1363 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1364 #: sssd.conf.5.xml:997
 1365 msgid ""
 1366 "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
 1367 "quote>, use the value of the shell_fallback parameter."
 1368 msgstr ""
 1369 
 1370 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1371 #: sssd.conf.5.xml:1002
 1372 msgid ""
 1373 "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
 1374 "shells</quote>, a nologin shell is used."
 1375 msgstr ""
 1376 
 1377 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1378 #: sssd.conf.5.xml:1007
 1379 msgid "The wildcard (*) can be used to allow any shell."
 1380 msgstr ""
 1381 
 1382 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1383 #: sssd.conf.5.xml:1010
 1384 msgid ""
 1385 "The (*) is useful if you want to use shell_fallback in case that user's "
 1386 "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
 1387 "allowed shells in allowed_shells would be to much overhead."
 1388 msgstr ""
 1389 
 1390 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1391 #: sssd.conf.5.xml:1017
 1392 msgid "An empty string for shell is passed as-is to libc."
 1393 msgstr ""
 1394 
 1395 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1396 #: sssd.conf.5.xml:1020
 1397 msgid ""
 1398 "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
 1399 "that a restart of the SSSD is required in case a new shell is installed."
 1400 msgstr ""
 1401 
 1402 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1403 #: sssd.conf.5.xml:1024
 1404 msgid "Default: Not set. The user shell is automatically used."
 1405 msgstr ""
 1406 
 1407 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1408 #: sssd.conf.5.xml:1029
 1409 msgid "vetoed_shells (string)"
 1410 msgstr "vetoed_shells (string)"
 1411 
 1412 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1413 #: sssd.conf.5.xml:1032
 1414 msgid "Replace any instance of these shells with the shell_fallback"
 1415 msgstr ""
 1416 
 1417 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1418 #: sssd.conf.5.xml:1037
 1419 msgid "shell_fallback (string)"
 1420 msgstr "shell_fallback (string)"
 1421 
 1422 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1423 #: sssd.conf.5.xml:1040
 1424 msgid ""
 1425 "The default shell to use if an allowed shell is not installed on the machine."
 1426 msgstr ""
 1427 
 1428 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1429 #: sssd.conf.5.xml:1044
 1430 msgid "Default: /bin/sh"
 1431 msgstr "Padrão: /bin/sh"
 1432 
 1433 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1434 #: sssd.conf.5.xml:1049
 1435 msgid "default_shell"
 1436 msgstr ""
 1437 
 1438 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1439 #: sssd.conf.5.xml:1052
 1440 msgid ""
 1441 "The default shell to use if the provider does not return one during lookup. "
 1442 "This option can be specified globally in the [nss] section or per-domain."
 1443 msgstr ""
 1444 
 1445 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1446 #: sssd.conf.5.xml:1058
 1447 msgid ""
 1448 "Default: not set (Return NULL if no shell is specified and rely on libc to "
 1449 "substitute something sensible when necessary, usually /bin/sh)"
 1450 msgstr ""
 1451 
 1452 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1453 #: sssd.conf.5.xml:1065 sssd.conf.5.xml:1407
 1454 msgid "get_domains_timeout (int)"
 1455 msgstr ""
 1456 
 1457 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1458 #: sssd.conf.5.xml:1068 sssd.conf.5.xml:1410
 1459 msgid ""
 1460 "Specifies time in seconds for which the list of subdomains will be "
 1461 "considered valid."
 1462 msgstr ""
 1463 
 1464 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1465 #: sssd.conf.5.xml:1077
 1466 #, fuzzy
 1467 #| msgid "entry_cache_timeout (integer)"
 1468 msgid "memcache_timeout (integer)"
 1469 msgstr "entry_cache_timeout (integer)"
 1470 
 1471 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1472 #: sssd.conf.5.xml:1080
 1473 msgid ""
 1474 "Specifies time in seconds for which records in the in-memory cache will be "
 1475 "valid. Setting this option to zero will disable the in-memory cache."
 1476 msgstr ""
 1477 
 1478 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1479 #: sssd.conf.5.xml:1088
 1480 msgid ""
 1481 "WARNING: Disabling the in-memory cache will have significant negative impact "
 1482 "on SSSD's performance and should only be used for testing."
 1483 msgstr ""
 1484 
 1485 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1486 #: sssd.conf.5.xml:1094 sssd.conf.5.xml:1119 sssd.conf.5.xml:1144
 1487 #: sssd.conf.5.xml:1169
 1488 msgid ""
 1489 "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
 1490 "client applications will not use the fast in-memory cache."
 1491 msgstr ""
 1492 
 1493 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1494 #: sssd.conf.5.xml:1102
 1495 #, fuzzy
 1496 #| msgid "entry_cache_timeout (integer)"
 1497 msgid "memcache_size_passwd (integer)"
 1498 msgstr "entry_cache_timeout (integer)"
 1499 
 1500 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1501 #: sssd.conf.5.xml:1105
 1502 msgid ""
 1503 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1504 "for passwd requests.  Setting the size to 0 will disable the passwd in-"
 1505 "memory cache."
 1506 msgstr ""
 1507 
 1508 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1509 #: sssd.conf.5.xml:1111 sssd.conf.5.xml:2623 sssd-ldap.5.xml:513
 1510 msgid "Default: 8"
 1511 msgstr ""
 1512 
 1513 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1514 #: sssd.conf.5.xml:1114 sssd.conf.5.xml:1139 sssd.conf.5.xml:1164
 1515 msgid ""
 1516 "WARNING: Disabled or too small in-memory cache can have significant negative "
 1517 "impact on SSSD's performance."
 1518 msgstr ""
 1519 
 1520 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1521 #: sssd.conf.5.xml:1127
 1522 #, fuzzy
 1523 #| msgid "entry_cache_timeout (integer)"
 1524 msgid "memcache_size_group (integer)"
 1525 msgstr "entry_cache_timeout (integer)"
 1526 
 1527 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1528 #: sssd.conf.5.xml:1130
 1529 msgid ""
 1530 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1531 "for group requests.  Setting the size to 0 will disable the group in-memory "
 1532 "cache."
 1533 msgstr ""
 1534 
 1535 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 1536 #: sssd.conf.5.xml:1136 sssd.conf.5.xml:3340 sssd-ldap.5.xml:453
 1537 #: sssd-ldap.5.xml:495 sssd-krb5.5.xml:248 include/failover.xml:116
 1538 msgid "Default: 6"
 1539 msgstr "Padrão: 6"
 1540 
 1541 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1542 #: sssd.conf.5.xml:1152
 1543 #, fuzzy
 1544 #| msgid "entry_cache_timeout (integer)"
 1545 msgid "memcache_size_initgroups (integer)"
 1546 msgstr "entry_cache_timeout (integer)"
 1547 
 1548 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1549 #: sssd.conf.5.xml:1155
 1550 msgid ""
 1551 "Size (in megabytes) of the data table allocated inside fast in-memory cache "
 1552 "for initgroups requests.  Setting the size to 0 will disable the initgroups "
 1553 "in-memory cache."
 1554 msgstr ""
 1555 
 1556 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 1557 #: sssd.conf.5.xml:1177 sssd-ifp.5.xml:74
 1558 msgid "user_attributes (string)"
 1559 msgstr ""
 1560 
 1561 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1562 #: sssd.conf.5.xml:1180
 1563 msgid ""
 1564 "Some of the additional NSS responder requests can return more attributes "
 1565 "than just the POSIX ones defined by the NSS interface. The list of "
 1566 "attributes is controlled by this option. It is handled the same way as the "
 1567 "<quote>user_attributes</quote> option of the InfoPipe responder (see "
 1568 "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
 1569 "manvolnum> </citerefentry> for details) but with no default values."
 1570 msgstr ""
 1571 
 1572 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1573 #: sssd.conf.5.xml:1193
 1574 msgid ""
 1575 "To make configuration more easy the NSS responder will check the InfoPipe "
 1576 "option if it is not set for the NSS responder."
 1577 msgstr ""
 1578 
 1579 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1580 #: sssd.conf.5.xml:1198
 1581 msgid "Default: not set, fallback to InfoPipe option"
 1582 msgstr ""
 1583 
 1584 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1585 #: sssd.conf.5.xml:1203
 1586 msgid "pwfield (string)"
 1587 msgstr ""
 1588 
 1589 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1590 #: sssd.conf.5.xml:1206
 1591 msgid ""
 1592 "The value that NSS operations that return users or groups will return for "
 1593 "the <quote>password</quote> field."
 1594 msgstr ""
 1595 
 1596 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1597 #: sssd.conf.5.xml:1211
 1598 #, fuzzy
 1599 #| msgid "Default: <quote>%1$s@%2$s</quote>."
 1600 msgid "Default: <quote>*</quote>"
 1601 msgstr "Default: <quote>%1$s@%2$s</quote>."
 1602 
 1603 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1604 #: sssd.conf.5.xml:1214
 1605 msgid ""
 1606 "Note: This option can also be set per-domain which overwrites the value in "
 1607 "[nss] section."
 1608 msgstr ""
 1609 
 1610 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1611 #: sssd.conf.5.xml:1218
 1612 msgid ""
 1613 "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the "
 1614 "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-"
 1615 "shadowutils target)"
 1616 msgstr ""
 1617 
 1618 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 1619 #: sssd.conf.5.xml:1228
 1620 msgid "PAM configuration options"
 1621 msgstr ""
 1622 
 1623 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 1624 #: sssd.conf.5.xml:1230
 1625 msgid ""
 1626 "These options can be used to configure the Pluggable Authentication Module "
 1627 "(PAM) service."
 1628 msgstr ""
 1629 
 1630 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1631 #: sssd.conf.5.xml:1235
 1632 msgid "offline_credentials_expiration (integer)"
 1633 msgstr ""
 1634 
 1635 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1636 #: sssd.conf.5.xml:1238
 1637 msgid ""
 1638 "If the authentication provider is offline, how long should we allow cached "
 1639 "logins (in days since the last successful online login)."
 1640 msgstr ""
 1641 
 1642 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1643 #: sssd.conf.5.xml:1243 sssd.conf.5.xml:1256
 1644 msgid "Default: 0 (No limit)"
 1645 msgstr ""
 1646 
 1647 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1648 #: sssd.conf.5.xml:1249
 1649 msgid "offline_failed_login_attempts (integer)"
 1650 msgstr ""
 1651 
 1652 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1653 #: sssd.conf.5.xml:1252
 1654 msgid ""
 1655 "If the authentication provider is offline, how many failed login attempts "
 1656 "are allowed."
 1657 msgstr ""
 1658 
 1659 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1660 #: sssd.conf.5.xml:1262
 1661 msgid "offline_failed_login_delay (integer)"
 1662 msgstr ""
 1663 
 1664 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1665 #: sssd.conf.5.xml:1265
 1666 msgid ""
 1667 "The time in minutes which has to pass after offline_failed_login_attempts "
 1668 "has been reached before a new login attempt is possible."
 1669 msgstr ""
 1670 
 1671 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1672 #: sssd.conf.5.xml:1270
 1673 msgid ""
 1674 "If set to 0 the user cannot authenticate offline if "
 1675 "offline_failed_login_attempts has been reached. Only a successful online "
 1676 "authentication can enable offline authentication again."
 1677 msgstr ""
 1678 
 1679 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1680 #: sssd.conf.5.xml:1276 sssd.conf.5.xml:1374
 1681 msgid "Default: 5"
 1682 msgstr ""
 1683 
 1684 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1685 #: sssd.conf.5.xml:1282
 1686 msgid "pam_verbosity (integer)"
 1687 msgstr ""
 1688 
 1689 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1690 #: sssd.conf.5.xml:1285
 1691 msgid ""
 1692 "Controls what kind of messages are shown to the user during authentication. "
 1693 "The higher the number to more messages are displayed."
 1694 msgstr ""
 1695 
 1696 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1697 #: sssd.conf.5.xml:1290
 1698 msgid "Currently sssd supports the following values:"
 1699 msgstr ""
 1700 
 1701 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1702 #: sssd.conf.5.xml:1293
 1703 msgid "<emphasis>0</emphasis>: do not show any message"
 1704 msgstr ""
 1705 
 1706 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1707 #: sssd.conf.5.xml:1296
 1708 msgid "<emphasis>1</emphasis>: show only important messages"
 1709 msgstr ""
 1710 
 1711 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1712 #: sssd.conf.5.xml:1300
 1713 msgid "<emphasis>2</emphasis>: show informational messages"
 1714 msgstr ""
 1715 
 1716 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1717 #: sssd.conf.5.xml:1303
 1718 msgid "<emphasis>3</emphasis>: show all messages and debug information"
 1719 msgstr ""
 1720 
 1721 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1722 #: sssd.conf.5.xml:1307 sssd.8.xml:63
 1723 msgid "Default: 1"
 1724 msgstr "Padrão: 1"
 1725 
 1726 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1727 #: sssd.conf.5.xml:1313
 1728 #, fuzzy
 1729 #| msgid "access_provider (string)"
 1730 msgid "pam_response_filter (string)"
 1731 msgstr "access_provider (string)"
 1732 
 1733 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1734 #: sssd.conf.5.xml:1316
 1735 msgid ""
 1736 "A comma separated list of strings which allows to remove (filter) data sent "
 1737 "by the PAM responder to pam_sss PAM module. There are different kind of "
 1738 "responses sent to pam_sss e.g. messages displayed to the user or environment "
 1739 "variables which should be set by pam_sss."
 1740 msgstr ""
 1741 
 1742 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1743 #: sssd.conf.5.xml:1324
 1744 msgid ""
 1745 "While messages already can be controlled with the help of the pam_verbosity "
 1746 "option this option allows to filter out other kind of responses as well."
 1747 msgstr ""
 1748 
 1749 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1750 #: sssd.conf.5.xml:1331
 1751 msgid "ENV"
 1752 msgstr ""
 1753 
 1754 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1755 #: sssd.conf.5.xml:1332
 1756 msgid "Do not send any environment variables to any service."
 1757 msgstr ""
 1758 
 1759 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1760 #: sssd.conf.5.xml:1335
 1761 msgid "ENV:var_name"
 1762 msgstr ""
 1763 
 1764 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1765 #: sssd.conf.5.xml:1336
 1766 msgid "Do not send environment variable var_name to any service."
 1767 msgstr ""
 1768 
 1769 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 1770 #: sssd.conf.5.xml:1340
 1771 msgid "ENV:var_name:service"
 1772 msgstr ""
 1773 
 1774 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 1775 #: sssd.conf.5.xml:1341
 1776 msgid "Do not send environment variable var_name to service."
 1777 msgstr ""
 1778 
 1779 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1780 #: sssd.conf.5.xml:1329
 1781 msgid ""
 1782 "Currently the following filters are supported: <placeholder type="
 1783 "\"variablelist\" id=\"0\"/>"
 1784 msgstr ""
 1785 
 1786 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1787 #: sssd.conf.5.xml:1351
 1788 msgid "Example: ENV:KRB5CCNAME:sudo-i"
 1789 msgstr ""
 1790 
 1791 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1792 #: sssd.conf.5.xml:1357
 1793 msgid "pam_id_timeout (integer)"
 1794 msgstr "pam_id_timeout (integer)"
 1795 
 1796 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1797 #: sssd.conf.5.xml:1360
 1798 msgid ""
 1799 "For any PAM request while SSSD is online, the SSSD will attempt to "
 1800 "immediately update the cached identity information for the user in order to "
 1801 "ensure that authentication takes place with the latest information."
 1802 msgstr ""
 1803 
 1804 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1805 #: sssd.conf.5.xml:1366
 1806 msgid ""
 1807 "A complete PAM conversation may perform multiple PAM requests, such as "
 1808 "account management and session opening. This option controls (on a per-"
 1809 "client-application basis) how long (in seconds) we can cache the identity "
 1810 "information to avoid excessive round-trips to the identity provider."
 1811 msgstr ""
 1812 
 1813 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1814 #: sssd.conf.5.xml:1380
 1815 msgid "pam_pwd_expiration_warning (integer)"
 1816 msgstr "pam_pwd_expiration_warning (integer)"
 1817 
 1818 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1819 #: sssd.conf.5.xml:1383 sssd.conf.5.xml:2647
 1820 msgid "Display a warning N days before the password expires."
 1821 msgstr ""
 1822 
 1823 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1824 #: sssd.conf.5.xml:1386
 1825 msgid ""
 1826 "Please note that the backend server has to provide information about the "
 1827 "expiration time of the password.  If this information is missing, sssd "
 1828 "cannot display a warning."
 1829 msgstr ""
 1830 
 1831 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1832 #: sssd.conf.5.xml:1392 sssd.conf.5.xml:2650
 1833 msgid ""
 1834 "If zero is set, then this filter is not applied, i.e. if the expiration "
 1835 "warning was received from backend server, it will automatically be displayed."
 1836 msgstr ""
 1837 
 1838 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1839 #: sssd.conf.5.xml:1397
 1840 msgid ""
 1841 "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
 1842 "emphasis> for a particular domain."
 1843 msgstr ""
 1844 
 1845 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1846 #: sssd.conf.5.xml:1402 sssd.conf.5.xml:3534 sssd-ldap.5.xml:549 sssd.8.xml:79
 1847 msgid "Default: 0"
 1848 msgstr ""
 1849 
 1850 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1851 #: sssd.conf.5.xml:1419
 1852 msgid "pam_trusted_users (string)"
 1853 msgstr ""
 1854 
 1855 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1856 #: sssd.conf.5.xml:1422
 1857 msgid ""
 1858 "Specifies the comma-separated list of UID values or user names that are "
 1859 "allowed to run PAM conversations against trusted domains.  Users not "
 1860 "included in this list can only access domains marked as public with "
 1861 "<quote>pam_public_domains</quote>.  User names are resolved to UIDs at "
 1862 "startup."
 1863 msgstr ""
 1864 
 1865 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1866 #: sssd.conf.5.xml:1432
 1867 msgid "Default: All users are considered trusted by default"
 1868 msgstr ""
 1869 
 1870 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1871 #: sssd.conf.5.xml:1436
 1872 msgid ""
 1873 "Please note that UID 0 is always allowed to access the PAM responder even in "
 1874 "case it is not in the pam_trusted_users list."
 1875 msgstr ""
 1876 
 1877 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1878 #: sssd.conf.5.xml:1443
 1879 msgid "pam_public_domains (string)"
 1880 msgstr ""
 1881 
 1882 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1883 #: sssd.conf.5.xml:1446
 1884 msgid ""
 1885 "Specifies the comma-separated list of domain names that are accessible even "
 1886 "to untrusted users."
 1887 msgstr ""
 1888 
 1889 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1890 #: sssd.conf.5.xml:1450
 1891 msgid "Two special values for pam_public_domains option are defined:"
 1892 msgstr ""
 1893 
 1894 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1895 #: sssd.conf.5.xml:1454
 1896 msgid ""
 1897 "all (Untrusted users are allowed to access all domains in PAM responder.)"
 1898 msgstr ""
 1899 
 1900 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1901 #: sssd.conf.5.xml:1458
 1902 msgid ""
 1903 "none (Untrusted users are not allowed to access any domains PAM in "
 1904 "responder.)"
 1905 msgstr ""
 1906 
 1907 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 1908 #: sssd.conf.5.xml:1462 sssd.conf.5.xml:1487 sssd.conf.5.xml:1506
 1909 #: sssd.conf.5.xml:1684 sssd.conf.5.xml:2396 sssd.conf.5.xml:3463
 1910 #: sssd-ldap.5.xml:1091
 1911 msgid "Default: none"
 1912 msgstr "Padrão: none"
 1913 
 1914 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1915 #: sssd.conf.5.xml:1467
 1916 msgid "pam_account_expired_message (string)"
 1917 msgstr ""
 1918 
 1919 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1920 #: sssd.conf.5.xml:1470
 1921 msgid ""
 1922 "Allows a custom expiration message to be set, replacing the default "
 1923 "'Permission denied' message."
 1924 msgstr ""
 1925 
 1926 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1927 #: sssd.conf.5.xml:1475
 1928 msgid ""
 1929 "Note: Please be aware that message is only printed for the SSH service "
 1930 "unless pam_verbosity is set to 3 (show all messages and debug information)."
 1931 msgstr ""
 1932 
 1933 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1934 #: sssd.conf.5.xml:1483
 1935 #, no-wrap
 1936 msgid ""
 1937 "pam_account_expired_message = Account expired, please contact help desk.\n"
 1938 "                            "
 1939 msgstr ""
 1940 
 1941 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1942 #: sssd.conf.5.xml:1492
 1943 msgid "pam_account_locked_message (string)"
 1944 msgstr ""
 1945 
 1946 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1947 #: sssd.conf.5.xml:1495
 1948 msgid ""
 1949 "Allows a custom lockout message to be set, replacing the default 'Permission "
 1950 "denied' message."
 1951 msgstr ""
 1952 
 1953 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 1954 #: sssd.conf.5.xml:1502
 1955 #, no-wrap
 1956 msgid ""
 1957 "pam_account_locked_message = Account locked, please contact help desk.\n"
 1958 "                            "
 1959 msgstr ""
 1960 
 1961 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1962 #: sssd.conf.5.xml:1511
 1963 msgid "pam_cert_auth (bool)"
 1964 msgstr ""
 1965 
 1966 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1967 #: sssd.conf.5.xml:1514
 1968 msgid ""
 1969 "Enable certificate based Smartcard authentication.  Since this requires "
 1970 "additional communication with the Smartcard which will delay the "
 1971 "authentication process this option is disabled by default."
 1972 msgstr ""
 1973 
 1974 #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
 1975 #: sssd.conf.5.xml:1520 sssd-ldap.5.xml:590 sssd-ldap.5.xml:611
 1976 #: sssd-ldap.5.xml:1169 sssd-ad.5.xml:482 sssd-ad.5.xml:558 sssd-ad.5.xml:1103
 1977 #: sssd-ad.5.xml:1152 include/ldap_id_mapping.xml:244
 1978 msgid "Default: False"
 1979 msgstr ""
 1980 
 1981 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 1982 #: sssd.conf.5.xml:1525
 1983 msgid "pam_cert_db_path (string)"
 1984 msgstr ""
 1985 
 1986 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 1987 #: sssd.conf.5.xml:1528
 1988 msgid "The path to the certificate database."
 1989 msgstr ""
 1990 
 1991 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 1992 #: sssd.conf.5.xml:1531 sssd.conf.5.xml:2016 sssd.conf.5.xml:3990
 1993 msgid "Default:"
 1994 msgstr ""
 1995 
 1996 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 1997 #: sssd.conf.5.xml:1533 sssd.conf.5.xml:2018
 1998 msgid ""
 1999 "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
 2000 "certificates in PEM format)"
 2001 msgstr ""
 2002 
 2003 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2004 #: sssd.conf.5.xml:1543
 2005 msgid "p11_child_timeout (integer)"
 2006 msgstr ""
 2007 
 2008 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2009 #: sssd.conf.5.xml:1546
 2010 msgid "How many seconds will pam_sss wait for p11_child to finish."
 2011 msgstr ""
 2012 
 2013 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2014 #: sssd.conf.5.xml:1555
 2015 msgid "pam_app_services (string)"
 2016 msgstr ""
 2017 
 2018 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2019 #: sssd.conf.5.xml:1558
 2020 msgid ""
 2021 "Which PAM services are permitted to contact domains of type "
 2022 "<quote>application</quote>"
 2023 msgstr ""
 2024 
 2025 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2026 #: sssd.conf.5.xml:1567
 2027 msgid "pam_p11_allowed_services (integer)"
 2028 msgstr ""
 2029 
 2030 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2031 #: sssd.conf.5.xml:1570
 2032 msgid ""
 2033 "A comma-separated list of PAM service names for which it will be allowed to "
 2034 "use Smartcards."
 2035 msgstr ""
 2036 
 2037 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2038 #: sssd.conf.5.xml:1585
 2039 #, no-wrap
 2040 msgid ""
 2041 "pam_p11_allowed_services = +my_pam_service, -login\n"
 2042 "                            "
 2043 msgstr ""
 2044 
 2045 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2046 #: sssd.conf.5.xml:1574
 2047 msgid ""
 2048 "It is possible to add another PAM service name to the default set by using "
 2049 "<quote>+service_name</quote> or to explicitly remove a PAM service name from "
 2050 "the default set by using <quote>-service_name</quote>. For example, in order "
 2051 "to replace a default PAM service name for authentication with Smartcards (e."
 2052 "g. <quote>login</quote>) with a custom PAM service name (e.g. "
 2053 "<quote>my_pam_service</quote>), you would use the following configuration: "
 2054 "<placeholder type=\"programlisting\" id=\"0\"/>"
 2055 msgstr ""
 2056 
 2057 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2058 #: sssd.conf.5.xml:1589 sssd-ad.5.xml:621 sssd-ad.5.xml:730 sssd-ad.5.xml:788
 2059 #: sssd-ad.5.xml:846 sssd-ad.5.xml:924
 2060 msgid "Default: the default set of PAM service names includes:"
 2061 msgstr ""
 2062 
 2063 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2064 #: sssd.conf.5.xml:1594 sssd-ad.5.xml:625
 2065 msgid "login"
 2066 msgstr ""
 2067 
 2068 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2069 #: sssd.conf.5.xml:1599 sssd-ad.5.xml:630
 2070 msgid "su"
 2071 msgstr ""
 2072 
 2073 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2074 #: sssd.conf.5.xml:1604 sssd-ad.5.xml:635
 2075 msgid "su-l"
 2076 msgstr ""
 2077 
 2078 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2079 #: sssd.conf.5.xml:1609 sssd-ad.5.xml:650
 2080 msgid "gdm-smartcard"
 2081 msgstr ""
 2082 
 2083 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2084 #: sssd.conf.5.xml:1614 sssd-ad.5.xml:645
 2085 msgid "gdm-password"
 2086 msgstr ""
 2087 
 2088 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2089 #: sssd.conf.5.xml:1619 sssd-ad.5.xml:655
 2090 msgid "kdm"
 2091 msgstr ""
 2092 
 2093 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2094 #: sssd.conf.5.xml:1624 sssd-ad.5.xml:933
 2095 msgid "sudo"
 2096 msgstr ""
 2097 
 2098 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2099 #: sssd.conf.5.xml:1629 sssd-ad.5.xml:938
 2100 msgid "sudo-i"
 2101 msgstr ""
 2102 
 2103 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2104 #: sssd.conf.5.xml:1634
 2105 msgid "gnome-screensaver"
 2106 msgstr ""
 2107 
 2108 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2109 #: sssd.conf.5.xml:1642
 2110 msgid "p11_wait_for_card_timeout (integer)"
 2111 msgstr ""
 2112 
 2113 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2114 #: sssd.conf.5.xml:1645
 2115 msgid ""
 2116 "If Smartcard authentication is required how many extra seconds in addition "
 2117 "to p11_child_timeout should the PAM responder wait until a Smartcard is "
 2118 "inserted."
 2119 msgstr ""
 2120 
 2121 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2122 #: sssd.conf.5.xml:1656
 2123 msgid "p11_uri (string)"
 2124 msgstr ""
 2125 
 2126 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2127 #: sssd.conf.5.xml:1659
 2128 msgid ""
 2129 "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
 2130 "selection of devices used for Smartcard authentication. By default SSSD's "
 2131 "p11_child will search for a PKCS#11 slot (reader)  where the 'removable' "
 2132 "flags is set and read the certificates from the inserted token from the "
 2133 "first slot found. If multiple readers are connected p11_uri can be used to "
 2134 "tell p11_child to use a specific reader."
 2135 msgstr ""
 2136 
 2137 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2138 #: sssd.conf.5.xml:1672
 2139 #, no-wrap
 2140 msgid ""
 2141 "p11_uri = slot-description=My%20Smartcard%20Reader\n"
 2142 "                            "
 2143 msgstr ""
 2144 
 2145 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2146 #: sssd.conf.5.xml:1676
 2147 #, no-wrap
 2148 msgid ""
 2149 "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
 2150 "                            "
 2151 msgstr ""
 2152 
 2153 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2154 #: sssd.conf.5.xml:1670
 2155 msgid ""
 2156 "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
 2157 "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
 2158 "debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' "
 2159 "with e.g. the '--list-all' will show PKCS#11 URIs as well."
 2160 msgstr ""
 2161 
 2162 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2163 #: sssd.conf.5.xml:1689
 2164 msgid "pam_initgroups_scheme"
 2165 msgstr ""
 2166 
 2167 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2168 #: sssd.conf.5.xml:1697
 2169 msgid "always"
 2170 msgstr ""
 2171 
 2172 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2173 #: sssd.conf.5.xml:1698
 2174 msgid ""
 2175 "Always do an online lookup, please note that pam_id_timeout still applies"
 2176 msgstr ""
 2177 
 2178 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2179 #: sssd.conf.5.xml:1702
 2180 msgid "no_session"
 2181 msgstr ""
 2182 
 2183 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2184 #: sssd.conf.5.xml:1703
 2185 msgid ""
 2186 "Only do an online lookup if there is no active session of the user, i.e. if "
 2187 "the user is currently not logged in"
 2188 msgstr ""
 2189 
 2190 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2191 #: sssd.conf.5.xml:1708
 2192 msgid "never"
 2193 msgstr ""
 2194 
 2195 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2196 #: sssd.conf.5.xml:1709
 2197 msgid ""
 2198 "Never force an online lookup, use the data from the cache as long as they "
 2199 "are not expired"
 2200 msgstr ""
 2201 
 2202 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2203 #: sssd.conf.5.xml:1692
 2204 msgid ""
 2205 "The PAM responder can force an online lookup to get the current group "
 2206 "memberships of the user trying to log in. This option controls when this "
 2207 "should be done and the following values are allowed: <placeholder type="
 2208 "\"variablelist\" id=\"0\"/>"
 2209 msgstr ""
 2210 
 2211 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2212 #: sssd.conf.5.xml:1716
 2213 msgid "Default: no_session"
 2214 msgstr ""
 2215 
 2216 #. type: Content of: <reference><refentry><refsect1><para>
 2217 #: sssd.conf.5.xml:1721 sssd.conf.5.xml:3929
 2218 msgid "pam_gssapi_services"
 2219 msgstr ""
 2220 
 2221 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2222 #: sssd.conf.5.xml:1724
 2223 msgid ""
 2224 "Comma separated list of PAM services that are allowed to try GSSAPI "
 2225 "authentication using pam_sss_gss.so module."
 2226 msgstr ""
 2227 
 2228 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2229 #: sssd.conf.5.xml:1729
 2230 msgid ""
 2231 "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
 2232 msgstr ""
 2233 
 2234 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2235 #: sssd.conf.5.xml:1733 sssd.conf.5.xml:1764 sssd.conf.5.xml:1802
 2236 msgid ""
 2237 "Note: This option can also be set per-domain which overwrites the value in "
 2238 "[pam] section. It can also be set for trusted domain which overwrites the "
 2239 "value in the domain section."
 2240 msgstr ""
 2241 
 2242 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2243 #: sssd.conf.5.xml:1741
 2244 #, no-wrap
 2245 msgid ""
 2246 "pam_gssapi_services = sudo, sudo-i\n"
 2247 "                            "
 2248 msgstr ""
 2249 
 2250 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2251 #: sssd.conf.5.xml:1739 sssd.conf.5.xml:3457 sssd-secrets.5.xml:448
 2252 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
 2253 msgstr ""
 2254 
 2255 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2256 #: sssd.conf.5.xml:1745
 2257 msgid "Default: - (GSSAPI authentication is disabled)"
 2258 msgstr ""
 2259 
 2260 #. type: Content of: <reference><refentry><refsect1><para>
 2261 #: sssd.conf.5.xml:1750 sssd.conf.5.xml:3930
 2262 msgid "pam_gssapi_check_upn"
 2263 msgstr ""
 2264 
 2265 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2266 #: sssd.conf.5.xml:1753
 2267 msgid ""
 2268 "If True, SSSD will require that the Kerberos user principal that "
 2269 "successfully authenticated through GSSAPI can be associated with the user "
 2270 "who is being authenticated. Authentication will fail if the check fails."
 2271 msgstr ""
 2272 
 2273 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2274 #: sssd.conf.5.xml:1760
 2275 msgid ""
 2276 "If False, every user that is able to obtained required service ticket will "
 2277 "be authenticated."
 2278 msgstr ""
 2279 
 2280 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2281 #: sssd.conf.5.xml:1770 sssd-ad.5.xml:1243 sss_rpcidmapd.5.xml:76
 2282 msgid "Default: True"
 2283 msgstr "Padrão: TRUE"
 2284 
 2285 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2286 #: sssd.conf.5.xml:1775
 2287 msgid "pam_gssapi_indicators_map"
 2288 msgstr ""
 2289 
 2290 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2291 #: sssd.conf.5.xml:1778
 2292 msgid ""
 2293 "Comma separated list of authentication indicators required to be present in "
 2294 "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
 2295 "authentication using pam_sss_gss.so module."
 2296 msgstr ""
 2297 
 2298 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2299 #: sssd.conf.5.xml:1784
 2300 msgid ""
 2301 "Each element of the list can be either an authentication indicator name or a "
 2302 "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
 2303 "service name will be required to access any PAM service configured to be "
 2304 "used with <option>pam_gssapi_services</option>. A resulting list of "
 2305 "indicators per PAM service is then checked against indicators in the "
 2306 "Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from "
 2307 "the ticket that matches the resulting list of indicators for the PAM service "
 2308 "would grant access. If none of the indicators in the list match, access will "
 2309 "be denied. If the resulting list of indicators for the PAM service is empty, "
 2310 "the check will not prevent the access."
 2311 msgstr ""
 2312 
 2313 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2314 #: sssd.conf.5.xml:1797
 2315 msgid ""
 2316 "To disable GSSAPI authentication indicator check, set this option to <quote>-"
 2317 "</quote> (dash). To disable the check for a specific PAM service, add "
 2318 "<quote>service:-</quote>."
 2319 msgstr ""
 2320 
 2321 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2322 #: sssd.conf.5.xml:1808
 2323 msgid ""
 2324 "Following authentication indicators are supported by IPA Kerberos "
 2325 "deployments:"
 2326 msgstr ""
 2327 
 2328 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2329 #: sssd.conf.5.xml:1811
 2330 msgid ""
 2331 "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
 2332 "files or on smart cards."
 2333 msgstr ""
 2334 
 2335 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2336 #: sssd.conf.5.xml:1814
 2337 msgid ""
 2338 "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
 2339 "FAST channel."
 2340 msgstr ""
 2341 
 2342 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2343 #: sssd.conf.5.xml:1817
 2344 msgid "radius -- pre-authentication with the help of a RADIUS server."
 2345 msgstr ""
 2346 
 2347 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 2348 #: sssd.conf.5.xml:1820
 2349 msgid ""
 2350 "otp -- pre-authentication using integrated two-factor authentication (2FA or "
 2351 "one-time password, OTP) in IPA."
 2352 msgstr ""
 2353 
 2354 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
 2355 #: sssd.conf.5.xml:1830
 2356 #, no-wrap
 2357 msgid ""
 2358 "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
 2359 "                            "
 2360 msgstr ""
 2361 
 2362 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2363 #: sssd.conf.5.xml:1825
 2364 msgid ""
 2365 "Example: to require access to SUDO services only for users which obtained "
 2366 "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
 2367 "set <placeholder type=\"programlisting\" id=\"0\"/>"
 2368 msgstr ""
 2369 
 2370 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2371 #: sssd.conf.5.xml:1834
 2372 msgid "Default: not set (use of authentication indicators is not required)"
 2373 msgstr ""
 2374 
 2375 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2376 #: sssd.conf.5.xml:1842
 2377 msgid "SUDO configuration options"
 2378 msgstr ""
 2379 
 2380 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2381 #: sssd.conf.5.xml:1844
 2382 msgid ""
 2383 "These options can be used to configure the sudo service.  The detailed "
 2384 "instructions for configuration of <citerefentry> <refentrytitle>sudo</"
 2385 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
 2386 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 2387 "</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
 2388 "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2389 msgstr ""
 2390 
 2391 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2392 #: sssd.conf.5.xml:1861
 2393 msgid "sudo_timed (bool)"
 2394 msgstr ""
 2395 
 2396 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2397 #: sssd.conf.5.xml:1864
 2398 msgid ""
 2399 "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
 2400 "that implement time-dependent sudoers entries."
 2401 msgstr ""
 2402 
 2403 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2404 #: sssd.conf.5.xml:1876
 2405 msgid "sudo_threshold (integer)"
 2406 msgstr ""
 2407 
 2408 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2409 #: sssd.conf.5.xml:1879
 2410 msgid ""
 2411 "Maximum number of expired rules that can be refreshed at once. If number of "
 2412 "expired rules is below threshold, those rules are refreshed with "
 2413 "<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
 2414 "<quote>full refresh</quote> of sudo rules is triggered instead. This "
 2415 "threshold number also applies to IPA sudo command and command group searches."
 2416 msgstr ""
 2417 
 2418 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2419 #: sssd.conf.5.xml:1898
 2420 msgid "AUTOFS configuration options"
 2421 msgstr ""
 2422 
 2423 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2424 #: sssd.conf.5.xml:1900
 2425 msgid "These options can be used to configure the autofs service."
 2426 msgstr ""
 2427 
 2428 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2429 #: sssd.conf.5.xml:1904
 2430 msgid "autofs_negative_timeout (integer)"
 2431 msgstr ""
 2432 
 2433 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2434 #: sssd.conf.5.xml:1907
 2435 msgid ""
 2436 "Specifies for how many seconds should the autofs responder negative cache "
 2437 "hits (that is, queries for invalid map entries, like nonexistent ones) "
 2438 "before asking the back end again."
 2439 msgstr ""
 2440 
 2441 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2442 #: sssd.conf.5.xml:1923
 2443 msgid "SSH configuration options"
 2444 msgstr ""
 2445 
 2446 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2447 #: sssd.conf.5.xml:1925
 2448 msgid "These options can be used to configure the SSH service."
 2449 msgstr ""
 2450 
 2451 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2452 #: sssd.conf.5.xml:1929
 2453 msgid "ssh_hash_known_hosts (bool)"
 2454 msgstr ""
 2455 
 2456 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2457 #: sssd.conf.5.xml:1932
 2458 msgid ""
 2459 "Whether or not to hash host names and addresses in the managed known_hosts "
 2460 "file."
 2461 msgstr ""
 2462 
 2463 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2464 #: sssd.conf.5.xml:1941
 2465 msgid "ssh_known_hosts_timeout (integer)"
 2466 msgstr ""
 2467 
 2468 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2469 #: sssd.conf.5.xml:1944
 2470 msgid ""
 2471 "How many seconds to keep a host in the managed known_hosts file after its "
 2472 "host keys were requested."
 2473 msgstr ""
 2474 
 2475 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2476 #: sssd.conf.5.xml:1948
 2477 msgid "Default: 180"
 2478 msgstr ""
 2479 
 2480 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2481 #: sssd.conf.5.xml:1953
 2482 msgid "ssh_use_certificate_keys (bool)"
 2483 msgstr ""
 2484 
 2485 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2486 #: sssd.conf.5.xml:1956
 2487 msgid ""
 2488 "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
 2489 "keys derived from the public key of X.509 certificates stored in the user "
 2490 "entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 2491 "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
 2492 msgstr ""
 2493 
 2494 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2495 #: sssd.conf.5.xml:1971
 2496 msgid "ssh_use_certificate_matching_rules (string)"
 2497 msgstr ""
 2498 
 2499 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2500 #: sssd.conf.5.xml:1974
 2501 msgid ""
 2502 "By default the ssh responder will use all available certificate matching "
 2503 "rules to filter the certificates so that ssh keys are only derived from the "
 2504 "matching ones. With this option the used rules can be restricted with a "
 2505 "comma separated list of mapping and matching rule names. All other rules "
 2506 "will be ignored."
 2507 msgstr ""
 2508 
 2509 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2510 #: sssd.conf.5.xml:1983
 2511 msgid ""
 2512 "There are two special key words 'all_rules' and 'no_rules' which will enable "
 2513 "all or no rules, respectively. The latter means that no certificates will be "
 2514 "filtered out and ssh keys will be generated from all valid certificates."
 2515 msgstr ""
 2516 
 2517 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2518 #: sssd.conf.5.xml:1990
 2519 msgid ""
 2520 "If no rules are configured using 'all_rules' will enable a default rule "
 2521 "which enables all certificates suitable for client authentication.  This is "
 2522 "the same behavior as for the PAM responder if certificate authentication is "
 2523 "enabled."
 2524 msgstr ""
 2525 
 2526 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2527 #: sssd.conf.5.xml:1997
 2528 msgid ""
 2529 "A non-existing rule name is considered an error.  If as a result no rule is "
 2530 "selected all certificates will be ignored."
 2531 msgstr ""
 2532 
 2533 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2534 #: sssd.conf.5.xml:2002
 2535 msgid ""
 2536 "Default: not set, equivalent to 'all_rules', all found rules or the default "
 2537 "rule are used"
 2538 msgstr ""
 2539 
 2540 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2541 #: sssd.conf.5.xml:2008
 2542 msgid "ca_db (string)"
 2543 msgstr ""
 2544 
 2545 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2546 #: sssd.conf.5.xml:2011
 2547 msgid ""
 2548 "Path to a storage of trusted CA certificates. The option is used to validate "
 2549 "user certificates before deriving public ssh keys from them."
 2550 msgstr ""
 2551 
 2552 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2553 #: sssd.conf.5.xml:2031
 2554 msgid "PAC responder configuration options"
 2555 msgstr ""
 2556 
 2557 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2558 #: sssd.conf.5.xml:2033
 2559 msgid ""
 2560 "The PAC responder works together with the authorization data plugin for MIT "
 2561 "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
 2562 "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
 2563 "provider collects domain SID and ID ranges of the domain the client is "
 2564 "joined to and of remote trusted domains from the local domain controller. If "
 2565 "the PAC is decoded and evaluated some of the following operations are done:"
 2566 msgstr ""
 2567 
 2568 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2569 #: sssd.conf.5.xml:2042
 2570 msgid ""
 2571 "If the remote user does not exist in the cache, it is created. The UID is "
 2572 "determined with the help of the SID, trusted domains will have UPGs and the "
 2573 "GID will have the same value as the UID. The home directory is set based on "
 2574 "the subdomain_homedir parameter. The shell will be empty by default, i.e. "
 2575 "the system defaults are used, but can be overwritten with the default_shell "
 2576 "parameter."
 2577 msgstr ""
 2578 
 2579 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 2580 #: sssd.conf.5.xml:2050
 2581 msgid ""
 2582 "If there are SIDs of groups from domains sssd knows about, the user will be "
 2583 "added to those groups."
 2584 msgstr ""
 2585 
 2586 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2587 #: sssd.conf.5.xml:2056
 2588 msgid "These options can be used to configure the PAC responder."
 2589 msgstr ""
 2590 
 2591 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2592 #: sssd.conf.5.xml:2060 sssd-ifp.5.xml:50
 2593 msgid "allowed_uids (string)"
 2594 msgstr ""
 2595 
 2596 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2597 #: sssd.conf.5.xml:2063
 2598 msgid ""
 2599 "Specifies the comma-separated list of UID values or user names that are "
 2600 "allowed to access the PAC responder. User names are resolved to UIDs at "
 2601 "startup."
 2602 msgstr ""
 2603 
 2604 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2605 #: sssd.conf.5.xml:2069
 2606 msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
 2607 msgstr ""
 2608 
 2609 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2610 #: sssd.conf.5.xml:2073
 2611 msgid ""
 2612 "Please note that although the UID 0 is used as the default it will be "
 2613 "overwritten with this option. If you still want to allow the root user to "
 2614 "access the PAC responder, which would be the typical case, you have to add 0 "
 2615 "to the list of allowed UIDs as well."
 2616 msgstr ""
 2617 
 2618 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 2619 #: sssd.conf.5.xml:2082
 2620 msgid "pac_lifetime (integer)"
 2621 msgstr ""
 2622 
 2623 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 2624 #: sssd.conf.5.xml:2085
 2625 msgid ""
 2626 "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
 2627 "data can be used to determine the group memberships of a user."
 2628 msgstr ""
 2629 
 2630 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 2631 #: sssd.conf.5.xml:2098
 2632 msgid "Session recording configuration options"
 2633 msgstr ""
 2634 
 2635 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2636 #: sssd.conf.5.xml:2100
 2637 msgid ""
 2638 "Session recording works in conjunction with <citerefentry> "
 2639 "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
 2640 "citerefentry>, a part of tlog package, to log what users see and type when "
 2641 "they log in on a text terminal.  See also <citerefentry> <refentrytitle>sssd-"
 2642 "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
 2643 msgstr ""
 2644 
 2645 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 2646 #: sssd.conf.5.xml:2113
 2647 msgid "These options can be used to configure session recording."
 2648 msgstr ""
 2649 
 2650 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2651 #: sssd.conf.5.xml:2117 sssd-session-recording.5.xml:64
 2652 msgid "scope (string)"
 2653 msgstr ""
 2654 
 2655 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2656 #: sssd.conf.5.xml:2124 sssd-session-recording.5.xml:71
 2657 msgid "\"none\""
 2658 msgstr ""
 2659 
 2660 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2661 #: sssd.conf.5.xml:2127 sssd-session-recording.5.xml:74
 2662 msgid "No users are recorded."
 2663 msgstr ""
 2664 
 2665 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2666 #: sssd.conf.5.xml:2132 sssd-session-recording.5.xml:79
 2667 msgid "\"some\""
 2668 msgstr ""
 2669 
 2670 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2671 #: sssd.conf.5.xml:2135 sssd-session-recording.5.xml:82
 2672 msgid ""
 2673 "Users/groups specified by <replaceable>users</replaceable> and "
 2674 "<replaceable>groups</replaceable> options are recorded."
 2675 msgstr ""
 2676 
 2677 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2678 #: sssd.conf.5.xml:2144 sssd-session-recording.5.xml:91
 2679 msgid "\"all\""
 2680 msgstr ""
 2681 
 2682 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2683 #: sssd.conf.5.xml:2147 sssd-session-recording.5.xml:94
 2684 msgid "All users are recorded."
 2685 msgstr ""
 2686 
 2687 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2688 #: sssd.conf.5.xml:2120 sssd-session-recording.5.xml:67
 2689 msgid ""
 2690 "One of the following strings specifying the scope of session recording: "
 2691 "<placeholder type=\"variablelist\" id=\"0\"/>"
 2692 msgstr ""
 2693 
 2694 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2695 #: sssd.conf.5.xml:2154 sssd-session-recording.5.xml:101
 2696 msgid "Default: \"none\""
 2697 msgstr ""
 2698 
 2699 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2700 #: sssd.conf.5.xml:2159 sssd-session-recording.5.xml:106
 2701 msgid "users (string)"
 2702 msgstr ""
 2703 
 2704 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2705 #: sssd.conf.5.xml:2162 sssd-session-recording.5.xml:109
 2706 msgid ""
 2707 "A comma-separated list of users which should have session recording enabled. "
 2708 "Matches user names as returned by NSS. I.e. after the possible space "
 2709 "replacement, case changes, etc."
 2710 msgstr ""
 2711 
 2712 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2713 #: sssd.conf.5.xml:2168 sssd-session-recording.5.xml:115
 2714 msgid "Default: Empty. Matches no users."
 2715 msgstr ""
 2716 
 2717 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2718 #: sssd.conf.5.xml:2173 sssd-session-recording.5.xml:120
 2719 msgid "groups (string)"
 2720 msgstr ""
 2721 
 2722 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2723 #: sssd.conf.5.xml:2176 sssd-session-recording.5.xml:123
 2724 msgid ""
 2725 "A comma-separated list of groups, members of which should have session "
 2726 "recording enabled. Matches group names as returned by NSS. I.e. after the "
 2727 "possible space replacement, case changes, etc."
 2728 msgstr ""
 2729 
 2730 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2731 #: sssd.conf.5.xml:2182 sssd.conf.5.xml:2214 sssd-session-recording.5.xml:129
 2732 #: sssd-session-recording.5.xml:161
 2733 msgid ""
 2734 "NOTE: using this option (having it set to anything) has a considerable "
 2735 "performance cost, because each uncached request for a user requires "
 2736 "retrieving and matching the groups the user is member of."
 2737 msgstr ""
 2738 
 2739 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2740 #: sssd.conf.5.xml:2189 sssd-session-recording.5.xml:136
 2741 msgid "Default: Empty. Matches no groups."
 2742 msgstr ""
 2743 
 2744 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2745 #: sssd.conf.5.xml:2194 sssd-session-recording.5.xml:141
 2746 #, fuzzy
 2747 #| msgid "ldap_user_shell (string)"
 2748 msgid "exclude_users (string)"
 2749 msgstr "ldap_user_shell (string)"
 2750 
 2751 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2752 #: sssd.conf.5.xml:2197 sssd-session-recording.5.xml:144
 2753 msgid ""
 2754 "A comma-separated list of users to be excluded from recording, only "
 2755 "applicable with 'scope=all'."
 2756 msgstr ""
 2757 
 2758 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2759 #: sssd.conf.5.xml:2201 sssd-session-recording.5.xml:148
 2760 #, fuzzy
 2761 #| msgid "Default: empty, i.e. ldap_uri is used."
 2762 msgid "Default: Empty. No users excluded."
 2763 msgstr "Padrão: empty, ou seja, ldap_uri é usado."
 2764 
 2765 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 2766 #: sssd.conf.5.xml:2206 sssd-session-recording.5.xml:153
 2767 #, fuzzy
 2768 #| msgid "ldap_group_search_base (string)"
 2769 msgid "exclude_groups (string)"
 2770 msgstr "ldap_group_search_base (string)"
 2771 
 2772 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2773 #: sssd.conf.5.xml:2209 sssd-session-recording.5.xml:156
 2774 msgid ""
 2775 "A comma-separated list of groups, members of which should be excluded from "
 2776 "recording. Only applicable with 'scope=all'."
 2777 msgstr ""
 2778 
 2779 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 2780 #: sssd.conf.5.xml:2221 sssd-session-recording.5.xml:168
 2781 #, fuzzy
 2782 #| msgid "Default: empty, i.e. ldap_uri is used."
 2783 msgid "Default: Empty. No groups excluded."
 2784 msgstr "Padrão: empty, ou seja, ldap_uri é usado."
 2785 
 2786 #. type: Content of: <reference><refentry><refsect1><title>
 2787 #: sssd.conf.5.xml:2231
 2788 msgid "DOMAIN SECTIONS"
 2789 msgstr "SECÇÕES DE DOMÍNIO"
 2790 
 2791 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2792 #: sssd.conf.5.xml:2238
 2793 msgid "enabled"
 2794 msgstr ""
 2795 
 2796 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2797 #: sssd.conf.5.xml:2241
 2798 msgid ""
 2799 "Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
 2800 "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
 2801 "always <quote>disabled</quote>. If this option is not set, the domain is "
 2802 "enabled only if it is listed in the domains option in the <quote>[sssd]</"
 2803 "quote> section."
 2804 msgstr ""
 2805 
 2806 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2807 #: sssd.conf.5.xml:2253
 2808 msgid "domain_type (string)"
 2809 msgstr ""
 2810 
 2811 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2812 #: sssd.conf.5.xml:2256
 2813 msgid ""
 2814 "Specifies whether the domain is meant to be used by POSIX-aware clients such "
 2815 "as the Name Service Switch or by applications that do not need POSIX data to "
 2816 "be present or generated. Only objects from POSIX domains are available to "
 2817 "the operating system interfaces and utilities."
 2818 msgstr ""
 2819 
 2820 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2821 #: sssd.conf.5.xml:2264
 2822 msgid ""
 2823 "Allowed values for this option are <quote>posix</quote> and "
 2824 "<quote>application</quote>."
 2825 msgstr ""
 2826 
 2827 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2828 #: sssd.conf.5.xml:2268
 2829 msgid ""
 2830 "POSIX domains are reachable by all services. Application domains are only "
 2831 "reachable from the InfoPipe responder (see <citerefentry> "
 2832 "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
 2833 "citerefentry>) and the PAM responder."
 2834 msgstr ""
 2835 
 2836 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2837 #: sssd.conf.5.xml:2276
 2838 msgid ""
 2839 "NOTE: The application domains are currently well tested with "
 2840 "<quote>id_provider=ldap</quote> only."
 2841 msgstr ""
 2842 
 2843 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2844 #: sssd.conf.5.xml:2280
 2845 msgid ""
 2846 "For an easy way to configure a non-POSIX domains, please see the "
 2847 "<quote>Application domains</quote> section."
 2848 msgstr ""
 2849 
 2850 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2851 #: sssd.conf.5.xml:2284
 2852 msgid "Default: posix"
 2853 msgstr ""
 2854 
 2855 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2856 #: sssd.conf.5.xml:2290
 2857 msgid "min_id,max_id (integer)"
 2858 msgstr "min_id,max_id (integer)"
 2859 
 2860 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2861 #: sssd.conf.5.xml:2293
 2862 msgid ""
 2863 "UID and GID limits for the domain. If a domain contains an entry that is "
 2864 "outside these limits, it is ignored."
 2865 msgstr ""
 2866 
 2867 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2868 #: sssd.conf.5.xml:2298
 2869 msgid ""
 2870 "For users, this affects the primary GID limit. The user will not be returned "
 2871 "to NSS if either the UID or the primary GID is outside the range. For non-"
 2872 "primary group memberships, those that are in range will be reported as "
 2873 "expected."
 2874 msgstr ""
 2875 
 2876 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2877 #: sssd.conf.5.xml:2305
 2878 msgid ""
 2879 "These ID limits affect even saving entries to cache, not only returning them "
 2880 "by name or ID."
 2881 msgstr ""
 2882 
 2883 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2884 #: sssd.conf.5.xml:2309
 2885 msgid "Default: 1 for min_id, 0 (no limit) for max_id"
 2886 msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
 2887 
 2888 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2889 #: sssd.conf.5.xml:2315
 2890 msgid "enumerate (bool)"
 2891 msgstr "enumerate (bool)"
 2892 
 2893 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2894 #: sssd.conf.5.xml:2318
 2895 msgid ""
 2896 "Determines if a domain can be enumerated, that is, whether the domain can "
 2897 "list all the users and group it contains. Note that it is not required to "
 2898 "enable enumeration in order for secondary groups to be displayed. This "
 2899 "parameter can have one of the following values:"
 2900 msgstr ""
 2901 
 2902 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2903 #: sssd.conf.5.xml:2326
 2904 msgid "TRUE = Users and groups are enumerated"
 2905 msgstr ""
 2906 
 2907 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2908 #: sssd.conf.5.xml:2329
 2909 msgid "FALSE = No enumerations for this domain"
 2910 msgstr ""
 2911 
 2912 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2913 #: sssd.conf.5.xml:2332 sssd.conf.5.xml:2602 sssd.conf.5.xml:2778
 2914 msgid "Default: FALSE"
 2915 msgstr "Padrão: FALSE"
 2916 
 2917 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2918 #: sssd.conf.5.xml:2335
 2919 msgid ""
 2920 "Enumerating a domain requires SSSD to download and store ALL user and group "
 2921 "entries from the remote server."
 2922 msgstr ""
 2923 
 2924 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2925 #: sssd.conf.5.xml:2340
 2926 msgid ""
 2927 "Note: Enabling enumeration has a moderate performance impact on SSSD while "
 2928 "enumeration is running. It may take up to several minutes after SSSD startup "
 2929 "to fully complete enumerations.  During this time, individual requests for "
 2930 "information will go directly to LDAP, though it may be slow, due to the "
 2931 "heavy enumeration processing. Saving a large number of entries to cache "
 2932 "after the enumeration completes might also be CPU intensive as the "
 2933 "memberships have to be recomputed. This can lead to the <quote>sssd_be</"
 2934 "quote> process becoming unresponsive or even restarted by the internal "
 2935 "watchdog."
 2936 msgstr ""
 2937 
 2938 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2939 #: sssd.conf.5.xml:2355
 2940 msgid ""
 2941 "While the first enumeration is running, requests for the complete user or "
 2942 "group lists may return no results until it completes."
 2943 msgstr ""
 2944 
 2945 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2946 #: sssd.conf.5.xml:2360
 2947 msgid ""
 2948 "Further, enabling enumeration may increase the time necessary to detect "
 2949 "network disconnection, as longer timeouts are required to ensure that "
 2950 "enumeration lookups are completed successfully.  For more information, refer "
 2951 "to the man pages for the specific id_provider in use."
 2952 msgstr ""
 2953 
 2954 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2955 #: sssd.conf.5.xml:2368
 2956 msgid ""
 2957 "For the reasons cited above, enabling enumeration is not recommended, "
 2958 "especially in large environments."
 2959 msgstr ""
 2960 
 2961 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2962 #: sssd.conf.5.xml:2376
 2963 msgid "subdomain_enumerate (string)"
 2964 msgstr ""
 2965 
 2966 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2967 #: sssd.conf.5.xml:2383
 2968 msgid "all"
 2969 msgstr ""
 2970 
 2971 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2972 #: sssd.conf.5.xml:2384
 2973 msgid "All discovered trusted domains will be enumerated"
 2974 msgstr ""
 2975 
 2976 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 2977 #: sssd.conf.5.xml:2387
 2978 msgid "none"
 2979 msgstr ""
 2980 
 2981 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 2982 #: sssd.conf.5.xml:2388
 2983 msgid "No discovered trusted domains will be enumerated"
 2984 msgstr ""
 2985 
 2986 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 2987 #: sssd.conf.5.xml:2379
 2988 msgid ""
 2989 "Whether any of autodetected trusted domains should be enumerated. The "
 2990 "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
 2991 "Optionally, a list of one or more domain names can enable enumeration just "
 2992 "for these trusted domains."
 2993 msgstr ""
 2994 
 2995 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 2996 #: sssd.conf.5.xml:2402
 2997 msgid "entry_cache_timeout (integer)"
 2998 msgstr "entry_cache_timeout (integer)"
 2999 
 3000 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3001 #: sssd.conf.5.xml:2405
 3002 msgid ""
 3003 "How many seconds should nss_sss consider entries valid before asking the "
 3004 "backend again"
 3005 msgstr ""
 3006 
 3007 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3008 #: sssd.conf.5.xml:2409
 3009 msgid ""
 3010 "The cache expiration timestamps are stored as attributes of individual "
 3011 "objects in the cache. Therefore, changing the cache timeout only has effect "
 3012 "for newly added or expired entries.  You should run the <citerefentry> "
 3013 "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
 3014 "citerefentry> tool in order to force refresh of entries that have already "
 3015 "been cached."
 3016 msgstr ""
 3017 
 3018 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3019 #: sssd.conf.5.xml:2422
 3020 msgid "Default: 5400"
 3021 msgstr "Padrão: 5400"
 3022 
 3023 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3024 #: sssd.conf.5.xml:2428
 3025 msgid "entry_cache_user_timeout (integer)"
 3026 msgstr ""
 3027 
 3028 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3029 #: sssd.conf.5.xml:2431
 3030 msgid ""
 3031 "How many seconds should nss_sss consider user entries valid before asking "
 3032 "the backend again"
 3033 msgstr ""
 3034 
 3035 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3036 #: sssd.conf.5.xml:2435 sssd.conf.5.xml:2448 sssd.conf.5.xml:2461
 3037 #: sssd.conf.5.xml:2474 sssd.conf.5.xml:2488 sssd.conf.5.xml:2501
 3038 #: sssd.conf.5.xml:2515 sssd.conf.5.xml:2529 sssd.conf.5.xml:2542
 3039 msgid "Default: entry_cache_timeout"
 3040 msgstr ""
 3041 
 3042 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3043 #: sssd.conf.5.xml:2441
 3044 msgid "entry_cache_group_timeout (integer)"
 3045 msgstr ""
 3046 
 3047 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3048 #: sssd.conf.5.xml:2444
 3049 msgid ""
 3050 "How many seconds should nss_sss consider group entries valid before asking "
 3051 "the backend again"
 3052 msgstr ""
 3053 
 3054 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3055 #: sssd.conf.5.xml:2454
 3056 msgid "entry_cache_netgroup_timeout (integer)"
 3057 msgstr ""
 3058 
 3059 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3060 #: sssd.conf.5.xml:2457
 3061 msgid ""
 3062 "How many seconds should nss_sss consider netgroup entries valid before "
 3063 "asking the backend again"
 3064 msgstr ""
 3065 
 3066 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3067 #: sssd.conf.5.xml:2467
 3068 msgid "entry_cache_service_timeout (integer)"
 3069 msgstr ""
 3070 
 3071 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3072 #: sssd.conf.5.xml:2470
 3073 msgid ""
 3074 "How many seconds should nss_sss consider service entries valid before asking "
 3075 "the backend again"
 3076 msgstr ""
 3077 
 3078 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3079 #: sssd.conf.5.xml:2480
 3080 msgid "entry_cache_resolver_timeout (integer)"
 3081 msgstr ""
 3082 
 3083 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3084 #: sssd.conf.5.xml:2483
 3085 msgid ""
 3086 "How many seconds should nss_sss consider hosts and networks entries valid "
 3087 "before asking the backend again"
 3088 msgstr ""
 3089 
 3090 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3091 #: sssd.conf.5.xml:2494
 3092 msgid "entry_cache_sudo_timeout (integer)"
 3093 msgstr ""
 3094 
 3095 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3096 #: sssd.conf.5.xml:2497
 3097 msgid ""
 3098 "How many seconds should sudo consider rules valid before asking the backend "
 3099 "again"
 3100 msgstr ""
 3101 
 3102 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3103 #: sssd.conf.5.xml:2507
 3104 msgid "entry_cache_autofs_timeout (integer)"
 3105 msgstr ""
 3106 
 3107 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3108 #: sssd.conf.5.xml:2510
 3109 msgid ""
 3110 "How many seconds should the autofs service consider automounter maps valid "
 3111 "before asking the backend again"
 3112 msgstr ""
 3113 
 3114 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3115 #: sssd.conf.5.xml:2521
 3116 msgid "entry_cache_ssh_host_timeout (integer)"
 3117 msgstr ""
 3118 
 3119 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3120 #: sssd.conf.5.xml:2524
 3121 msgid ""
 3122 "How many seconds to keep a host ssh key after refresh. IE how long to cache "
 3123 "the host key for."
 3124 msgstr ""
 3125 
 3126 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3127 #: sssd.conf.5.xml:2535
 3128 msgid "entry_cache_computer_timeout (integer)"
 3129 msgstr ""
 3130 
 3131 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3132 #: sssd.conf.5.xml:2538
 3133 msgid ""
 3134 "How many seconds to keep the local computer entry before asking the backend "
 3135 "again"
 3136 msgstr ""
 3137 
 3138 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3139 #: sssd.conf.5.xml:2548
 3140 msgid "refresh_expired_interval (integer)"
 3141 msgstr ""
 3142 
 3143 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3144 #: sssd.conf.5.xml:2551
 3145 msgid ""
 3146 "Specifies how many seconds SSSD has to wait before triggering a background "
 3147 "refresh task which will refresh all expired or nearly expired records."
 3148 msgstr ""
 3149 
 3150 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3151 #: sssd.conf.5.xml:2556
 3152 msgid ""
 3153 "The background refresh will process users, groups and netgroups in the "
 3154 "cache. For users who have performed the initgroups (get group membership for "
 3155 "user, typically ran at login)  operation in the past, both the user entry "
 3156 "and the group membership are updated."
 3157 msgstr ""
 3158 
 3159 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3160 #: sssd.conf.5.xml:2564
 3161 msgid "This option is automatically inherited for all trusted domains."
 3162 msgstr ""
 3163 
 3164 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3165 #: sssd.conf.5.xml:2568
 3166 msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
 3167 msgstr ""
 3168 
 3169 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3170 #: sssd.conf.5.xml:2572
 3171 msgid ""
 3172 "Cache entry will be refreshed by background task when 2/3 of cache timeout "
 3173 "has already passed.  If there are existing cached entries, the background "
 3174 "task will refer to their original cache timeout values instead of current "
 3175 "configuration value.  This may lead to a situation in which background "
 3176 "refresh task appears to not be working. This is done by design to improve "
 3177 "offline mode operation and reuse of existing valid cache entries.  To make "
 3178 "this change instant the user may want to manually invalidate existing cache."
 3179 msgstr ""
 3180 
 3181 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3182 #: sssd.conf.5.xml:2585 sssd-ldap.5.xml:350 sssd-ipa.5.xml:269
 3183 msgid "Default: 0 (disabled)"
 3184 msgstr ""
 3185 
 3186 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3187 #: sssd.conf.5.xml:2591
 3188 msgid "cache_credentials (bool)"
 3189 msgstr "cache_credentials (bool)"
 3190 
 3191 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3192 #: sssd.conf.5.xml:2594
 3193 msgid "Determines if user credentials are also cached in the local LDB cache"
 3194 msgstr ""
 3195 
 3196 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3197 #: sssd.conf.5.xml:2598
 3198 msgid "User credentials are stored in a SHA512 hash, not in plaintext"
 3199 msgstr ""
 3200 
 3201 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3202 #: sssd.conf.5.xml:2608
 3203 msgid "cache_credentials_minimal_first_factor_length (int)"
 3204 msgstr ""
 3205 
 3206 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3207 #: sssd.conf.5.xml:2611
 3208 msgid ""
 3209 "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
 3210 "this value determines the minimal length the first authentication factor "
 3211 "(long term password) must have to be saved as SHA512 hash into the cache."
 3212 msgstr ""
 3213 
 3214 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3215 #: sssd.conf.5.xml:2618
 3216 msgid ""
 3217 "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
 3218 "the cache which would make them easy targets for brute-force attacks."
 3219 msgstr ""
 3220 
 3221 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3222 #: sssd.conf.5.xml:2629
 3223 msgid "account_cache_expiration (integer)"
 3224 msgstr "account_cache_expiration (integer)"
 3225 
 3226 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3227 #: sssd.conf.5.xml:2632
 3228 msgid ""
 3229 "Number of days entries are left in cache after last successful login before "
 3230 "being removed during a cleanup of the cache. 0 means keep forever.  The "
 3231 "value of this parameter must be greater than or equal to "
 3232 "offline_credentials_expiration."
 3233 msgstr ""
 3234 
 3235 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3236 #: sssd.conf.5.xml:2639
 3237 msgid "Default: 0 (unlimited)"
 3238 msgstr "Padrão: 0 (ilimitado)"
 3239 
 3240 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3241 #: sssd.conf.5.xml:2644
 3242 msgid "pwd_expiration_warning (integer)"
 3243 msgstr ""
 3244 
 3245 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3246 #: sssd.conf.5.xml:2655
 3247 msgid ""
 3248 "Please note that the backend server has to provide information about the "
 3249 "expiration time of the password.  If this information is missing, sssd "
 3250 "cannot display a warning. Also an auth provider has to be configured for the "
 3251 "backend."
 3252 msgstr ""
 3253 
 3254 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3255 #: sssd.conf.5.xml:2662
 3256 msgid "Default: 7 (Kerberos), 0 (LDAP)"
 3257 msgstr ""
 3258 
 3259 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3260 #: sssd.conf.5.xml:2668
 3261 msgid "id_provider (string)"
 3262 msgstr "id_provider (string)"
 3263 
 3264 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3265 #: sssd.conf.5.xml:2671
 3266 msgid ""
 3267 "The identification provider used for the domain.  Supported ID providers are:"
 3268 msgstr ""
 3269 
 3270 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3271 #: sssd.conf.5.xml:2675
 3272 msgid "<quote>proxy</quote>: Support a legacy NSS provider."
 3273 msgstr ""
 3274 
 3275 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3276 #: sssd.conf.5.xml:2678
 3277 msgid ""
 3278 "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
 3279 msgstr ""
 3280 
 3281 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3282 #: sssd.conf.5.xml:2682
 3283 msgid ""
 3284 "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
 3285 "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3286 "information on how to mirror local users and groups into SSSD."
 3287 msgstr ""
 3288 
 3289 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3290 #: sssd.conf.5.xml:2690
 3291 msgid ""
 3292 "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
 3293 "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
 3294 "information on configuring LDAP."
 3295 msgstr ""
 3296 
 3297 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3298 #: sssd.conf.5.xml:2698 sssd.conf.5.xml:2804 sssd.conf.5.xml:2859
 3299 #: sssd.conf.5.xml:2922
 3300 msgid ""
 3301 "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
 3302 "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
 3303 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3304 "FreeIPA."
 3305 msgstr ""
 3306 
 3307 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3308 #: sssd.conf.5.xml:2707 sssd.conf.5.xml:2813 sssd.conf.5.xml:2868
 3309 #: sssd.conf.5.xml:2931
 3310 msgid ""
 3311 "<quote>ad</quote>: Active Directory provider. See <citerefentry> "
 3312 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3313 "citerefentry> for more information on configuring Active Directory."
 3314 msgstr ""
 3315 
 3316 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3317 #: sssd.conf.5.xml:2718
 3318 msgid "use_fully_qualified_names (bool)"
 3319 msgstr "use_fully_qualified_names (bool)"
 3320 
 3321 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3322 #: sssd.conf.5.xml:2721
 3323 msgid ""
 3324 "Use the full name and domain (as formatted by the domain's full_name_format) "
 3325 "as the user's login name reported to NSS."
 3326 msgstr ""
 3327 
 3328 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3329 #: sssd.conf.5.xml:2726
 3330 msgid ""
 3331 "If set to TRUE, all requests to this domain must use fully qualified names. "
 3332 "For example, if used in LOCAL domain that contains a \"test\" user, "
 3333 "<command>getent passwd test</command> wouldn't find the user while "
 3334 "<command>getent passwd test@LOCAL</command> would."
 3335 msgstr ""
 3336 
 3337 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3338 #: sssd.conf.5.xml:2734
 3339 msgid ""
 3340 "NOTE: This option has no effect on netgroup lookups due to their tendency to "
 3341 "include nested netgroups without qualified names. For netgroups, all domains "
 3342 "will be searched when an unqualified name is requested."
 3343 msgstr ""
 3344 
 3345 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3346 #: sssd.conf.5.xml:2741
 3347 msgid ""
 3348 "Default: FALSE (TRUE for trusted domain/sub-domains or if "
 3349 "default_domain_suffix is used)"
 3350 msgstr ""
 3351 
 3352 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3353 #: sssd.conf.5.xml:2748
 3354 msgid "ignore_group_members (bool)"
 3355 msgstr ""
 3356 
 3357 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3358 #: sssd.conf.5.xml:2751
 3359 msgid "Do not return group members for group lookups."
 3360 msgstr ""
 3361 
 3362 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3363 #: sssd.conf.5.xml:2754
 3364 msgid ""
 3365 "If set to TRUE, the group membership attribute is not requested from the "
 3366 "ldap server, and group members are not returned when processing group lookup "
 3367 "calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
 3368 "<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
 3369 "<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
 3370 "citerefentry>.  As an effect, <quote>getent group $groupname</quote> would "
 3371 "return the requested group as if it was empty."
 3372 msgstr ""
 3373 
 3374 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3375 #: sssd.conf.5.xml:2772
 3376 msgid ""
 3377 "Enabling this option can also make access provider checks for group "
 3378 "membership significantly faster, especially for groups containing many "
 3379 "members."
 3380 msgstr ""
 3381 
 3382 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3383 #: sssd.conf.5.xml:2783
 3384 msgid "auth_provider (string)"
 3385 msgstr "auth_provider (string)"
 3386 
 3387 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3388 #: sssd.conf.5.xml:2786
 3389 msgid ""
 3390 "The authentication provider used for the domain.  Supported auth providers "
 3391 "are:"
 3392 msgstr ""
 3393 
 3394 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3395 #: sssd.conf.5.xml:2790 sssd.conf.5.xml:2852
 3396 msgid ""
 3397 "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
 3398 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3399 "citerefentry> for more information on configuring LDAP."
 3400 msgstr ""
 3401 
 3402 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3403 #: sssd.conf.5.xml:2797
 3404 msgid ""
 3405 "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
 3406 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3407 "citerefentry> for more information on configuring Kerberos."
 3408 msgstr ""
 3409 
 3410 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3411 #: sssd.conf.5.xml:2821
 3412 msgid ""
 3413 "<quote>proxy</quote> for relaying authentication to some other PAM target."
 3414 msgstr ""
 3415 
 3416 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3417 #: sssd.conf.5.xml:2824
 3418 msgid "<quote>local</quote>: SSSD internal provider for local users"
 3419 msgstr ""
 3420 
 3421 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3422 #: sssd.conf.5.xml:2828
 3423 msgid "<quote>none</quote> disables authentication explicitly."
 3424 msgstr ""
 3425 
 3426 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3427 #: sssd.conf.5.xml:2831
 3428 msgid ""
 3429 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3430 "authentication requests."
 3431 msgstr ""
 3432 
 3433 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3434 #: sssd.conf.5.xml:2837
 3435 msgid "access_provider (string)"
 3436 msgstr "access_provider (string)"
 3437 
 3438 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3439 #: sssd.conf.5.xml:2840
 3440 msgid ""
 3441 "The access control provider used for the domain.  There are two built-in "
 3442 "access providers (in addition to any included in installed backends)  "
 3443 "Internal special providers are:"
 3444 msgstr ""
 3445 
 3446 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3447 #: sssd.conf.5.xml:2846
 3448 msgid ""
 3449 "<quote>permit</quote> always allow access. It's the only permitted access "
 3450 "provider for a local domain."
 3451 msgstr ""
 3452 
 3453 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3454 #: sssd.conf.5.xml:2849
 3455 msgid "<quote>deny</quote> always deny access."
 3456 msgstr ""
 3457 
 3458 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3459 #: sssd.conf.5.xml:2876
 3460 msgid ""
 3461 "<quote>simple</quote> access control based on access or deny lists. See "
 3462 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
 3463 "manvolnum></citerefentry> for more information on configuring the simple "
 3464 "access module."
 3465 msgstr ""
 3466 
 3467 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3468 #: sssd.conf.5.xml:2883
 3469 msgid ""
 3470 "<quote>krb5</quote>: .k5login based access control.  See <citerefentry> "
 3471 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
 3472 "citerefentry> for more information on configuring Kerberos."
 3473 msgstr ""
 3474 
 3475 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3476 #: sssd.conf.5.xml:2890
 3477 msgid "<quote>proxy</quote> for relaying access control to another PAM module."
 3478 msgstr ""
 3479 
 3480 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3481 #: sssd.conf.5.xml:2893
 3482 msgid "Default: <quote>permit</quote>"
 3483 msgstr ""
 3484 
 3485 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3486 #: sssd.conf.5.xml:2898
 3487 msgid "chpass_provider (string)"
 3488 msgstr ""
 3489 
 3490 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3491 #: sssd.conf.5.xml:2901
 3492 msgid ""
 3493 "The provider which should handle change password operations for the domain.  "
 3494 "Supported change password providers are:"
 3495 msgstr ""
 3496 
 3497 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3498 #: sssd.conf.5.xml:2906
 3499 msgid ""
 3500 "<quote>ldap</quote> to change a password stored in a LDAP server. See "
 3501 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3502 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3503 msgstr ""
 3504 
 3505 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3506 #: sssd.conf.5.xml:2914
 3507 msgid ""
 3508 "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
 3509 "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
 3510 "citerefentry> for more information on configuring Kerberos."
 3511 msgstr ""
 3512 
 3513 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3514 #: sssd.conf.5.xml:2939
 3515 msgid ""
 3516 "<quote>proxy</quote> for relaying password changes to some other PAM target."
 3517 msgstr ""
 3518 
 3519 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3520 #: sssd.conf.5.xml:2943
 3521 msgid "<quote>none</quote> disallows password changes explicitly."
 3522 msgstr ""
 3523 
 3524 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3525 #: sssd.conf.5.xml:2946
 3526 msgid ""
 3527 "Default: <quote>auth_provider</quote> is used if it is set and can handle "
 3528 "change password requests."
 3529 msgstr ""
 3530 
 3531 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3532 #: sssd.conf.5.xml:2953
 3533 msgid "sudo_provider (string)"
 3534 msgstr ""
 3535 
 3536 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3537 #: sssd.conf.5.xml:2956
 3538 msgid "The SUDO provider used for the domain.  Supported SUDO providers are:"
 3539 msgstr ""
 3540 
 3541 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3542 #: sssd.conf.5.xml:2960
 3543 msgid ""
 3544 "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
 3545 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3546 "citerefentry> for more information on configuring LDAP."
 3547 msgstr ""
 3548 
 3549 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3550 #: sssd.conf.5.xml:2968
 3551 msgid ""
 3552 "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
 3553 "settings."
 3554 msgstr ""
 3555 
 3556 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3557 #: sssd.conf.5.xml:2972
 3558 msgid ""
 3559 "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
 3560 "settings."
 3561 msgstr ""
 3562 
 3563 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3564 #: sssd.conf.5.xml:2976
 3565 msgid "<quote>none</quote> disables SUDO explicitly."
 3566 msgstr ""
 3567 
 3568 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3569 #: sssd.conf.5.xml:2979 sssd.conf.5.xml:3065 sssd.conf.5.xml:3135
 3570 #: sssd.conf.5.xml:3160 sssd.conf.5.xml:3196
 3571 msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
 3572 msgstr ""
 3573 
 3574 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3575 #: sssd.conf.5.xml:2983
 3576 msgid ""
 3577 "The detailed instructions for configuration of sudo_provider are in the "
 3578 "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
 3579 "<manvolnum>5</manvolnum> </citerefentry>.  There are many configuration "
 3580 "options that can be used to adjust the behavior. Please refer to "
 3581 "\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
 3582 "<manvolnum>5</manvolnum> </citerefentry>."
 3583 msgstr ""
 3584 
 3585 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3586 #: sssd.conf.5.xml:2998
 3587 msgid ""
 3588 "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
 3589 "background unless the sudo provider is explicitly disabled. Set "
 3590 "<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
 3591 "activity in SSSD if you do not want to use sudo with SSSD at all."
 3592 msgstr ""
 3593 
 3594 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3595 #: sssd.conf.5.xml:3008
 3596 msgid "selinux_provider (string)"
 3597 msgstr ""
 3598 
 3599 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3600 #: sssd.conf.5.xml:3011
 3601 msgid ""
 3602 "The provider which should handle loading of selinux settings. Note that this "
 3603 "provider will be called right after access provider ends.  Supported selinux "
 3604 "providers are:"
 3605 msgstr ""
 3606 
 3607 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3608 #: sssd.conf.5.xml:3017
 3609 msgid ""
 3610 "<quote>ipa</quote> to load selinux settings from an IPA server. See "
 3611 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3612 "manvolnum> </citerefentry> for more information on configuring IPA."
 3613 msgstr ""
 3614 
 3615 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3616 #: sssd.conf.5.xml:3025
 3617 msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
 3618 msgstr ""
 3619 
 3620 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3621 #: sssd.conf.5.xml:3028
 3622 msgid ""
 3623 "Default: <quote>id_provider</quote> is used if it is set and can handle "
 3624 "selinux loading requests."
 3625 msgstr ""
 3626 
 3627 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3628 #: sssd.conf.5.xml:3034
 3629 msgid "subdomains_provider (string)"
 3630 msgstr ""
 3631 
 3632 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3633 #: sssd.conf.5.xml:3037
 3634 msgid ""
 3635 "The provider which should handle fetching of subdomains. This value should "
 3636 "be always the same as id_provider.  Supported subdomain providers are:"
 3637 msgstr ""
 3638 
 3639 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3640 #: sssd.conf.5.xml:3043
 3641 msgid ""
 3642 "<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
 3643 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3644 "manvolnum> </citerefentry> for more information on configuring IPA."
 3645 msgstr ""
 3646 
 3647 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3648 #: sssd.conf.5.xml:3052
 3649 msgid ""
 3650 "<quote>ad</quote> to load a list of subdomains from an Active Directory "
 3651 "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
 3652 "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
 3653 "the AD provider."
 3654 msgstr ""
 3655 
 3656 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3657 #: sssd.conf.5.xml:3061
 3658 msgid "<quote>none</quote> disallows fetching subdomains explicitly."
 3659 msgstr ""
 3660 
 3661 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3662 #: sssd.conf.5.xml:3071
 3663 msgid "session_provider (string)"
 3664 msgstr ""
 3665 
 3666 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3667 #: sssd.conf.5.xml:3074
 3668 msgid ""
 3669 "The provider which configures and manages user session related tasks. The "
 3670 "only user session task currently provided is the integration with Fleet "
 3671 "Commander, which works only with IPA.  Supported session providers are:"
 3672 msgstr ""
 3673 
 3674 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3675 #: sssd.conf.5.xml:3081
 3676 msgid "<quote>ipa</quote> to allow performing user session related tasks."
 3677 msgstr ""
 3678 
 3679 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3680 #: sssd.conf.5.xml:3085
 3681 msgid ""
 3682 "<quote>none</quote> does not perform any kind of user session related tasks."
 3683 msgstr ""
 3684 
 3685 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3686 #: sssd.conf.5.xml:3089
 3687 msgid ""
 3688 "Default: <quote>id_provider</quote> is used if it is set and can perform "
 3689 "session related tasks."
 3690 msgstr ""
 3691 
 3692 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3693 #: sssd.conf.5.xml:3093
 3694 msgid ""
 3695 "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
 3696 "SSSD must be running as \"root\" and not as the unprivileged user."
 3697 msgstr ""
 3698 
 3699 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3700 #: sssd.conf.5.xml:3101
 3701 msgid "autofs_provider (string)"
 3702 msgstr ""
 3703 
 3704 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3705 #: sssd.conf.5.xml:3104
 3706 msgid ""
 3707 "The autofs provider used for the domain.  Supported autofs providers are:"
 3708 msgstr ""
 3709 
 3710 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3711 #: sssd.conf.5.xml:3108
 3712 msgid ""
 3713 "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
 3714 "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
 3715 "citerefentry> for more information on configuring LDAP."
 3716 msgstr ""
 3717 
 3718 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3719 #: sssd.conf.5.xml:3115
 3720 msgid ""
 3721 "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
 3722 "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
 3723 "citerefentry> for more information on configuring IPA."
 3724 msgstr ""
 3725 
 3726 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3727 #: sssd.conf.5.xml:3123
 3728 msgid ""
 3729 "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
 3730 "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
 3731 "citerefentry> for more information on configuring the AD provider."
 3732 msgstr ""
 3733 
 3734 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3735 #: sssd.conf.5.xml:3132
 3736 msgid "<quote>none</quote> disables autofs explicitly."
 3737 msgstr ""
 3738 
 3739 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3740 #: sssd.conf.5.xml:3142
 3741 msgid "hostid_provider (string)"
 3742 msgstr ""
 3743 
 3744 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3745 #: sssd.conf.5.xml:3145
 3746 msgid ""
 3747 "The provider used for retrieving host identity information.  Supported "
 3748 "hostid providers are:"
 3749 msgstr ""
 3750 
 3751 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3752 #: sssd.conf.5.xml:3149
 3753 msgid ""
 3754 "<quote>ipa</quote> to load host identity stored in an IPA server. See "
 3755 "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
 3756 "manvolnum> </citerefentry> for more information on configuring IPA."
 3757 msgstr ""
 3758 
 3759 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3760 #: sssd.conf.5.xml:3157
 3761 msgid "<quote>none</quote> disables hostid explicitly."
 3762 msgstr ""
 3763 
 3764 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3765 #: sssd.conf.5.xml:3167
 3766 msgid "resolver_provider (string)"
 3767 msgstr ""
 3768 
 3769 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3770 #: sssd.conf.5.xml:3170
 3771 msgid ""
 3772 "The provider which should handle hosts and networks lookups. Supported "
 3773 "resolver providers are:"
 3774 msgstr ""
 3775 
 3776 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3777 #: sssd.conf.5.xml:3174
 3778 msgid ""
 3779 "<quote>proxy</quote> to forward lookups to another NSS library. See "
 3780 "<quote>proxy_resolver_lib_name</quote>"
 3781 msgstr ""
 3782 
 3783 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3784 #: sssd.conf.5.xml:3178
 3785 msgid ""
 3786 "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
 3787 "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
 3788 "manvolnum> </citerefentry> for more information on configuring LDAP."
 3789 msgstr ""
 3790 
 3791 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3792 #: sssd.conf.5.xml:3185
 3793 msgid ""
 3794 "<quote>ad</quote> to fetch hosts and networks stored in AD. See "
 3795 "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
 3796 "manvolnum> </citerefentry> for more information on configuring the AD "
 3797 "provider."
 3798 msgstr ""
 3799 
 3800 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3801 #: sssd.conf.5.xml:3193
 3802 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
 3803 msgstr ""
 3804 
 3805 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3806 #: sssd.conf.5.xml:3206
 3807 msgid ""
 3808 "Regular expression for this domain that describes how to parse the string "
 3809 "containing user name and domain into these components.  The \"domain\" can "
 3810 "match either the SSSD configuration domain name, or, in the case of IPA "
 3811 "trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
 3812 "the domain."
 3813 msgstr ""
 3814 
 3815 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3816 #: sssd.conf.5.xml:3215
 3817 msgid ""
 3818 "Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
 3819 "\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
 3820 "P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
 3821 "user names:"
 3822 msgstr ""
 3823 
 3824 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3825 #: sssd.conf.5.xml:3220
 3826 msgid "username"
 3827 msgstr ""
 3828 
 3829 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3830 #: sssd.conf.5.xml:3223
 3831 msgid "username@domain.name"
 3832 msgstr ""
 3833 
 3834 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 3835 #: sssd.conf.5.xml:3226
 3836 msgid "domain\\username"
 3837 msgstr ""
 3838 
 3839 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3840 #: sssd.conf.5.xml:3229
 3841 msgid ""
 3842 "While the first two correspond to the general default the third one is "
 3843 "introduced to allow easy integration of users from Windows domains."
 3844 msgstr ""
 3845 
 3846 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3847 #: sssd.conf.5.xml:3234
 3848 msgid ""
 3849 "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
 3850 "which translates to \"the name is everything up to the <quote>@</quote> "
 3851 "sign, the domain everything after that\""
 3852 msgstr ""
 3853 
 3854 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3855 #: sssd.conf.5.xml:3240
 3856 msgid ""
 3857 "NOTE: Some Active Directory groups, typically those used for MS Exchange "
 3858 "contain an <quote>@</quote> sign in the name, which clashes with the default "
 3859 "re_expression value for the AD and IPA providers. To support these groups, "
 3860 "consider changing the re_expression value to: <quote>((?P&lt;name&gt;.+)@(?"
 3861 "P&lt;domain&gt;[^@]+$))</quote>."
 3862 msgstr ""
 3863 
 3864 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3865 #: sssd.conf.5.xml:3291
 3866 msgid "Default: <quote>%1$s@%2$s</quote>."
 3867 msgstr "Default: <quote>%1$s@%2$s</quote>."
 3868 
 3869 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3870 #: sssd.conf.5.xml:3297
 3871 msgid "lookup_family_order (string)"
 3872 msgstr ""
 3873 
 3874 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3875 #: sssd.conf.5.xml:3300
 3876 msgid ""
 3877 "Provides the ability to select preferred address family to use when "
 3878 "performing DNS lookups."
 3879 msgstr ""
 3880 
 3881 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3882 #: sssd.conf.5.xml:3304
 3883 msgid "Supported values:"
 3884 msgstr ""
 3885 
 3886 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3887 #: sssd.conf.5.xml:3307
 3888 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
 3889 msgstr ""
 3890 
 3891 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3892 #: sssd.conf.5.xml:3310
 3893 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
 3894 msgstr ""
 3895 
 3896 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3897 #: sssd.conf.5.xml:3313
 3898 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
 3899 msgstr ""
 3900 
 3901 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3902 #: sssd.conf.5.xml:3316
 3903 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
 3904 msgstr ""
 3905 
 3906 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3907 #: sssd.conf.5.xml:3319
 3908 msgid "Default: ipv4_first"
 3909 msgstr "Default: ipv4_first"
 3910 
 3911 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3912 #: sssd.conf.5.xml:3325
 3913 msgid "dns_resolver_timeout (integer)"
 3914 msgstr "dns_resolver_timeout (integer)"
 3915 
 3916 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3917 #: sssd.conf.5.xml:3328
 3918 msgid ""
 3919 "Defines the amount of time (in seconds) to wait for a reply from the "
 3920 "internal fail over service before assuming that the service is unreachable. "
 3921 "If this timeout is reached, the domain will continue to operate in offline "
 3922 "mode."
 3923 msgstr ""
 3924 
 3925 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3926 #: sssd.conf.5.xml:3335
 3927 msgid ""
 3928 "Please see the section <quote>FAILOVER</quote> for more information about "
 3929 "the service resolution."
 3930 msgstr ""
 3931 
 3932 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3933 #: sssd.conf.5.xml:3346
 3934 msgid "dns_discovery_domain (string)"
 3935 msgstr "dns_discovery_domain (string)"
 3936 
 3937 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3938 #: sssd.conf.5.xml:3349
 3939 msgid ""
 3940 "If service discovery is used in the back end, specifies the domain part of "
 3941 "the service discovery DNS query."
 3942 msgstr ""
 3943 
 3944 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3945 #: sssd.conf.5.xml:3353
 3946 msgid "Default: Use the domain part of machine's hostname"
 3947 msgstr ""
 3948 
 3949 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3950 #: sssd.conf.5.xml:3359
 3951 msgid "override_gid (integer)"
 3952 msgstr "override_gid (integer)"
 3953 
 3954 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 3955 #: sssd.conf.5.xml:3362
 3956 msgid "Override the primary GID value with the one specified."
 3957 msgstr ""
 3958 
 3959 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 3960 #: sssd.conf.5.xml:3368
 3961 msgid "case_sensitive (string)"
 3962 msgstr ""
 3963 
 3964 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3965 #: sssd.conf.5.xml:3379
 3966 msgid "True"
 3967 msgstr ""
 3968 
 3969 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3970 #: sssd.conf.5.xml:3382
 3971 msgid "Case sensitive. This value is invalid for AD provider."
 3972 msgstr ""
 3973 
 3974 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3975 #: sssd.conf.5.xml:3388
 3976 msgid "False"
 3977 msgstr ""
 3978 
 3979 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3980 #: sssd.conf.5.xml:3390
 3981 msgid "Case insensitive."
 3982 msgstr ""
 3983 
 3984 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 3985 #: sssd.conf.5.xml:3394
 3986 msgid "Preserving"
 3987 msgstr ""
 3988 
 3989 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3990 #: sssd.conf.5.xml:3397
 3991 msgid ""
 3992 "Same as False (case insensitive), but does not lowercase names in the result "
 3993 "of NSS operations. Note that name aliases (and in case of services also "
 3994 "protocol names) are still lowercased in the output."
 3995 msgstr ""
 3996 
 3997 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 3998 #: sssd.conf.5.xml:3405
 3999 msgid ""
 4000 "If you want to set this value for trusted domain with IPA provider, you need "
 4001 "to set it on both the client and SSSD on the server."
 4002 msgstr ""
 4003 
 4004 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4005 #: sssd.conf.5.xml:3371
 4006 msgid ""
 4007 "Treat user and group names as case sensitive.  <phrase condition="
 4008 "\"enable_local_provider\"> At the moment, this option is not supported in "
 4009 "the local provider.  </phrase> Possible option values are: <placeholder type="
 4010 "\"variablelist\" id=\"0\"/>"
 4011 msgstr ""
 4012 
 4013 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4014 #: sssd.conf.5.xml:3415
 4015 msgid ""
 4016 "This option can be also set per subdomain or inherited via "
 4017 "<emphasis>subdomain_inherit</emphasis>."
 4018 msgstr ""
 4019 
 4020 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4021 #: sssd.conf.5.xml:3420
 4022 msgid "Default: True (False for AD provider)"
 4023 msgstr ""
 4024 
 4025 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4026 #: sssd.conf.5.xml:3426
 4027 msgid "subdomain_inherit (string)"
 4028 msgstr ""
 4029 
 4030 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4031 #: sssd.conf.5.xml:3429
 4032 msgid ""
 4033 "Specifies a list of configuration parameters that should be inherited by a "
 4034 "subdomain. Please note that only selected parameters can be inherited.  "
 4035 "Currently the following options can be inherited:"
 4036 msgstr ""
 4037 
 4038 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4039 #: sssd.conf.5.xml:3435
 4040 msgid "ignore_group_members"
 4041 msgstr ""
 4042 
 4043 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4044 #: sssd.conf.5.xml:3438
 4045 msgid "ldap_purge_cache_timeout"
 4046 msgstr ""
 4047 
 4048 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4049 #: sssd.conf.5.xml:3441 sssd-ldap.5.xml:390
 4050 msgid "ldap_use_tokengroups"
 4051 msgstr ""
 4052 
 4053 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4054 #: sssd.conf.5.xml:3444
 4055 msgid "ldap_user_principal"
 4056 msgstr ""
 4057 
 4058 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4059 #: sssd.conf.5.xml:3447
 4060 msgid ""
 4061 "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
 4062 "is not set explicitly)"
 4063 msgstr ""
 4064 
 4065 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4066 #: sssd.conf.5.xml:3451
 4067 msgid "auto_private_groups"
 4068 msgstr ""
 4069 
 4070 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4071 #: sssd.conf.5.xml:3454
 4072 msgid "case_sensitive"
 4073 msgstr ""
 4074 
 4075 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4076 #: sssd.conf.5.xml:3459
 4077 #, no-wrap
 4078 msgid ""
 4079 "subdomain_inherit = ldap_purge_cache_timeout\n"
 4080 "                            "
 4081 msgstr ""
 4082 
 4083 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4084 #: sssd.conf.5.xml:3466
 4085 msgid "Note: This option only works with the IPA and AD provider."
 4086 msgstr ""
 4087 
 4088 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4089 #: sssd.conf.5.xml:3473
 4090 msgid "subdomain_homedir (string)"
 4091 msgstr ""
 4092 
 4093 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4094 #: sssd.conf.5.xml:3484
 4095 msgid "%F"
 4096 msgstr ""
 4097 
 4098 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4099 #: sssd.conf.5.xml:3485
 4100 msgid "flat (NetBIOS) name of a subdomain."
 4101 msgstr ""
 4102 
 4103 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4104 #: sssd.conf.5.xml:3476
 4105 msgid ""
 4106 "Use this homedir as default value for all subdomains within this domain in "
 4107 "IPA AD trust.  See <emphasis>override_homedir</emphasis> for info about "
 4108 "possible values. In addition to those, the expansion below can only be used "
 4109 "with <emphasis>subdomain_homedir</emphasis>.  <placeholder type="
 4110 "\"variablelist\" id=\"0\"/>"
 4111 msgstr ""
 4112 
 4113 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4114 #: sssd.conf.5.xml:3490
 4115 msgid ""
 4116 "The value can be overridden by <emphasis>override_homedir</emphasis> option."
 4117 msgstr ""
 4118 
 4119 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4120 #: sssd.conf.5.xml:3494
 4121 msgid "Default: <filename>/home/%d/%u</filename>"
 4122 msgstr ""
 4123 
 4124 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4125 #: sssd.conf.5.xml:3499
 4126 msgid "realmd_tags (string)"
 4127 msgstr ""
 4128 
 4129 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4130 #: sssd.conf.5.xml:3502
 4131 msgid ""
 4132 "Various tags stored by the realmd configuration service for this domain."
 4133 msgstr ""
 4134 
 4135 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4136 #: sssd.conf.5.xml:3508
 4137 msgid "cached_auth_timeout (int)"
 4138 msgstr ""
 4139 
 4140 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4141 #: sssd.conf.5.xml:3511
 4142 msgid ""
 4143 "Specifies time in seconds since last successful online authentication for "
 4144 "which user will be authenticated using cached credentials while SSSD is in "
 4145 "the online mode. If the credentials are incorrect, SSSD falls back to online "
 4146 "authentication."
 4147 msgstr ""
 4148 
 4149 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4150 #: sssd.conf.5.xml:3519
 4151 msgid ""
 4152 "This option's value is inherited by all trusted domains. At the moment it is "
 4153 "not possible to set a different value per trusted domain."
 4154 msgstr ""
 4155 
 4156 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4157 #: sssd.conf.5.xml:3524
 4158 msgid "Special value 0 implies that this feature is disabled."
 4159 msgstr ""
 4160 
 4161 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4162 #: sssd.conf.5.xml:3528
 4163 msgid ""
 4164 "Please note that if <quote>cached_auth_timeout</quote> is longer than "
 4165 "<quote>pam_id_timeout</quote> then the back end could be called to handle "
 4166 "<quote>initgroups.</quote>"
 4167 msgstr ""
 4168 
 4169 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4170 #: sssd.conf.5.xml:3539
 4171 msgid "auto_private_groups (string)"
 4172 msgstr ""
 4173 
 4174 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4175 #: sssd.conf.5.xml:3545
 4176 msgid "true"
 4177 msgstr ""
 4178 
 4179 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4180 #: sssd.conf.5.xml:3548
 4181 msgid ""
 4182 "Create user's private group unconditionally from user's UID number.  The GID "
 4183 "number is ignored in this case."
 4184 msgstr ""
 4185 
 4186 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4187 #: sssd.conf.5.xml:3552
 4188 msgid ""
 4189 "NOTE: Because the GID number and the user private group are inferred from "
 4190 "the UID number, it is not supported to have multiple entries with the same "
 4191 "UID or GID number with this option. In other words, enabling this option "
 4192 "enforces uniqueness across the ID space."
 4193 msgstr ""
 4194 
 4195 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4196 #: sssd.conf.5.xml:3561
 4197 msgid "false"
 4198 msgstr ""
 4199 
 4200 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4201 #: sssd.conf.5.xml:3564
 4202 msgid ""
 4203 "Always use the user's primary GID number. The GID number must refer to a "
 4204 "group object in the LDAP database."
 4205 msgstr ""
 4206 
 4207 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4208 #: sssd.conf.5.xml:3570
 4209 msgid "hybrid"
 4210 msgstr ""
 4211 
 4212 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4213 #: sssd.conf.5.xml:3573
 4214 msgid ""
 4215 "A primary group is autogenerated for user entries whose UID and GID numbers "
 4216 "have the same value and at the same time the GID number does not correspond "
 4217 "to a real group object in LDAP.  If the values are the same, but the primary "
 4218 "GID in the user entry is also used by a group object, the primary GID of the "
 4219 "user resolves to that group object."
 4220 msgstr ""
 4221 
 4222 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4223 #: sssd.conf.5.xml:3586
 4224 msgid ""
 4225 "If the UID and GID of a user are different, then the GID must correspond to "
 4226 "a group entry, otherwise the GID is simply not resolvable."
 4227 msgstr ""
 4228 
 4229 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4230 #: sssd.conf.5.xml:3593
 4231 msgid ""
 4232 "This feature is useful for environments that wish to stop maintaining a "
 4233 "separate group objects for the user private groups, but also wish to retain "
 4234 "the existing user private groups."
 4235 msgstr ""
 4236 
 4237 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4238 #: sssd.conf.5.xml:3542
 4239 msgid ""
 4240 "This option takes any of three available values: <placeholder type="
 4241 "\"variablelist\" id=\"0\"/>"
 4242 msgstr ""
 4243 
 4244 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4245 #: sssd.conf.5.xml:3605
 4246 msgid ""
 4247 "For subdomains, the default value is False for subdomains that use assigned "
 4248 "POSIX IDs and True for subdomains that use automatic ID-mapping."
 4249 msgstr ""
 4250 
 4251 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4252 #: sssd.conf.5.xml:3613
 4253 #, no-wrap
 4254 msgid ""
 4255 "[domain/forest.domain/sub.domain]\n"
 4256 "auto_private_groups = false\n"
 4257 msgstr ""
 4258 
 4259 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 4260 #: sssd.conf.5.xml:3619
 4261 #, no-wrap
 4262 msgid ""
 4263 "[domain/forest.domain]\n"
 4264 "subdomain_inherit = auto_private_groups\n"
 4265 "auto_private_groups = false\n"
 4266 msgstr ""
 4267 
 4268 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4269 #: sssd.conf.5.xml:3610
 4270 msgid ""
 4271 "The value of auto_private_groups can either be set per subdomains in a "
 4272 "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
 4273 "globally for all subdomains in the main domain section using the "
 4274 "subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>"
 4275 msgstr ""
 4276 
 4277 #. type: Content of: <reference><refentry><refsect1><para>
 4278 #: sssd.conf.5.xml:2233
 4279 msgid ""
 4280 "These configuration options can be present in a domain configuration "
 4281 "section, that is, in a section called <quote>[domain/<replaceable>NAME</"
 4282 "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
 4283 msgstr ""
 4284 
 4285 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4286 #: sssd.conf.5.xml:3634
 4287 msgid "proxy_pam_target (string)"
 4288 msgstr "proxy_pam_target (string)"
 4289 
 4290 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4291 #: sssd.conf.5.xml:3637
 4292 msgid "The proxy target PAM proxies to."
 4293 msgstr ""
 4294 
 4295 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4296 #: sssd.conf.5.xml:3640
 4297 msgid ""
 4298 "Default: not set by default, you have to take an existing pam configuration "
 4299 "or create a new one and add the service name here."
 4300 msgstr ""
 4301 
 4302 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4303 #: sssd.conf.5.xml:3648
 4304 msgid "proxy_lib_name (string)"
 4305 msgstr "proxy_lib_name (string)"
 4306 
 4307 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4308 #: sssd.conf.5.xml:3651
 4309 msgid ""
 4310 "The name of the NSS library to use in proxy domains. The NSS functions "
 4311 "searched for in the library are in the form of _nss_$(libName)_$(function), "
 4312 "for example _nss_files_getpwent."
 4313 msgstr ""
 4314 
 4315 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4316 #: sssd.conf.5.xml:3661
 4317 msgid "proxy_resolver_lib_name (string)"
 4318 msgstr ""
 4319 
 4320 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4321 #: sssd.conf.5.xml:3664
 4322 msgid ""
 4323 "The name of the NSS library to use for hosts and networks lookups in proxy "
 4324 "domains. The NSS functions searched for in the library are in the form of "
 4325 "_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r."
 4326 msgstr ""
 4327 
 4328 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4329 #: sssd.conf.5.xml:3675
 4330 msgid "proxy_fast_alias (boolean)"
 4331 msgstr ""
 4332 
 4333 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4334 #: sssd.conf.5.xml:3678
 4335 msgid ""
 4336 "When a user or group is looked up by name in the proxy provider, a second "
 4337 "lookup by ID is performed to \"canonicalize\" the name in case the requested "
 4338 "name was an alias. Setting this option to true would cause the SSSD to "
 4339 "perform the ID lookup from cache for performance reasons."
 4340 msgstr ""
 4341 
 4342 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4343 #: sssd.conf.5.xml:3692
 4344 msgid "proxy_max_children (integer)"
 4345 msgstr ""
 4346 
 4347 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4348 #: sssd.conf.5.xml:3695
 4349 msgid ""
 4350 "This option specifies the number of pre-forked proxy children. It is useful "
 4351 "for high-load SSSD environments where sssd may run out of available child "
 4352 "slots, which would cause some issues due to the requests being queued."
 4353 msgstr ""
 4354 
 4355 #. type: Content of: <reference><refentry><refsect1><para>
 4356 #: sssd.conf.5.xml:3630
 4357 msgid ""
 4358 "Options valid for proxy domains.  <placeholder type=\"variablelist\" id="
 4359 "\"0\"/>"
 4360 msgstr ""
 4361 
 4362 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4363 #: sssd.conf.5.xml:3711
 4364 msgid "Application domains"
 4365 msgstr ""
 4366 
 4367 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4368 #: sssd.conf.5.xml:3713
 4369 msgid ""
 4370 "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
 4371 "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
 4372 "applications as a gateway to an LDAP directory where users and groups are "
 4373 "stored. However, contrary to the traditional SSSD deployment where all users "
 4374 "and groups either have POSIX attributes or those attributes can be inferred "
 4375 "from the Windows SIDs, in many cases the users and groups in the application "
 4376 "support scenario have no POSIX attributes.  Instead of setting a "
 4377 "<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
 4378 "administrator can set up an <quote>[application/<replaceable>NAME</"
 4379 "replaceable>]</quote> section that internally represents a domain with type "
 4380 "<quote>application</quote> optionally inherits settings from a tradition "
 4381 "SSSD domain."
 4382 msgstr ""
 4383 
 4384 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4385 #: sssd.conf.5.xml:3733
 4386 msgid ""
 4387 "Please note that the application domain must still be explicitly enabled in "
 4388 "the <quote>domains</quote> parameter so that the lookup order between the "
 4389 "application domain and its POSIX sibling domain is set correctly."
 4390 msgstr ""
 4391 
 4392 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
 4393 #: sssd.conf.5.xml:3739
 4394 msgid "Application domain parameters"
 4395 msgstr ""
 4396 
 4397 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4398 #: sssd.conf.5.xml:3741
 4399 msgid "inherit_from (string)"
 4400 msgstr ""
 4401 
 4402 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4403 #: sssd.conf.5.xml:3744
 4404 msgid ""
 4405 "The SSSD POSIX-type domain the application domain inherits all settings "
 4406 "from. The application domain can moreover add its own settings to the "
 4407 "application settings that augment or override the <quote>sibling</quote> "
 4408 "domain settings."
 4409 msgstr ""
 4410 
 4411 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4412 #: sssd.conf.5.xml:3758
 4413 msgid ""
 4414 "The following example illustrates the use of an application domain. In this "
 4415 "setup, the POSIX domain is connected to an LDAP server and is used by the OS "
 4416 "through the NSS responder. In addition, the application domain also requests "
 4417 "the telephoneNumber attribute, stores it as the phone attribute in the cache "
 4418 "and makes the phone attribute reachable through the D-Bus interface."
 4419 msgstr ""
 4420 
 4421 #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
 4422 #: sssd.conf.5.xml:3766
 4423 #, no-wrap
 4424 msgid ""
 4425 "[sssd]\n"
 4426 "domains = appdom, posixdom\n"
 4427 "\n"
 4428 "[ifp]\n"
 4429 "user_attributes = +phone\n"
 4430 "\n"
 4431 "[domain/posixdom]\n"
 4432 "id_provider = ldap\n"
 4433 "ldap_uri = ldap://ldap.example.com\n"
 4434 "ldap_search_base = dc=example,dc=com\n"
 4435 "\n"
 4436 "[application/appdom]\n"
 4437 "inherit_from = posixdom\n"
 4438 "ldap_user_extra_attrs = phone:telephoneNumber\n"
 4439 msgstr ""
 4440 
 4441 #. type: Content of: <reference><refentry><refsect1><refsect2><title>
 4442 #: sssd.conf.5.xml:3784
 4443 msgid "The local domain section"
 4444 msgstr "A secção de domínio local"
 4445 
 4446 #. type: Content of: <reference><refentry><refsect1><refsect2><para>
 4447 #: sssd.conf.5.xml:3786
 4448 msgid ""
 4449 "This section contains settings for domain that stores users and groups in "
 4450 "SSSD native database, that is, a domain that uses "
 4451 "<replaceable>id_provider=local</replaceable>."
 4452 msgstr ""
 4453 
 4454 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4455 #: sssd.conf.5.xml:3793
 4456 msgid "default_shell (string)"
 4457 msgstr "default_shell (string)"
 4458 
 4459 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4460 #: sssd.conf.5.xml:3796
 4461 msgid "The default shell for users created with SSSD userspace tools."
 4462 msgstr ""
 4463 
 4464 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4465 #: sssd.conf.5.xml:3800
 4466 msgid "Default: <filename>/bin/bash</filename>"
 4467 msgstr "Padrão: <filename>bash/bin/bash</filename>"
 4468 
 4469 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4470 #: sssd.conf.5.xml:3805
 4471 msgid "base_directory (string)"
 4472 msgstr "base_directory (string)"
 4473 
 4474 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4475 #: sssd.conf.5.xml:3808
 4476 msgid ""
 4477 "The tools append the login name to <replaceable>base_directory</replaceable> "
 4478 "and use that as the home directory."
 4479 msgstr ""
 4480 
 4481 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4482 #: sssd.conf.5.xml:3813
 4483 msgid "Default: <filename>/home</filename>"
 4484 msgstr "Padrão: <filename>/ home</filename>"
 4485 
 4486 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4487 #: sssd.conf.5.xml:3818
 4488 msgid "create_homedir (bool)"
 4489 msgstr "create_homedir (bool)"
 4490 
 4491 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4492 #: sssd.conf.5.xml:3821
 4493 msgid ""
 4494 "Indicate if a home directory should be created by default for new users.  "
 4495 "Can be overridden on command line."
 4496 msgstr ""
 4497 
 4498 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4499 #: sssd.conf.5.xml:3825 sssd.conf.5.xml:3837
 4500 msgid "Default: TRUE"
 4501 msgstr "Padrão: TRUE"
 4502 
 4503 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4504 #: sssd.conf.5.xml:3830
 4505 msgid "remove_homedir (bool)"
 4506 msgstr "remove_homedir (bool)"
 4507 
 4508 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4509 #: sssd.conf.5.xml:3833
 4510 msgid ""
 4511 "Indicate if a home directory should be removed by default for deleted "
 4512 "users.  Can be overridden on command line."
 4513 msgstr ""
 4514 
 4515 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4516 #: sssd.conf.5.xml:3842
 4517 msgid "homedir_umask (integer)"
 4518 msgstr "homedir_umask (integer)"
 4519 
 4520 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4521 #: sssd.conf.5.xml:3845
 4522 msgid ""
 4523 "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
 4524 "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
 4525 "on a newly created home directory."
 4526 msgstr ""
 4527 
 4528 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4529 #: sssd.conf.5.xml:3853
 4530 msgid "Default: 077"
 4531 msgstr "Padrão: 077"
 4532 
 4533 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4534 #: sssd.conf.5.xml:3858
 4535 msgid "skel_dir (string)"
 4536 msgstr "skel_dir (string)"
 4537 
 4538 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4539 #: sssd.conf.5.xml:3861
 4540 msgid ""
 4541 "The skeleton directory, which contains files and directories to be copied in "
 4542 "the user's home directory, when the home directory is created by "
 4543 "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
 4544 "manvolnum> </citerefentry>"
 4545 msgstr ""
 4546 
 4547 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4548 #: sssd.conf.5.xml:3871
 4549 msgid "Default: <filename>/etc/skel</filename>"
 4550 msgstr "Padrão: <filename>skel/etc/skel</filename>"
 4551 
 4552 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4553 #: sssd.conf.5.xml:3876
 4554 msgid "mail_dir (string)"
 4555 msgstr "mail_dir (string)"
 4556 
 4557 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4558 #: sssd.conf.5.xml:3879
 4559 msgid ""
 4560 "The mail spool directory. This is needed to manipulate the mailbox when its "
 4561 "corresponding user account is modified or deleted.  If not specified, a "
 4562 "default value is used."
 4563 msgstr ""
 4564 
 4565 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4566 #: sssd.conf.5.xml:3886
 4567 msgid "Default: <filename>/var/mail</filename>"
 4568 msgstr "Padrão: <filename>mail/var/mail</filename>"
 4569 
 4570 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
 4571 #: sssd.conf.5.xml:3891
 4572 msgid "userdel_cmd (string)"
 4573 msgstr "userdel_cmd (string)"
 4574 
 4575 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4576 #: sssd.conf.5.xml:3894
 4577 msgid ""
 4578 "The command that is run after a user is removed.  The command us passed the "
 4579 "username of the user being removed as the first and only parameter. The "
 4580 "return code of the command is not taken into account."
 4581 msgstr ""
 4582 
 4583 #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
 4584 #: sssd.conf.5.xml:3900
 4585 msgid "Default: None, no command is run"
 4586 msgstr "Padrão: None, nenhum comando é executado"
 4587 
 4588 #. type: Content of: <reference><refentry><refsect1><title>
 4589 #: sssd.conf.5.xml:3910
 4590 msgid "TRUSTED DOMAIN SECTION"
 4591 msgstr ""
 4592 
 4593 #. type: Content of: <reference><refentry><refsect1><para>
 4594 #: sssd.conf.5.xml:3912
 4595 msgid ""
 4596 "Some options used in the domain section can also be used in the trusted "
 4597 "domain section, that is, in a section called <quote>[domain/"
 4598 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
 4599 "replaceable>]</quote>.  Where DOMAIN_NAME is the actual joined-to base "
 4600 "domain. Please refer to examples below for explanation.  Currently supported "
 4601 "options in the trusted domain section are:"
 4602 msgstr ""
 4603 
 4604 #. type: Content of: <reference><refentry><refsect1><para>
 4605 #: sssd.conf.5.xml:3919
 4606 msgid "ldap_search_base,"
 4607 msgstr ""
 4608 
 4609 #. type: Content of: <reference><refentry><refsect1><para>
 4610 #: sssd.conf.5.xml:3920
 4611 msgid "ldap_user_search_base,"
 4612 msgstr ""
 4613 
 4614 #. type: Content of: <reference><refentry><refsect1><para>
 4615 #: sssd.conf.5.xml:3921
 4616 msgid "ldap_group_search_base,"
 4617 msgstr ""
 4618 
 4619 #. type: Content of: <reference><refentry><refsect1><para>
 4620 #: sssd.conf.5.xml:3922
 4621 msgid "ldap_netgroup_search_base,"
 4622 msgstr ""
 4623 
 4624 #. type: Content of: <reference><refentry><refsect1><para>
 4625 #: sssd.conf.5.xml:3923
 4626 msgid "ldap_service_search_base,"
 4627 msgstr ""
 4628 
 4629 #. type: Content of: <reference><refentry><refsect1><para>
 4630 #: sssd.conf.5.xml:3924
 4631 msgid "ldap_sasl_mech,"
 4632 msgstr ""
 4633 
 4634 #. type: Content of: <reference><refentry><refsect1><para>
 4635 #: sssd.conf.5.xml:3925
 4636 msgid "ad_server,"
 4637 msgstr ""
 4638 
 4639 #. type: Content of: <reference><refentry><refsect1><para>
 4640 #: sssd.conf.5.xml:3926
 4641 msgid "ad_backup_server,"
 4642 msgstr ""
 4643 
 4644 #. type: Content of: <reference><refentry><refsect1><para>
 4645 #: sssd.conf.5.xml:3927
 4646 msgid "ad_site,"
 4647 msgstr ""
 4648 
 4649 #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
 4650 #: sssd.conf.5.xml:3928 sssd-ipa.5.xml:811
 4651 msgid "use_fully_qualified_names"
 4652 msgstr ""
 4653 
 4654 #. type: Content of: <reference><refentry><refsect1><para>
 4655 #: sssd.conf.5.xml:3932
 4656 msgid ""
 4657 "For more details about these options see their individual description in the "
 4658 "manual page."
 4659 msgstr ""
 4660 
 4661 #. type: Content of: <reference><refentry><refsect1><title>
 4662 #: sssd.conf.5.xml:3938
 4663 msgid "CERTIFICATE MAPPING SECTION"
 4664 msgstr ""
 4665 
 4666 #. type: Content of: <reference><refentry><refsect1><para>
 4667 #: sssd.conf.5.xml:3940
 4668 msgid ""
 4669 "To allow authentication with Smartcards and certificates SSSD must be able "
 4670 "to map certificates to users. This can be done by adding the full "
 4671 "certificate to the LDAP object of the user or to a local override. While "
 4672 "using the full certificate is required to use the Smartcard authentication "
 4673 "feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
 4674 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it "
 4675 "might be cumbersome or not even possible to do this for the general case "
 4676 "where local services use PAM for authentication."
 4677 msgstr ""
 4678 
 4679 #. type: Content of: <reference><refentry><refsect1><para>
 4680 #: sssd.conf.5.xml:3954
 4681 msgid ""
 4682 "To make the mapping more flexible mapping and matching rules were added to "
 4683 "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
 4684 "<manvolnum>5</manvolnum> </citerefentry> for details)."
 4685 msgstr ""
 4686 
 4687 #. type: Content of: <reference><refentry><refsect1><para>
 4688 #: sssd.conf.5.xml:3963
 4689 msgid ""
 4690 "A mapping and matching rule can be added to the SSSD configuration in a "
 4691 "section on its own with a name like <quote>[certmap/"
 4692 "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</"
 4693 "replaceable>]</quote>.  In this section the following options are allowed:"
 4694 msgstr ""
 4695 
 4696 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4697 #: sssd.conf.5.xml:3970
 4698 msgid "matchrule (string)"
 4699 msgstr ""
 4700 
 4701 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4702 #: sssd.conf.5.xml:3973
 4703 msgid ""
 4704 "Only certificates from the Smartcard which matches this rule will be "
 4705 "processed, all others are ignored."
 4706 msgstr ""
 4707 
 4708 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4709 #: sssd.conf.5.xml:3977
 4710 msgid ""
 4711 "Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
 4712 "Extended Key Usage <quote>clientAuth</quote>"
 4713 msgstr ""
 4714 
 4715 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4716 #: sssd.conf.5.xml:3984
 4717 msgid "maprule (string)"
 4718 msgstr ""
 4719 
 4720 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4721 #: sssd.conf.5.xml:3987
 4722 msgid "Defines how the user is found for a given certificate."
 4723 msgstr ""
 4724 
 4725 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4726 #: sssd.conf.5.xml:3993
 4727 msgid ""
 4728 "LDAP:(userCertificate;binary={cert!bin})  for LDAP based providers like "
 4729 "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
 4730 msgstr ""
 4731 
 4732 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 4733 #: sssd.conf.5.xml:3999
 4734 msgid ""
 4735 "The RULE_NAME for the <quote>files</quote> provider which tries to find a "
 4736 "user with the same name."
 4737 msgstr ""
 4738 
 4739 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4740 #: sssd.conf.5.xml:4008
 4741 msgid "domains (string)"
 4742 msgstr ""
 4743 
 4744 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4745 #: sssd.conf.5.xml:4011
 4746 msgid ""
 4747 "Comma separated list of domain names the rule should be applied. By default "
 4748 "a rule is only valid in the domain configured in sssd.conf. If the provider "
 4749 "supports subdomains this option can be used to add the rule to subdomains as "
 4750 "well."
 4751 msgstr ""
 4752 
 4753 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4754 #: sssd.conf.5.xml:4018
 4755 msgid "Default: the configured domain in sssd.conf"
 4756 msgstr ""
 4757 
 4758 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
 4759 #: sssd.conf.5.xml:4023
 4760 msgid "priority (integer)"
 4761 msgstr ""
 4762 
 4763 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4764 #: sssd.conf.5.xml:4026
 4765 msgid ""
 4766 "Unsigned integer value defining the priority of the rule. The higher the "
 4767 "number the lower the priority.  <quote>0</quote> stands for the highest "
 4768 "priority while <quote>4294967295</quote> is the lowest."
 4769 msgstr ""
 4770 
 4771 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 4772 #: sssd.conf.5.xml:4032
 4773 msgid "Default: the lowest priority"
 4774 msgstr ""
 4775 
 4776 #. type: Content of: <reference><refentry><refsect1><para>
 4777 #: sssd.conf.5.xml:4038
 4778 msgid ""
 4779 "To make the configuration simple and reduce the amount of configuration "
 4780 "options the <quote>files</quote> provider has some special properties:"
 4781 msgstr ""
 4782 
 4783 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4784 #: sssd.conf.5.xml:4044
 4785 msgid ""
 4786 "if maprule is not set the RULE_NAME name is assumed to be the name of the "
 4787 "matching user"
 4788 msgstr ""
 4789 
 4790 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4791 #: sssd.conf.5.xml:4050
 4792 msgid ""
 4793 "if a maprule is used both a single user name or a template like "
 4794 "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
 4795 "<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</"
 4796 "quote>"
 4797 msgstr ""
 4798 
 4799 #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
 4800 #: sssd.conf.5.xml:4059
 4801 msgid "the <quote>domains</quote> option is ignored"
 4802 msgstr ""
 4803 
 4804 #. type: Content of: <reference><refentry><refsect1><title>
 4805 #: sssd.conf.5.xml:4067
 4806 msgid "PROMPTING CONFIGURATION SECTION"
 4807 msgstr ""
 4808 
 4809 #. type: Content of: <reference><refentry><refsect1><para>
 4810 #: sssd.conf.5.xml:4069
 4811 msgid ""
 4812 "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
 4813 "filename>)  exists SSSD's PAM module pam_sss will ask SSSD to figure out "
 4814 "which authentication methods are available for the user trying to log in.  "
 4815 "Based on the results pam_sss will prompt the user for appropriate "
 4816 "credentials."
 4817 msgstr ""
 4818 
 4819 #. type: Content of: <reference><refentry><refsect1><para>
 4820 #: sssd.conf.5.xml:4077
 4821 msgid ""
 4822 "With the growing number of authentication methods and the possibility that "
 4823 "there are multiple ones for a single user the heuristic used by pam_sss to "
 4824 "select the prompting might not be suitable for all use cases. The following "
 4825 "options should provide a better flexibility here."
 4826 msgstr ""
 4827 
 4828 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4829 #: sssd.conf.5.xml:4089
 4830 msgid "[prompting/password]"
 4831 msgstr ""
 4832 
 4833 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4834 #: sssd.conf.5.xml:4092
 4835 msgid "password_prompt"
 4836 msgstr ""
 4837 
 4838 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4839 #: sssd.conf.5.xml:4093
 4840 msgid "to change the string of the password prompt"
 4841 msgstr ""
 4842 
 4843 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4844 #: sssd.conf.5.xml:4091
 4845 msgid ""
 4846 "to configure password prompting, allowed options are: <placeholder type="
 4847 "\"variablelist\" id=\"0\"/>"
 4848 msgstr ""
 4849 
 4850 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 4851 #: sssd.conf.5.xml:4101
 4852 msgid "[prompting/2fa]"
 4853 msgstr ""
 4854 
 4855 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4856 #: sssd.conf.5.xml:4105
 4857 msgid "first_prompt"
 4858 msgstr ""
 4859 
 4860 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4861 #: sssd.conf.5.xml:4106
 4862 msgid "to change the string of the prompt for the first factor"
 4863 msgstr ""
 4864 
 4865 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4866 #: sssd.conf.5.xml:4109
 4867 msgid "second_prompt"
 4868 msgstr ""
 4869 
 4870 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4871 #: sssd.conf.5.xml:4110
 4872 msgid "to change the string of the prompt for the second factor"
 4873 msgstr ""
 4874 
 4875 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
 4876 #: sssd.conf.5.xml:4113
 4877 msgid "single_prompt"
 4878 msgstr ""
 4879 
 4880 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
 4881 #: sssd.conf.5.xml:4114
 4882 msgid ""
 4883 "boolean value, if True there will be only a single prompt using the value of "
 4884 "first_prompt where it is expected that both factors are entered as a single "
 4885 "string"
 4886 msgstr ""
 4887 
 4888 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 4889 #: sssd.conf.5.xml:4103
 4890 msgid ""
 4891 "to configure two-factor authentication prompting, allowed options are: "
 4892 "<placeholder type=\"variablelist\" id=\"0\"/>"
 4893 msgstr ""
 4894 
 4895 #. type: Content of: <reference><refentry><refsect1><para>
 4896 #: sssd.conf.5.xml:4084
 4897 msgid ""
 4898 "Each supported authentication method has its own configuration subsection "
 4899 "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
 4900 "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>"
 4901 msgstr ""
 4902 
 4903 #. type: Content of: <reference><refentry><refsect1><para>
 4904 #: sssd.conf.5.xml:4126
 4905 msgid ""
 4906 "It is possible to add a subsection for specific PAM services, e.g. "
 4907 "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
 4908 "for this service."
 4909 msgstr ""
 4910 
 4911 #. type: Content of: <reference><refentry><refsect1><title>
 4912 #: sssd.conf.5.xml:4133 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
 4913 msgid "EXAMPLES"
 4914 msgstr ""
 4915 
 4916 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4917 #: sssd.conf.5.xml:4139
 4918 #, no-wrap
 4919 msgid ""
 4920 "[sssd]\n"
 4921 "domains = LDAP\n"
 4922 "services = nss, pam\n"
 4923 "config_file_version = 2\n"
 4924 "\n"
 4925 "[nss]\n"
 4926 "filter_groups = root\n"
 4927 "filter_users = root\n"
 4928 "\n"
 4929 "[pam]\n"
 4930 "\n"
 4931 "[domain/LDAP]\n"
 4932 "id_provider = ldap\n"
 4933 "ldap_uri = ldap://ldap.example.com\n"
 4934 "ldap_search_base = dc=example,dc=com\n"
 4935 "\n"
 4936 "auth_provider = krb5\n"
 4937 "krb5_server = kerberos.example.com\n"
 4938 "krb5_realm = EXAMPLE.COM\n"
 4939 "cache_credentials = true\n"
 4940 "\n"
 4941 "min_id = 10000\n"
 4942 "max_id = 20000\n"
 4943 "enumerate = False\n"
 4944 msgstr ""
 4945 "[sssd]\n"
 4946 "domains = LDAP\n"
 4947 "services = nss, pam\n"
 4948 "config_file_version = 2\n"
 4949 "\n"
 4950 "[nss]\n"
 4951 "filter_groups = root\n"
 4952 "filter_users = root\n"
 4953 "\n"
 4954 "[pam]\n"
 4955 "\n"
 4956 "[domain/LDAP]\n"
 4957 "id_provider = ldap\n"
 4958 "ldap_uri = ldap://ldap.example.com\n"
 4959 "ldap_search_base = dc=example,dc=com\n"
 4960 "\n"
 4961 "auth_provider = krb5\n"
 4962 "krb5_server = kerberos.example.com\n"
 4963 "krb5_realm = EXAMPLE.COM\n"
 4964 "cache_credentials = true\n"
 4965 "\n"
 4966 "min_id = 10000\n"
 4967 "max_id = 20000\n"
 4968 "enumerate = False\n"
 4969 
 4970 #. type: Content of: <reference><refentry><refsect1><para>
 4971 #: sssd.conf.5.xml:4135
 4972 msgid ""
 4973 "1. The following example shows a typical SSSD config. It does not describe "
 4974 "configuration of the domains themselves - refer to documentation on "
 4975 "configuring domains for more details.  <placeholder type=\"programlisting\" "
 4976 "id=\"0\"/>"
 4977 msgstr ""
 4978 
 4979 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4980 #: sssd.conf.5.xml:4172
 4981 #, no-wrap
 4982 msgid ""
 4983 "[domain/ipa.com/child.ad.com]\n"
 4984 "use_fully_qualified_names = false\n"
 4985 msgstr ""
 4986 
 4987 #. type: Content of: <reference><refentry><refsect1><para>
 4988 #: sssd.conf.5.xml:4166
 4989 msgid ""
 4990 "2. The following example shows configuration of IPA AD trust where the AD "
 4991 "forest consists of two domains in a parent-child structure.  Suppose IPA "
 4992 "domain (ipa.com) has trust with AD domain(ad.com).  ad.com has child domain "
 4993 "(child.ad.com). To enable shortnames in the child domain the following "
 4994 "configuration should be used.  <placeholder type=\"programlisting\" id=\"0\"/"
 4995 ">"
 4996 msgstr ""
 4997 
 4998 #. type: Content of: <reference><refentry><refsect1><para><programlisting>
 4999 #: sssd.conf.5.xml:4186
 5000 #, no-wrap
 5001 msgid ""
 5002 "[certmap/my.domain/rule_name]\n"
 5003 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$\n"
 5004 "maprule = (userCertificate;binary={cert!bin})\n"
 5005 "domains = my.domain, your.domain\n"
 5006 "priority = 10\n"
 5007 "\n"
 5008 "[certmap/files/myname]\n"
 5009 "matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$&lt;SUBJECT&gt;^CN=User.Name,DC=MY,DC=DOMAIN$\n"
 5010 msgstr ""
 5011 
 5012 #. type: Content of: <reference><refentry><refsect1><para>
 5013 #: sssd.conf.5.xml:4177
 5014 msgid ""
 5015 "3. The following example shows the configuration for two certificate mapping "
 5016 "rules. The first is valid for the configured domain <quote>my.domain</quote> "
 5017 "and additionally for the subdomains <quote>your.domain</quote> and uses the "
 5018 "full certificate in the search filter. The second example is valid for the "
 5019 "domain <quote>files</quote> where it is assumed the files provider is used "
 5020 "for this domain and contains a matching rule for the local user "
 5021 "<quote>myname</quote>.  <placeholder type=\"programlisting\" id=\"0\"/>"
 5022 msgstr ""
 5023 
 5024 #. type: Content of: <reference><refentry><refnamediv><refname>
 5025 #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
 5026 msgid "sssd-ldap"
 5027 msgstr "sssd-ldap"
 5028 
 5029 #. type: Content of: <reference><refentry><refnamediv><refpurpose>
 5030 #: sssd-ldap.5.xml:17
 5031 msgid "SSSD LDAP provider"
 5032 msgstr ""
 5033 
 5034 #. type: Content of: <reference><refentry><refsect1><para>
 5035 #: sssd-ldap.5.xml:23
 5036 msgid ""
 5037 "This manual page describes the configuration of LDAP domains for "
 5038 "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
 5039 "</citerefentry>.  Refer to the <quote>FILE FORMAT</quote> section of the "
 5040 "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 5041 "manvolnum> </citerefentry> manual page for detailed syntax information."
 5042 msgstr ""
 5043 
 5044 #. type: Content of: <reference><refentry><refsect1><para>
 5045 #: sssd-ldap.5.xml:35
 5046 msgid "You can configure SSSD to use more than one LDAP domain."
 5047 msgstr ""
 5048 
 5049 #. type: Content of: <reference><refentry><refsect1><para>
 5050 #: sssd-ldap.5.xml:38
 5051 msgid ""
 5052 "LDAP back end supports id, auth, access and chpass providers. If you want to "
 5053 "authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
 5054 "<command>sssd</command> <emphasis>does not</emphasis> support authentication "
 5055 "over an unencrypted channel.  If the LDAP server is used only as an identity "
 5056 "provider, an encrypted channel is not needed. Please refer to "
 5057 "<quote>ldap_access_filter</quote> config option for more information about "
 5058 "using LDAP as an access provider."
 5059 msgstr ""
 5060 
 5061 #. type: Content of: <reference><refentry><refsect1><title>
 5062 #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:115
 5063 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:78
 5064 #: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:166
 5065 msgid "CONFIGURATION OPTIONS"
 5066 msgstr "OPÇÕES DE CONFIGURAÇÃO"
 5067 
 5068 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5069 #: sssd-ldap.5.xml:66
 5070 msgid "ldap_uri, ldap_backup_uri (string)"
 5071 msgstr ""
 5072 
 5073 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5074 #: sssd-ldap.5.xml:69
 5075 msgid ""
 5076 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5077 "should connect in the order of preference. Refer to the <quote>FAILOVER</"
 5078 "quote> section for more information on failover and server redundancy.  If "
 5079 "neither option is specified, service discovery is enabled. For more "
 5080 "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
 5081 msgstr ""
 5082 
 5083 #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
 5084 #: sssd-ldap.5.xml:76 sssd-secrets.5.xml:264
 5085 msgid "The format of the URI must match the format defined in RFC 2732:"
 5086 msgstr ""
 5087 
 5088 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5089 #: sssd-ldap.5.xml:79
 5090 msgid "ldap[s]://&lt;host&gt;[:port]"
 5091 msgstr "ldap[s]://&lt;host&gt;[:port]"
 5092 
 5093 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5094 #: sssd-ldap.5.xml:82
 5095 msgid ""
 5096 "For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
 5097 msgstr ""
 5098 
 5099 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5100 #: sssd-ldap.5.xml:85
 5101 msgid "example: ldap://[fc00::126:25]:389"
 5102 msgstr ""
 5103 
 5104 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5105 #: sssd-ldap.5.xml:91
 5106 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
 5107 msgstr ""
 5108 
 5109 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5110 #: sssd-ldap.5.xml:94
 5111 msgid ""
 5112 "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
 5113 "should connect in the order of preference to change the password of a user. "
 5114 "Refer to the <quote>FAILOVER</quote> section for more information on "
 5115 "failover and server redundancy."
 5116 msgstr ""
 5117 
 5118 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5119 #: sssd-ldap.5.xml:101
 5120 msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
 5121 msgstr ""
 5122 
 5123 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5124 #: sssd-ldap.5.xml:105
 5125 msgid "Default: empty, i.e. ldap_uri is used."
 5126 msgstr "Padrão: empty, ou seja, ldap_uri é usado."
 5127 
 5128 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5129 #: sssd-ldap.5.xml:111
 5130 msgid "ldap_search_base (string)"
 5131 msgstr "ldap_search_base (string)"
 5132 
 5133 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5134 #: sssd-ldap.5.xml:114
 5135 msgid "The default base DN to use for performing LDAP user operations."
 5136 msgstr ""
 5137 
 5138 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5139 #: sssd-ldap.5.xml:118
 5140 msgid ""
 5141 "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
 5142 "syntax:"
 5143 msgstr ""
 5144 
 5145 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5146 #: sssd-ldap.5.xml:122
 5147 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 5148 msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
 5149 
 5150 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5151 #: sssd-ldap.5.xml:125
 5152 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
 5153 msgstr ""
 5154 
 5155 #. type: Content of: <listitem><para>
 5156 #: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18
 5157 msgid ""
 5158 "The filter must be a valid LDAP search filter as specified by http://www."
 5159 "ietf.org/rfc/rfc2254.txt"
 5160 msgstr ""
 5161 
 5162 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5163 #: sssd-ldap.5.xml:132 sssd-ad.5.xml:288 sss_override.8.xml:143
 5164 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453
 5165 msgid "Examples:"
 5166 msgstr "Exemplos:"
 5167 
 5168 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5169 #: sssd-ldap.5.xml:135
 5170 msgid ""
 5171 "ldap_search_base = dc=example,dc=com (which is equivalent to)  "
 5172 "ldap_search_base = dc=example,dc=com?subtree?"
 5173 msgstr ""
 5174 "ldap_search_base = dc=example,dc=com (which is equivalent to)  "
 5175 "ldap_search_base = dc=example,dc=com?subtree?"
 5176 
 5177 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5178 #: sssd-ldap.5.xml:140
 5179 msgid ""
 5180 "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
 5181 "(host=thishost)?dc=example.com?subtree?"
 5182 msgstr ""
 5183 "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
 5184 "(host=thishost)?dc=example.com?subtree?"
 5185 
 5186 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5187 #: sssd-ldap.5.xml:143
 5188 msgid ""
 5189 "Note: It is unsupported to have multiple search bases which reference "
 5190 "identically-named objects (for example, groups with the same name in two "
 5191 "different search bases). This will lead to unpredictable behavior on client "
 5192 "machines."
 5193 msgstr ""
 5194 
 5195 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5196 #: sssd-ldap.5.xml:150
 5197 msgid ""
 5198 "Default: If not set, the value of the defaultNamingContext or namingContexts "
 5199 "attribute from the RootDSE of the LDAP server is used. If "
 5200 "defaultNamingContext does not exist or has an empty value namingContexts is "
 5201 "used.  The namingContexts attribute must have a single value with the DN of "
 5202 "the search base of the LDAP server to make this work. Multiple values are "
 5203 "are not supported."
 5204 msgstr ""
 5205 
 5206 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5207 #: sssd-ldap.5.xml:164
 5208 msgid "ldap_schema (string)"
 5209 msgstr ""
 5210 
 5211 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5212 #: sssd-ldap.5.xml:167
 5213 msgid ""
 5214 "Specifies the Schema Type in use on the target LDAP server.  Depending on "
 5215 "the selected schema, the default attribute names retrieved from the servers "
 5216 "may vary.  The way that some attributes are handled may also differ."
 5217 msgstr ""
 5218 
 5219 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5220 #: sssd-ldap.5.xml:174
 5221 msgid "Four schema types are currently supported:"
 5222 msgstr ""
 5223 
 5224 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5225 #: sssd-ldap.5.xml:178
 5226 msgid "rfc2307"
 5227 msgstr ""
 5228 
 5229 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5230 #: sssd-ldap.5.xml:183
 5231 msgid "rfc2307bis"
 5232 msgstr ""
 5233 
 5234 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5235 #: sssd-ldap.5.xml:188
 5236 msgid "IPA"
 5237 msgstr ""
 5238 
 5239 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5240 #: sssd-ldap.5.xml:193
 5241 msgid "AD"
 5242 msgstr ""
 5243 
 5244 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5245 #: sssd-ldap.5.xml:199
 5246 msgid ""
 5247 "The main difference between these schema types is how group memberships are "
 5248 "recorded in the server.  With rfc2307, group members are listed by name in "
 5249 "the <emphasis>memberUid</emphasis> attribute.  With rfc2307bis and IPA, "
 5250 "group members are listed by DN and stored in the <emphasis>member</emphasis> "
 5251 "attribute.  The AD schema type sets the attributes to correspond with Active "
 5252 "Directory 2008r2 values."
 5253 msgstr ""
 5254 
 5255 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5256 #: sssd-ldap.5.xml:209
 5257 msgid "Default: rfc2307"
 5258 msgstr ""
 5259 
 5260 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5261 #: sssd-ldap.5.xml:215
 5262 msgid "ldap_pwmodify_mode (string)"
 5263 msgstr ""
 5264 
 5265 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5266 #: sssd-ldap.5.xml:218
 5267 msgid "Specify the operation that is used to modify user password."
 5268 msgstr ""
 5269 
 5270 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5271 #: sssd-ldap.5.xml:222
 5272 msgid "Two modes are currently supported:"
 5273 msgstr ""
 5274 
 5275 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5276 #: sssd-ldap.5.xml:226
 5277 msgid "exop - Password Modify Extended Operation (RFC 3062)"
 5278 msgstr ""
 5279 
 5280 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
 5281 #: sssd-ldap.5.xml:232
 5282 msgid "ldap_modify - Direct modification of userPassword (not recommended)."
 5283 msgstr ""
 5284 
 5285 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5286 #: sssd-ldap.5.xml:239
 5287 msgid ""
 5288 "Note: First, a new connection is established to verify current password by "
 5289 "binding as the user that requested password change. If successful, this "
 5290 "connection is used to change the password therefore the user must have write "
 5291 "access to userPassword attribute."
 5292 msgstr ""
 5293 
 5294 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5295 #: sssd-ldap.5.xml:247
 5296 msgid "Default: exop"
 5297 msgstr ""
 5298 
 5299 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5300 #: sssd-ldap.5.xml:253
 5301 msgid "ldap_default_bind_dn (string)"
 5302 msgstr ""
 5303 
 5304 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5305 #: sssd-ldap.5.xml:256
 5306 msgid "The default bind DN to use for performing LDAP operations."
 5307 msgstr ""
 5308 
 5309 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5310 #: sssd-ldap.5.xml:263
 5311 msgid "ldap_default_authtok_type (string)"
 5312 msgstr ""
 5313 
 5314 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5315 #: sssd-ldap.5.xml:266
 5316 msgid "The type of the authentication token of the default bind DN."
 5317 msgstr ""
 5318 
 5319 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5320 #: sssd-ldap.5.xml:270
 5321 msgid "The two mechanisms currently supported are:"
 5322 msgstr ""
 5323 
 5324 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5325 #: sssd-ldap.5.xml:273
 5326 msgid "password"
 5327 msgstr ""
 5328 
 5329 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5330 #: sssd-ldap.5.xml:276
 5331 msgid "obfuscated_password"
 5332 msgstr ""
 5333 
 5334 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5335 #: sssd-ldap.5.xml:279
 5336 msgid "Default: password"
 5337 msgstr ""
 5338 
 5339 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5340 #: sssd-ldap.5.xml:282
 5341 msgid ""
 5342 "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> "
 5343 "<manvolnum>8</manvolnum> </citerefentry> manual page for more information."
 5344 msgstr ""
 5345 
 5346 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5347 #: sssd-ldap.5.xml:293
 5348 msgid "ldap_default_authtok (string)"
 5349 msgstr ""
 5350 
 5351 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5352 #: sssd-ldap.5.xml:296
 5353 msgid "The authentication token of the default bind DN."
 5354 msgstr ""
 5355 
 5356 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5357 #: sssd-ldap.5.xml:302
 5358 msgid "ldap_force_upper_case_realm (boolean)"
 5359 msgstr "ldap_force_upper_case_realm (boolean)"
 5360 
 5361 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5362 #: sssd-ldap.5.xml:305
 5363 msgid ""
 5364 "Some directory servers, for example Active Directory, might deliver the "
 5365 "realm part of the UPN in lower case, which might cause the authentication to "
 5366 "fail. Set this option to a non-zero value if you want to use an upper-case "
 5367 "realm."
 5368 msgstr ""
 5369 
 5370 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5371 #: sssd-ldap.5.xml:318
 5372 msgid "ldap_enumeration_refresh_timeout (integer)"
 5373 msgstr "ldap_enumeration_refresh_timeout (integer)"
 5374 
 5375 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5376 #: sssd-ldap.5.xml:321
 5377 msgid ""
 5378 "Specifies how many seconds SSSD has to wait before refreshing its cache of "
 5379 "enumerated records."
 5380 msgstr ""
 5381 
 5382 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5383 #: sssd-ldap.5.xml:332
 5384 msgid "ldap_purge_cache_timeout (integer)"
 5385 msgstr ""
 5386 
 5387 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5388 #: sssd-ldap.5.xml:335
 5389 msgid ""
 5390 "Determine how often to check the cache for inactive entries (such as groups "
 5391 "with no members and users who have never logged in) and remove them to save "
 5392 "space."
 5393 msgstr ""
 5394 
 5395 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5396 #: sssd-ldap.5.xml:341
 5397 msgid ""
 5398 "Setting this option to zero will disable the cache cleanup operation. Please "
 5399 "note that if enumeration is enabled, the cleanup task is required in order "
 5400 "to detect entries removed from the server and can't be disabled. By default, "
 5401 "the cleanup task will run every 3 hours with enumeration enabled."
 5402 msgstr ""
 5403 
 5404 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5405 #: sssd-ldap.5.xml:356
 5406 msgid "ldap_group_nesting_level (integer)"
 5407 msgstr ""
 5408 
 5409 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5410 #: sssd-ldap.5.xml:359
 5411 msgid ""
 5412 "If ldap_schema is set to a schema format that supports nested groups (e.g. "
 5413 "RFC2307bis), then this option controls how many levels of nesting SSSD will "
 5414 "follow. This option has no effect on the RFC2307 schema."
 5415 msgstr ""
 5416 
 5417 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5418 #: sssd-ldap.5.xml:366
 5419 msgid ""
 5420 "Note: This option specifies the guaranteed level of nested groups to be "
 5421 "processed for any lookup. However, nested groups beyond this limit "
 5422 "<emphasis>may be</emphasis> returned if previous lookups already resolved "
 5423 "the deeper nesting levels.  Also, subsequent lookups for other groups may "
 5424 "enlarge the result set for original lookup if re-queried."
 5425 msgstr ""
 5426 
 5427 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5428 #: sssd-ldap.5.xml:375
 5429 msgid ""
 5430 "If ldap_group_nesting_level is set to 0 then no nested groups are processed "
 5431 "at all. However, when connected to Active-Directory Server 2008 and later "
 5432 "using <quote>id_provider=ad</quote> it is furthermore required to disable "
 5433 "usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
 5434 "restrict group nesting."
 5435 msgstr ""
 5436 
 5437 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5438 #: sssd-ldap.5.xml:384
 5439 msgid "Default: 2"
 5440 msgstr ""
 5441 
 5442 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5443 #: sssd-ldap.5.xml:393
 5444 msgid ""
 5445 "This options enables or disables use of Token-Groups attribute when "
 5446 "performing initgroup for users from Active Directory Server 2008 and later."
 5447 msgstr ""
 5448 
 5449 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5450 #: sssd-ldap.5.xml:398
 5451 msgid "Default: True for AD and IPA otherwise False."
 5452 msgstr ""
 5453 
 5454 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5455 #: sssd-ldap.5.xml:404
 5456 msgid "ldap_host_search_base (string)"
 5457 msgstr ""
 5458 
 5459 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5460 #: sssd-ldap.5.xml:407
 5461 msgid "Optional. Use the given string as search base for host objects."
 5462 msgstr ""
 5463 
 5464 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5465 #: sssd-ldap.5.xml:411 sssd-ipa.5.xml:389 sssd-ipa.5.xml:408 sssd-ipa.5.xml:427
 5466 #: sssd-ipa.5.xml:446
 5467 msgid ""
 5468 "See <quote>ldap_search_base</quote> for information about configuring "
 5469 "multiple search bases."
 5470 msgstr ""
 5471 
 5472 #. type: Content of: <listitem><para>
 5473 #: sssd-ldap.5.xml:416 sssd-ipa.5.xml:394 include/ldap_search_bases.xml:27
 5474 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
 5475 msgstr ""
 5476 
 5477 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5478 #: sssd-ldap.5.xml:423
 5479 msgid "ldap_service_search_base (string)"
 5480 msgstr ""
 5481 
 5482 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5483 #: sssd-ldap.5.xml:428
 5484 msgid "ldap_iphost_search_base (string)"
 5485 msgstr ""
 5486 
 5487 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5488 #: sssd-ldap.5.xml:433
 5489 msgid "ldap_ipnetwork_search_base (string)"
 5490 msgstr ""
 5491 
 5492 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5493 #: sssd-ldap.5.xml:438
 5494 msgid "ldap_search_timeout (integer)"
 5495 msgstr "ldap_search_timeout (integer)"
 5496 
 5497 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5498 #: sssd-ldap.5.xml:441
 5499 msgid ""
 5500 "Specifies the timeout (in seconds) that ldap searches are allowed to run "
 5501 "before they are cancelled and cached results are returned (and offline mode "
 5502 "is entered)"
 5503 msgstr ""
 5504 
 5505 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5506 #: sssd-ldap.5.xml:447
 5507 msgid ""
 5508 "Note: this option is subject to change in future versions of the SSSD. It "
 5509 "will likely be replaced at some point by a series of timeouts for specific "
 5510 "lookup types."
 5511 msgstr ""
 5512 
 5513 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5514 #: sssd-ldap.5.xml:459
 5515 msgid "ldap_enumeration_search_timeout (integer)"
 5516 msgstr ""
 5517 
 5518 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5519 #: sssd-ldap.5.xml:462
 5520 msgid ""
 5521 "Specifies the timeout (in seconds) that ldap searches for user and group "
 5522 "enumerations are allowed to run before they are cancelled and cached results "
 5523 "are returned (and offline mode is entered)"
 5524 msgstr ""
 5525 
 5526 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5527 #: sssd-ldap.5.xml:475
 5528 msgid "ldap_network_timeout (integer)"
 5529 msgstr "ldap_network_timeout (integer)"
 5530 
 5531 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5532 #: sssd-ldap.5.xml:478
 5533 msgid ""
 5534 "Specifies the timeout (in seconds) after which the <citerefentry> "
 5535 "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
 5536 "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
 5537 "manvolnum> </citerefentry> following a <citerefentry> "
 5538 "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
 5539 "citerefentry> returns in case of no activity."
 5540 msgstr ""
 5541 
 5542 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5543 #: sssd-ldap.5.xml:501
 5544 msgid "ldap_opt_timeout (integer)"
 5545 msgstr "ldap_opt_timeout (integer)"
 5546 
 5547 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5548 #: sssd-ldap.5.xml:504
 5549 msgid ""
 5550 "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
 5551 "will abort if no response is received. Also controls the timeout when "
 5552 "communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
 5553 "operation, password change extended operation and the StartTLS operation."
 5554 msgstr ""
 5555 
 5556 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5557 #: sssd-ldap.5.xml:519
 5558 msgid "ldap_connection_expire_timeout (integer)"
 5559 msgstr ""
 5560 
 5561 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5562 #: sssd-ldap.5.xml:522
 5563 msgid ""
 5564 "Specifies a timeout (in seconds) that a connection to an LDAP server will be "
 5565 "maintained. After this time, the connection will be re-established. If used "
 5566 "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
 5567 "the TGT lifetime)  will be used."
 5568 msgstr ""
 5569 
 5570 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5571 #: sssd-ldap.5.xml:530
 5572 msgid ""
 5573 "This timeout can be extended of a random value specified by "
 5574 "<emphasis>ldap_connection_expire_offset</emphasis>"
 5575 msgstr ""
 5576 
 5577 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5578 #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:1565
 5579 msgid "Default: 900 (15 minutes)"
 5580 msgstr ""
 5581 
 5582 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5583 #: sssd-ldap.5.xml:541
 5584 msgid "ldap_connection_expire_offset (integer)"
 5585 msgstr ""
 5586 
 5587 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5588 #: sssd-ldap.5.xml:544
 5589 msgid ""
 5590 "Random offset between 0 and configured value is added to "
 5591 "<emphasis>ldap_connection_expire_timeout</emphasis>."
 5592 msgstr ""
 5593 
 5594 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5595 #: sssd-ldap.5.xml:555
 5596 msgid "ldap_page_size (integer)"
 5597 msgstr "ldap_page_size (integer)"
 5598 
 5599 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5600 #: sssd-ldap.5.xml:558
 5601 msgid ""
 5602 "Specify the number of records to retrieve from LDAP in a single request. "
 5603 "Some LDAP servers enforce a maximum limit per-request."
 5604 msgstr ""
 5605 
 5606 #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
 5607 #: sssd-ldap.5.xml:563 include/failover.xml:84
 5608 msgid "Default: 1000"
 5609 msgstr "Padrão: 1000"
 5610 
 5611 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5612 #: sssd-ldap.5.xml:569
 5613 msgid "ldap_disable_paging (boolean)"
 5614 msgstr ""
 5615 
 5616 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5617 #: sssd-ldap.5.xml:572
 5618 msgid ""
 5619 "Disable the LDAP paging control. This option should be used if the LDAP "
 5620 "server reports that it supports the LDAP paging control in its RootDSE but "
 5621 "it is not enabled or does not behave properly."
 5622 msgstr ""
 5623 
 5624 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5625 #: sssd-ldap.5.xml:578
 5626 msgid ""
 5627 "Example: OpenLDAP servers with the paging control module installed on the "
 5628 "server but not enabled will report it in the RootDSE but be unable to use it."
 5629 msgstr ""
 5630 
 5631 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5632 #: sssd-ldap.5.xml:584
 5633 msgid ""
 5634 "Example: 389 DS has a bug where it can only support a one paging control at "
 5635 "a time on a single connection. On busy clients, this can result in some "
 5636 "requests being denied."
 5637 msgstr ""
 5638 
 5639 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5640 #: sssd-ldap.5.xml:596
 5641 msgid "ldap_disable_range_retrieval (boolean)"
 5642 msgstr ""
 5643 
 5644 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5645 #: sssd-ldap.5.xml:599
 5646 msgid "Disable Active Directory range retrieval."
 5647 msgstr ""
 5648 
 5649 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5650 #: sssd-ldap.5.xml:602
 5651 msgid ""
 5652 "Active Directory limits the number of members to be retrieved in a single "
 5653 "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
 5654 "group contains more members, the reply would include an AD-specific range "
 5655 "extension. This option disables parsing of the range extension, therefore "
 5656 "large groups will appear as having no members."
 5657 msgstr ""
 5658 
 5659 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5660 #: sssd-ldap.5.xml:617
 5661 msgid "ldap_sasl_minssf (integer)"
 5662 msgstr ""
 5663 
 5664 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5665 #: sssd-ldap.5.xml:620
 5666 msgid ""
 5667 "When communicating with an LDAP server using SASL, specify the minimum "
 5668 "security level necessary to establish the connection. The values of this "
 5669 "option are defined by OpenLDAP."
 5670 msgstr ""
 5671 
 5672 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5673 #: sssd-ldap.5.xml:626 sssd-ldap.5.xml:642
 5674 msgid "Default: Use the system default (usually specified by ldap.conf)"
 5675 msgstr ""
 5676 
 5677 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5678 #: sssd-ldap.5.xml:633
 5679 msgid "ldap_sasl_maxssf (integer)"
 5680 msgstr ""
 5681 
 5682 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5683 #: sssd-ldap.5.xml:636
 5684 msgid ""
 5685 "When communicating with an LDAP server using SASL, specify the maximal "
 5686 "security level necessary to establish the connection. The values of this "
 5687 "option are defined by OpenLDAP."
 5688 msgstr ""
 5689 
 5690 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5691 #: sssd-ldap.5.xml:649
 5692 msgid "ldap_deref_threshold (integer)"
 5693 msgstr ""
 5694 
 5695 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5696 #: sssd-ldap.5.xml:652
 5697 msgid ""
 5698 "Specify the number of group members that must be missing from the internal "
 5699 "cache in order to trigger a dereference lookup. If less members are missing, "
 5700 "they are looked up individually."
 5701 msgstr ""
 5702 
 5703 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5704 #: sssd-ldap.5.xml:658
 5705 msgid ""
 5706 "You can turn off dereference lookups completely by setting the value to 0. "
 5707 "Please note that there are some codepaths in SSSD, like the IPA HBAC "
 5708 "provider, that are only implemented using the dereference call, so even with "
 5709 "dereference explicitly disabled, those parts will still use dereference if "
 5710 "the server supports it and advertises the dereference control in the rootDSE "
 5711 "object."
 5712 msgstr ""
 5713 
 5714 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5715 #: sssd-ldap.5.xml:669
 5716 msgid ""
 5717 "A dereference lookup is a means of fetching all group members in a single "
 5718 "LDAP call.  Different LDAP servers may implement different dereference "
 5719 "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
 5720 "Directory."
 5721 msgstr ""
 5722 
 5723 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5724 #: sssd-ldap.5.xml:677
 5725 msgid ""
 5726 "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
 5727 "filter, then the dereference lookup performance enhancement will be disabled "
 5728 "regardless of this setting."
 5729 msgstr ""
 5730 
 5731 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5732 #: sssd-ldap.5.xml:690
 5733 msgid "ldap_tls_reqcert (string)"
 5734 msgstr "ldap_tls_reqcert (string)"
 5735 
 5736 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5737 #: sssd-ldap.5.xml:693
 5738 msgid ""
 5739 "Specifies what checks to perform on server certificates in a TLS session, if "
 5740 "any. It can be specified as one of the following values:"
 5741 msgstr ""
 5742 
 5743 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5744 #: sssd-ldap.5.xml:699
 5745 msgid ""
 5746 "<emphasis>never</emphasis> = The client will not request or check any server "
 5747 "certificate."
 5748 msgstr ""
 5749 "<emphasis>never</emphasis> = O cliente não irá solicitar ou verificar "
 5750 "qualquer certificado de servidor."
 5751 
 5752 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5753 #: sssd-ldap.5.xml:703
 5754 msgid ""
 5755 "<emphasis>allow</emphasis> = The server certificate is requested. If no "
 5756 "certificate is provided, the session proceeds normally. If a bad certificate "
 5757 "is provided, it will be ignored and the session proceeds normally."
 5758 msgstr ""
 5759 
 5760 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5761 #: sssd-ldap.5.xml:710
 5762 msgid ""
 5763 "<emphasis>try</emphasis> = The server certificate is requested. If no "
 5764 "certificate is provided, the session proceeds normally. If a bad certificate "
 5765 "is provided, the session is immediately terminated."
 5766 msgstr ""
 5767 
 5768 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5769 #: sssd-ldap.5.xml:716
 5770 msgid ""
 5771 "<emphasis>demand</emphasis> = The server certificate is requested. If no "
 5772 "certificate is provided, or a bad certificate is provided, the session is "
 5773 "immediately terminated."
 5774 msgstr ""
 5775 
 5776 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5777 #: sssd-ldap.5.xml:722
 5778 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
 5779 msgstr ""
 5780 
 5781 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5782 #: sssd-ldap.5.xml:726
 5783 msgid "Default: hard"
 5784 msgstr "Padrão: hard"
 5785 
 5786 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5787 #: sssd-ldap.5.xml:732
 5788 msgid "ldap_tls_cacert (string)"
 5789 msgstr "ldap_tls_cacert (string)"
 5790 
 5791 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5792 #: sssd-ldap.5.xml:735
 5793 msgid ""
 5794 "Specifies the file that contains certificates for all of the Certificate "
 5795 "Authorities that <command>sssd</command> will recognize."
 5796 msgstr ""
 5797 
 5798 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5799 #: sssd-ldap.5.xml:740 sssd-ldap.5.xml:758 sssd-ldap.5.xml:799
 5800 msgid ""
 5801 "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
 5802 "conf</filename>"
 5803 msgstr ""
 5804 
 5805 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5806 #: sssd-ldap.5.xml:747
 5807 msgid "ldap_tls_cacertdir (string)"
 5808 msgstr "ldap_tls_cacertdir (string)"
 5809 
 5810 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5811 #: sssd-ldap.5.xml:750
 5812 msgid ""
 5813 "Specifies the path of a directory that contains Certificate Authority "
 5814 "certificates in separate individual files. Typically the file names need to "
 5815 "be the hash of the certificate followed by '.0'.  If available, "
 5816 "<command>cacertdir_rehash</command> can be used to create the correct names."
 5817 msgstr ""
 5818 
 5819 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5820 #: sssd-ldap.5.xml:765
 5821 msgid "ldap_tls_cert (string)"
 5822 msgstr ""
 5823 
 5824 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5825 #: sssd-ldap.5.xml:768
 5826 msgid "Specifies the file that contains the certificate for the client's key."
 5827 msgstr ""
 5828 
 5829 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5830 #: sssd-ldap.5.xml:778
 5831 msgid "ldap_tls_key (string)"
 5832 msgstr ""
 5833 
 5834 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5835 #: sssd-ldap.5.xml:781
 5836 msgid "Specifies the file that contains the client's key."
 5837 msgstr ""
 5838 
 5839 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5840 #: sssd-ldap.5.xml:790
 5841 msgid "ldap_tls_cipher_suite (string)"
 5842 msgstr ""
 5843 
 5844 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5845 #: sssd-ldap.5.xml:793
 5846 msgid ""
 5847 "Specifies acceptable cipher suites.  Typically this is a colon separated "
 5848 "list.  See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
 5849 "<manvolnum>5</manvolnum></citerefentry> for format."
 5850 msgstr ""
 5851 
 5852 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5853 #: sssd-ldap.5.xml:806
 5854 msgid "ldap_id_use_start_tls (boolean)"
 5855 msgstr "ldap_id_use_start_tls (boolean)"
 5856 
 5857 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5858 #: sssd-ldap.5.xml:809
 5859 msgid ""
 5860 "Specifies that the id_provider connection must also use <systemitem class="
 5861 "\"protocol\">tls</systemitem> to protect the channel."
 5862 msgstr ""
 5863 
 5864 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5865 #: sssd-ldap.5.xml:819
 5866 msgid "ldap_id_mapping (boolean)"
 5867 msgstr ""
 5868 
 5869 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5870 #: sssd-ldap.5.xml:822
 5871 msgid ""
 5872 "Specifies that SSSD should attempt to map user and group IDs from the "
 5873 "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
 5874 "on ldap_user_uid_number and ldap_group_gid_number."
 5875 msgstr ""
 5876 
 5877 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5878 #: sssd-ldap.5.xml:828
 5879 msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
 5880 msgstr ""
 5881 
 5882 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5883 #: sssd-ldap.5.xml:838
 5884 msgid "ldap_min_id, ldap_max_id (integer)"
 5885 msgstr ""
 5886 
 5887 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5888 #: sssd-ldap.5.xml:841
 5889 msgid ""
 5890 "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
 5891 "set to true the allowed ID range for ldap_user_uid_number and "
 5892 "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
 5893 "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
 5894 "can be set to restrict the allowed range for the IDs which are read directly "
 5895 "from the server. Sub-domains can then pick other ranges to map IDs."
 5896 msgstr ""
 5897 
 5898 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5899 #: sssd-ldap.5.xml:853
 5900 msgid "Default: not set (both options are set to 0)"
 5901 msgstr ""
 5902 
 5903 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5904 #: sssd-ldap.5.xml:859
 5905 msgid "ldap_sasl_mech (string)"
 5906 msgstr "ldap_sasl_mech (string)"
 5907 
 5908 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5909 #: sssd-ldap.5.xml:862
 5910 msgid ""
 5911 "Specify the SASL mechanism to use.  Currently only GSSAPI and GSS-SPNEGO are "
 5912 "tested and supported."
 5913 msgstr ""
 5914 
 5915 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5916 #: sssd-ldap.5.xml:866
 5917 msgid ""
 5918 "If the backend supports sub-domains the value of ldap_sasl_mech is "
 5919 "automatically inherited to the sub-domains. If a different value is needed "
 5920 "for a sub-domain it can be overwritten by setting ldap_sasl_mech for this "
 5921 "sub-domain explicitly.  Please see TRUSTED DOMAIN SECTION in "
 5922 "<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
 5923 "manvolnum></citerefentry> for details."
 5924 msgstr ""
 5925 
 5926 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5927 #: sssd-ldap.5.xml:882
 5928 msgid "ldap_sasl_authid (string)"
 5929 msgstr "ldap_sasl_authid (string)"
 5930 
 5931 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
 5932 #: sssd-ldap.5.xml:894
 5933 #, no-wrap
 5934 msgid ""
 5935 "hostname@REALM\n"
 5936 "netbiosname$@REALM\n"
 5937 "host/hostname@REALM\n"
 5938 "*$@REALM\n"
 5939 "host/*@REALM\n"
 5940 "host/*\n"
 5941 "                            "
 5942 msgstr ""
 5943 
 5944 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5945 #: sssd-ldap.5.xml:885
 5946 msgid ""
 5947 "Specify the SASL authorization id to use.  When GSSAPI/GSS-SPNEGO are used, "
 5948 "this represents the Kerberos principal used for authentication to the "
 5949 "directory.  This option can either contain the full principal (for example "
 5950 "host/myhost@EXAMPLE.COM) or just the principal name (for example host/"
 5951 "myhost).  By default, the value is not set and the following principals are "
 5952 "used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are "
 5953 "found, the first principal in keytab is returned."
 5954 msgstr ""
 5955 
 5956 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5957 #: sssd-ldap.5.xml:905
 5958 msgid "Default: host/hostname@REALM"
 5959 msgstr ""
 5960 
 5961 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5962 #: sssd-ldap.5.xml:911
 5963 msgid "ldap_sasl_realm (string)"
 5964 msgstr ""
 5965 
 5966 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5967 #: sssd-ldap.5.xml:914
 5968 msgid ""
 5969 "Specify the SASL realm to use. When not specified, this option defaults to "
 5970 "the value of krb5_realm.  If the ldap_sasl_authid contains the realm as "
 5971 "well, this option is ignored."
 5972 msgstr ""
 5973 
 5974 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5975 #: sssd-ldap.5.xml:920
 5976 msgid "Default: the value of krb5_realm."
 5977 msgstr ""
 5978 
 5979 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5980 #: sssd-ldap.5.xml:926
 5981 msgid "ldap_sasl_canonicalize (boolean)"
 5982 msgstr "ldap_sasl_canonicalize (boolean)"
 5983 
 5984 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5985 #: sssd-ldap.5.xml:929
 5986 msgid ""
 5987 "If set to true, the LDAP library would perform a reverse lookup to "
 5988 "canonicalize the host name during a SASL bind."
 5989 msgstr ""
 5990 
 5991 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 5992 #: sssd-ldap.5.xml:934
 5993 msgid "Default: false;"
 5994 msgstr "Padrão: false;"
 5995 
 5996 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 5997 #: sssd-ldap.5.xml:940
 5998 msgid "ldap_krb5_keytab (string)"
 5999 msgstr "ldap_krb5_keytab (string)"
 6000 
 6001 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6002 #: sssd-ldap.5.xml:943
 6003 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
 6004 msgstr ""
 6005 
 6006 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6007 #: sssd-ldap.5.xml:947
 6008 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
 6009 msgstr ""
 6010 "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
 6011 
 6012 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6013 #: sssd-ldap.5.xml:953
 6014 msgid "ldap_krb5_init_creds (boolean)"
 6015 msgstr "ldap_krb5_init_creds (boolean)"
 6016 
 6017 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6018 #: sssd-ldap.5.xml:956
 6019 msgid ""
 6020 "Specifies that the id_provider should init Kerberos credentials (TGT).  This "
 6021 "action is performed only if SASL is used and the mechanism selected is "
 6022 "GSSAPI or GSS-SPNEGO."
 6023 msgstr ""
 6024 
 6025 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6026 #: sssd-ldap.5.xml:968
 6027 msgid "ldap_krb5_ticket_lifetime (integer)"
 6028 msgstr "ldap_krb5_ticket_lifetime (integer)"
 6029 
 6030 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6031 #: sssd-ldap.5.xml:971
 6032 msgid ""
 6033 "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
 6034 msgstr ""
 6035 
 6036 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6037 #: sssd-ldap.5.xml:975 sssd-ad.5.xml:1229
 6038 msgid "Default: 86400 (24 hours)"
 6039 msgstr "Padrão: 86400 (24 horas)"
 6040 
 6041 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6042 #: sssd-ldap.5.xml:981 sssd-krb5.5.xml:74
 6043 msgid "krb5_server, krb5_backup_server (string)"
 6044 msgstr ""
 6045 
 6046 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6047 #: sssd-ldap.5.xml:984
 6048 msgid ""
 6049 "Specifies the comma-separated list of IP addresses or hostnames of the "
 6050 "Kerberos servers to which SSSD should connect in the order of preference. "
 6051 "For more information on failover and server redundancy, see the "
 6052 "<quote>FAILOVER</quote> section. An optional port number (preceded by a "
 6053 "colon) may be appended to the addresses or hostnames.  If empty, service "
 6054 "discovery is enabled - for more information, refer to the <quote>SERVICE "
 6055 "DISCOVERY</quote> section."
 6056 msgstr ""
 6057 
 6058 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6059 #: sssd-ldap.5.xml:996 sssd-krb5.5.xml:89
 6060 msgid ""
 6061 "When using service discovery for KDC or kpasswd servers, SSSD first searches "
 6062 "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
 6063 "none are found."
 6064 msgstr ""
 6065 
 6066 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6067 #: sssd-ldap.5.xml:1001 sssd-krb5.5.xml:94
 6068 msgid ""
 6069 "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
 6070 "While the legacy name is recognized for the time being, users are advised to "
 6071 "migrate their config files to use <quote>krb5_server</quote> instead."
 6072 msgstr ""
 6073 
 6074 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6075 #: sssd-ldap.5.xml:1010 sssd-ipa.5.xml:458 sssd-krb5.5.xml:103
 6076 msgid "krb5_realm (string)"
 6077 msgstr "krb5_realm (string)"
 6078 
 6079 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6080 #: sssd-ldap.5.xml:1013
 6081 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
 6082 msgstr ""
 6083 
 6084 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6085 #: sssd-ldap.5.xml:1017
 6086 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
 6087 msgstr ""
 6088 
 6089 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6090 #: sssd-ldap.5.xml:1023 sssd-krb5.5.xml:462
 6091 msgid "krb5_canonicalize (boolean)"
 6092 msgstr "krb5_canonicalize (boolean)"
 6093 
 6094 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6095 #: sssd-ldap.5.xml:1026
 6096 msgid ""
 6097 "Specifies if the host principal should be canonicalized when connecting to "
 6098 "LDAP server. This feature is available with MIT Kerberos >= 1.7"
 6099 msgstr ""
 6100 
 6101 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6102 #: sssd-ldap.5.xml:1038 sssd-krb5.5.xml:477
 6103 msgid "krb5_use_kdcinfo (boolean)"
 6104 msgstr ""
 6105 
 6106 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6107 #: sssd-ldap.5.xml:1041 sssd-krb5.5.xml:480
 6108 msgid ""
 6109 "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
 6110 "which KDCs to use. This option is on by default, if you disable it, you need "
 6111 "to configure the Kerberos library using the <citerefentry> "
 6112 "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
 6113 "citerefentry> configuration file."
 6114 msgstr ""
 6115 
 6116 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6117 #: sssd-ldap.5.xml:1052 sssd-krb5.5.xml:491
 6118 msgid ""
 6119 "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
 6120 "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
 6121 "information on the locator plugin."
 6122 msgstr ""
 6123 
 6124 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6125 #: sssd-ldap.5.xml:1066
 6126 msgid "ldap_pwd_policy (string)"
 6127 msgstr "ldap_pwd_policy (string)"
 6128 
 6129 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6130 #: sssd-ldap.5.xml:1069
 6131 msgid ""
 6132 "Select the policy to evaluate the password expiration on the client side. "
 6133 "The following values are allowed:"
 6134 msgstr ""
 6135 
 6136 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6137 #: sssd-ldap.5.xml:1074
 6138 msgid ""
 6139 "<emphasis>none</emphasis> - No evaluation on the client side. This option "
 6140 "cannot disable server-side password policies."
 6141 msgstr ""
 6142 
 6143 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6144 #: sssd-ldap.5.xml:1079
 6145 msgid ""
 6146 "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
 6147 "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
 6148 "evaluate if the password has expired."
 6149 msgstr ""
 6150 
 6151 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6152 #: sssd-ldap.5.xml:1085
 6153 msgid ""
 6154 "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
 6155 "to determine if the password has expired. Use chpass_provider=krb5 to update "
 6156 "these attributes when the password is changed."
 6157 msgstr ""
 6158 
 6159 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6160 #: sssd-ldap.5.xml:1094
 6161 msgid ""
 6162 "<emphasis>Note</emphasis>: if a password policy is configured on server "
 6163 "side, it always takes precedence over policy set with this option."
 6164 msgstr ""
 6165 
 6166 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6167 #: sssd-ldap.5.xml:1102
 6168 msgid "ldap_referrals (boolean)"
 6169 msgstr ""
 6170 
 6171 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6172 #: sssd-ldap.5.xml:1105
 6173 msgid "Specifies whether automatic referral chasing should be enabled."
 6174 msgstr ""
 6175 
 6176 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6177 #: sssd-ldap.5.xml:1109
 6178 msgid ""
 6179 "Please note that sssd only supports referral chasing when it is compiled "
 6180 "with OpenLDAP version 2.4.13 or higher."
 6181 msgstr ""
 6182 
 6183 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6184 #: sssd-ldap.5.xml:1114
 6185 msgid ""
 6186 "Chasing referrals may incur a performance penalty in environments that use "
 6187 "them heavily, a notable example is Microsoft Active Directory. If your setup "
 6188 "does not in fact require the use of referrals, setting this option to false "
 6189 "might bring a noticeable performance improvement.  Setting this option to "
 6190 "false is therefore recommended in case the SSSD LDAP provider is used "
 6191 "together with Microsoft Active Directory as a backend. Even if SSSD would be "
 6192 "able to follow the referral to a different AD DC no additional data would be "
 6193 "available."
 6194 msgstr ""
 6195 
 6196 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6197 #: sssd-ldap.5.xml:1133
 6198 msgid "ldap_dns_service_name (string)"
 6199 msgstr ""
 6200 
 6201 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6202 #: sssd-ldap.5.xml:1136
 6203 msgid "Specifies the service name to use when service discovery is enabled."
 6204 msgstr ""
 6205 
 6206 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6207 #: sssd-ldap.5.xml:1140
 6208 msgid "Default: ldap"
 6209 msgstr ""
 6210 
 6211 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6212 #: sssd-ldap.5.xml:1146
 6213 msgid "ldap_chpass_dns_service_name (string)"
 6214 msgstr ""
 6215 
 6216 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6217 #: sssd-ldap.5.xml:1149
 6218 msgid ""
 6219 "Specifies the service name to use to find an LDAP server which allows "
 6220 "password changes when service discovery is enabled."
 6221 msgstr ""
 6222 
 6223 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6224 #: sssd-ldap.5.xml:1154
 6225 msgid "Default: not set, i.e. service discovery is disabled"
 6226 msgstr ""
 6227 
 6228 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6229 #: sssd-ldap.5.xml:1160
 6230 msgid "ldap_chpass_update_last_change (bool)"
 6231 msgstr ""
 6232 
 6233 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6234 #: sssd-ldap.5.xml:1163
 6235 msgid ""
 6236 "Specifies whether to update the ldap_user_shadow_last_change attribute with "
 6237 "days since the Epoch after a password change operation."
 6238 msgstr ""
 6239 
 6240 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6241 #: sssd-ldap.5.xml:1175
 6242 msgid "ldap_access_filter (string)"
 6243 msgstr ""
 6244 
 6245 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6246 #: sssd-ldap.5.xml:1178
 6247 msgid ""
 6248 "If using access_provider = ldap and ldap_access_order = filter (default), "
 6249 "this option is mandatory. It specifies an LDAP search filter criteria that "
 6250 "must be met for the user to be granted access on this host. If "
 6251 "access_provider = ldap, ldap_access_order = filter and this option is not "
 6252 "set, it will result in all users being denied access.  Use access_provider = "
 6253 "permit to change this default behavior. Please note that this filter is "
 6254 "applied on the LDAP user entry only and thus filtering based on nested "
 6255 "groups may not work (e.g. memberOf attribute on AD entries points only to "
 6256 "direct parents). If filtering based on nested groups is required, please see "
 6257 "<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
 6258 "manvolnum> </citerefentry>."
 6259 msgstr ""
 6260 
 6261 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6262 #: sssd-ldap.5.xml:1198
 6263 msgid "Example:"
 6264 msgstr ""
 6265 
 6266 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
 6267 #: sssd-ldap.5.xml:1201
 6268 #, no-wrap
 6269 msgid ""
 6270 "access_provider = ldap\n"
 6271 "ldap_access_filter = (employeeType=admin)\n"
 6272 "                        "
 6273 msgstr ""
 6274 
 6275 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6276 #: sssd-ldap.5.xml:1205
 6277 msgid ""
 6278 "This example means that access to this host is restricted to users whose "
 6279 "employeeType attribute is set to \"admin\"."
 6280 msgstr ""
 6281 
 6282 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6283 #: sssd-ldap.5.xml:1210
 6284 msgid ""
 6285 "Offline caching for this feature is limited to determining whether the "
 6286 "user's last online login was granted access permission. If they were granted "
 6287 "access during their last login, they will continue to be granted access "
 6288 "while offline and vice versa."
 6289 msgstr ""
 6290 
 6291 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6292 #: sssd-ldap.5.xml:1218 sssd-ldap.5.xml:1275
 6293 msgid "Default: Empty"
 6294 msgstr ""
 6295 
 6296 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6297 #: sssd-ldap.5.xml:1224
 6298 msgid "ldap_account_expire_policy (string)"
 6299 msgstr ""
 6300 
 6301 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6302 #: sssd-ldap.5.xml:1227
 6303 msgid ""
 6304 "With this option a client side evaluation of access control attributes can "
 6305 "be enabled."
 6306 msgstr ""
 6307 
 6308 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6309 #: sssd-ldap.5.xml:1231
 6310 msgid ""
 6311 "Please note that it is always recommended to use server side access control, "
 6312 "i.e. the LDAP server should deny the bind request with a suitable error code "
 6313 "even if the password is correct."
 6314 msgstr ""
 6315 
 6316 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6317 #: sssd-ldap.5.xml:1238
 6318 msgid "The following values are allowed:"
 6319 msgstr ""
 6320 
 6321 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6322 #: sssd-ldap.5.xml:1241
 6323 msgid ""
 6324 "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
 6325 "determine if the account is expired."
 6326 msgstr ""
 6327 
 6328 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6329 #: sssd-ldap.5.xml:1246
 6330 msgid ""
 6331 "<emphasis>ad</emphasis>: use the value of the 32bit field "
 6332 "ldap_user_ad_user_account_control and allow access if the second bit is not "
 6333 "set. If the attribute is missing access is granted. Also the expiration time "
 6334 "of the account is checked."
 6335 msgstr ""
 6336 
 6337 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6338 #: sssd-ldap.5.xml:1253
 6339 msgid ""
 6340 "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
 6341 "emphasis>: use the value of ldap_ns_account_lock to check if access is "
 6342 "allowed or not."
 6343 msgstr ""
 6344 
 6345 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6346 #: sssd-ldap.5.xml:1259
 6347 msgid ""
 6348 "<emphasis>nds</emphasis>: the values of "
 6349 "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
 6350 "ldap_user_nds_login_expiration_time are used to check if access is allowed. "
 6351 "If both attributes are missing access is granted."
 6352 msgstr ""
 6353 
 6354 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6355 #: sssd-ldap.5.xml:1268
 6356 msgid ""
 6357 "Please note that the ldap_access_order configuration option <emphasis>must</"
 6358 "emphasis> include <quote>expire</quote> in order for the "
 6359 "ldap_account_expire_policy option to work."
 6360 msgstr ""
 6361 
 6362 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
 6363 #: sssd-ldap.5.xml:1281
 6364 msgid "ldap_access_order (string)"
 6365 msgstr ""
 6366 
 6367 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6368 #: sssd-ldap.5.xml:1284
 6369 msgid "Comma separated list of access control options.  Allowed values are:"
 6370 msgstr ""
 6371 
 6372 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6373 #: sssd-ldap.5.xml:1288
 6374 msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
 6375 msgstr ""
 6376 
 6377 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6378 #: sssd-ldap.5.xml:1291
 6379 msgid ""
 6380 "<emphasis>lockout</emphasis>: use account locking.  If set, this option "
 6381 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6382 "and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn.  "
 6383 "Please note that 'access_provider = ldap' must be set for this feature to "
 6384 "work."
 6385 msgstr ""
 6386 
 6387 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6388 #: sssd-ldap.5.xml:1301
 6389 msgid ""
 6390 "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
 6391 "quote> option and might be removed in a future release.  </emphasis>"
 6392 msgstr ""
 6393 
 6394 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6395 #: sssd-ldap.5.xml:1308
 6396 msgid ""
 6397 "<emphasis>ppolicy</emphasis>: use account locking.  If set, this option "
 6398 "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
 6399 "and has value of '000001010000Z' or represents any time in the past.  The "
 6400 "value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
 6401 "denotes the UTC time zone.  Other time zones are not currently supported and "
 6402 "will result in \"access-denied\" when users attempt to log in.  Please see "
 6403 "the option ldap_pwdlockout_dn.  Please note that 'access_provider = ldap' "
 6404 "must be set for this feature to work."
 6405 msgstr ""
 6406 
 6407 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6408 #: sssd-ldap.5.xml:1325
 6409 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
 6410 msgstr ""
 6411 
 6412 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6413 #: sssd-ldap.5.xml:1329
 6414 msgid ""
 6415 "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
 6416 "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
 6417 "interested in being warned that password is about to expire and "
 6418 "authentication is based on using a different method than passwords - for "
 6419 "example SSH keys."
 6420 msgstr ""
 6421 
 6422 #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
 6423 #: sssd-ldap.5.xml:1339
 6424 msgid ""
 6425 "The difference between these options is the action taken if user password is "
 6426 "expired: pwd_expire_policy_reject - user is denied to log in, "
 6427 "pwd_expire_policy_warn - user is still able to log in, "
 6428 "pwd_expire_policy_renew - user is prompted to change his password "
 6429 "immediately."
 6430 msgstr