diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7190614
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/sssd-2.5.2.tar.gz
diff --git a/.sssd.metadata b/.sssd.metadata
new file mode 100644
index 0000000..461c481
--- /dev/null
+++ b/.sssd.metadata
@@ -0,0 +1 @@
+680a282289fdfc6e27562e0ac82933ccd1f9574e SOURCES/sssd-2.5.2.tar.gz
diff --git a/SOURCES/0001-Basics-of-subid-ranges-support-for-IPA-provider.patch b/SOURCES/0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
new file mode 100644
index 0000000..aac4e4e
--- /dev/null
+++ b/SOURCES/0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
@@ -0,0 +1,1817 @@
+From f546088226872f24722bdd94388816792bd5891a Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Sat, 1 May 2021 22:56:15 +0200
+Subject: [PATCH] Basics of 'subid ranges' support for IPA provider.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+:feature: Basic support of user's 'subuid and subgid ranges' for IPA
+provider and corresponding plugin for shadow-utils were introduced.
+Limitations:
+ - single subid interval pair (subuid+subgid) per user
+ - idviews aren't supported
+ - only forward lookup (user -> subid ranges)
+Take a note, this is MVP of experimental feature. Significant changes
+might be required later, after initial feedback.
+Corresponding support in shadow-utils was merged upstream, but since there
+is no upstream release available yet, SSSD feature isn't built by default.
+Build can be enabled with `--with-subid` configure option.
+Plugin's install path can be configured with `--with-subid-lib-path=`
+("${libdir}" by default)
+
+For additional details about support in shadow-utils please see discussion
+in https://github.com/shadow-maint/shadow/issues/154 and in related PRs.
+
+:config: New IPA provider's option `ipa_subid_ranges_search_base` allows
+configuration of search base for user's subid ranges.
+Default: `cn=subids,%basedn`
+
+Resolves: https://github.com/SSSD/sssd/issues/5197
+
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ Makefile.am | 34 +++
+ configure.ac | 2 +
+ src/conf_macros.m4 | 30 +++
+ src/config/SSSDConfig/sssdoptions.py | 1 +
+ src/config/cfg_rules.ini | 1 +
+ src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
+ src/db/sysdb.h | 6 +
+ src/db/sysdb_subid.c | 163 +++++++++++
+ src/db/sysdb_subid.h | 39 +++
+ src/man/sssd-ipa.5.xml | 14 +
+ src/providers/data_provider_req.c | 2 +
+ src/providers/data_provider_req.h | 1 +
+ src/providers/ipa/ipa_common.c | 38 +++
+ src/providers/ipa/ipa_common.h | 1 +
+ src/providers/ipa/ipa_id.c | 17 ++
+ src/providers/ipa/ipa_opts.c | 12 +
+ src/providers/ipa/ipa_opts.h | 2 +
+ src/providers/ldap/ldap_common.h | 14 +
+ src/providers/ldap/ldap_id.c | 31 +++
+ src/providers/ldap/ldap_id_subid.c | 255 ++++++++++++++++++
+ src/providers/ldap/sdap.h | 19 ++
+ src/responder/common/cache_req/cache_req.c | 4 +
+ src/responder/common/cache_req/cache_req.h | 4 +
+ .../common/cache_req/cache_req_data.c | 3 +
+ .../common/cache_req/cache_req_plugin.h | 3 +
+ .../plugins/cache_req_subid_ranges_by_name.c | 143 ++++++++++
+ src/responder/common/responder.h | 1 +
+ src/responder/common/responder_dp.c | 4 +
+ src/responder/nss/nss_cmd.c | 20 ++
+ src/responder/nss/nss_protocol.h | 8 +
+ src/responder/nss/nss_protocol_subid.c | 60 +++++
+ src/sss_client/common.c | 2 +-
+ src/sss_client/sss_cli.h | 11 +
+ src/sss_client/subid/sss_subid.c | 209 ++++++++++++++
+ src/sss_client/subid/sss_subid.exports | 12 +
+ src/systemtap/sssd_functions.stp | 2 +-
+ src/tests/cwrap/Makefile.am | 3 +
+ src/tests/dlopen-tests.c | 3 +
+ src/util/sss_cli_cmd.c | 5 +
+ src/util/util_errors.c | 1 +
+ src/util/util_errors.h | 1 +
+ 41 files changed, 1180 insertions(+), 2 deletions(-)
+ create mode 100644 src/db/sysdb_subid.c
+ create mode 100644 src/db/sysdb_subid.h
+ create mode 100644 src/providers/ldap/ldap_id_subid.c
+ create mode 100644 src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
+ create mode 100644 src/responder/nss/nss_protocol_subid.c
+ create mode 100644 src/sss_client/subid/sss_subid.c
+ create mode 100644 src/sss_client/subid/sss_subid.exports
+
+diff --git a/Makefile.am b/Makefile.am
+index 1dd06d74c..577935e7e 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -65,6 +65,7 @@ localedir = @localedir@
+ nsslibdir = @nsslibdir@
+ pamlibdir = @pammoddir@
+ autofslibdir = @appmodpath@
++subidlibdir = @subidlibpath@
+ nfslibdir = @nfsidmaplibdir@
+
+ dbpath = @dbpath@
+@@ -596,6 +597,9 @@ SSSD_CACHE_REQ_OBJ = \
+ src/responder/common/cache_req/plugins/cache_req_ip_network_by_name.c \
+ src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c \
+ $(NULL)
++if BUILD_SUBID
++ SSSD_CACHE_REQ_OBJ += src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
++endif
+
+ SSSD_RESPONDER_IFACE_OBJ = \
+ src/responder/common/responder_iface.c \
+@@ -810,6 +814,7 @@ dist_noinst_HEADERS = \
+ src/db/sysdb_private.h \
+ src/db/sysdb_services.h \
+ src/db/sysdb_ssh.h \
++ src/db/sysdb_subid.h \
+ src/db/sysdb_domain_resolution_order.h \
+ src/db/sysdb_computer.h \
+ src/db/sysdb_iphosts.h \
+@@ -1247,6 +1252,7 @@ libsss_util_la_SOURCES = \
+ src/db/sysdb_ipnetworks.c \
+ src/util/sss_pam_data.c \
+ src/db/sysdb_computer.c \
++ src/db/sysdb_subid.c \
+ src/util/util.c \
+ src/util/util_ext.c \
+ src/util/util_preauth.c \
+@@ -1558,6 +1564,9 @@ sssd_nss_LDADD = \
+ libsss_iface.la \
+ libsss_sbus.la \
+ $(NULL)
++if BUILD_SUBID
++ sssd_nss_SOURCES += src/responder/nss/nss_protocol_subid.c
++endif
+
+ sssd_pam_SOURCES = \
+ src/responder/pam/pam_LOCAL_domain.c \
+@@ -2691,6 +2700,9 @@ nss_srv_tests_LDADD = \
+ libsss_iface.la \
+ libsss_sbus.la \
+ $(NULL)
++if BUILD_SUBID
++ nss_srv_tests_SOURCES += src/responder/nss/nss_protocol_subid.c
++endif
+
+ EXTRA_pam_srv_tests_DEPENDENCIES = \
+ $(ldblib_LTLIBRARIES) \
+@@ -4217,6 +4229,21 @@ libsss_autofs_la_LDFLAGS = \
+ -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports
+ endif
+
++if BUILD_SUBID
++subidlib_LTLIBRARIES = libsubid_sss.la
++libsubid_sss_la_SOURCES = \
++ src/sss_client/common.c \
++ src/sss_client/sss_cli.h \
++ src/sss_client/subid/sss_subid.c
++
++libsubid_sss_la_LIBADD = \
++ $(CLIENT_LIBS)
++libsubid_sss_la_LDFLAGS = \
++ -module \
++ -avoid-version \
++ -Wl,--version-script,$(srcdir)/src/sss_client/subid/sss_subid.exports
++endif
++
+ dist_noinst_DATA += \
+ src/sss_client/sss_nss.exports \
+ src/sss_client/sss_pam.exports \
+@@ -4231,6 +4258,10 @@ if BUILD_AUTOFS
+ dist_noinst_DATA += src/sss_client/autofs/sss_autofs.exports
+ endif
+
++if BUILD_SUBID
++dist_noinst_DATA += src/sss_client/subid/sss_subid.exports
++endif
++
+ ####################
+ # Plugin Libraries #
+ ####################
+@@ -4315,6 +4346,9 @@ libsss_ldap_common_la_LDFLAGS = \
+ if BUILD_SYSTEMTAP
+ libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
+ endif
++if BUILD_SUBID
++libsss_ldap_common_la_SOURCES += src/providers/ldap/ldap_id_subid.c
++endif
+
+ if BUILD_SSH
+ libsss_ldap_common_la_SOURCES += src/providers/ldap/sdap_hostid.c
+diff --git a/configure.ac b/configure.ac
+index e98487cae..c14a59eef 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -161,6 +161,8 @@ WITH_APP_LIBS
+ WITH_SUDO
+ WITH_SUDO_LIB_PATH
+ WITH_AUTOFS
++WITH_SUBID
++WITH_SUBID_LIB_PATH
+ WITH_SSH
+ WITH_IFP
+ WITH_SYSLOG
+diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
+index cdffba11c..0a1e6dd8f 100644
+--- a/src/conf_macros.m4
++++ b/src/conf_macros.m4
+@@ -675,6 +675,36 @@ AC_DEFUN([WITH_AUTOFS],
+ AM_CONDITIONAL([BUILD_AUTOFS], [test x"$with_autofs" = xyes])
+ ])
+
++AC_DEFUN([WITH_SUBID],
++ [ AC_ARG_WITH([subid],
++ [AC_HELP_STRING([--with-subid],
++ [Whether to build with subid ranges support [no]]
++ )
++ ],
++ [with_subid=$withval],
++ with_subid=no
++ )
++
++ if test x"$with_subid" = xyes; then
++ AC_DEFINE(BUILD_SUBID, 1, [whether to build with SUBID ranges support])
++ fi
++ AM_CONDITIONAL([BUILD_SUBID], [test x"$with_subid" = xyes])
++ ])
++
++AC_DEFUN([WITH_SUBID_LIB_PATH],
++ [ AC_ARG_WITH([subid-lib-path],
++ [AC_HELP_STRING([--with-subid-lib-path=<path>],
++ [Path to the subid library]
++ )
++ ]
++ )
++ subidlibpath="${libdir}"
++ if test x"$with_subid_lib_path" != x; then
++ subidlibpath=$with_subid_lib_path
++ fi
++ AC_SUBST(subidlibpath)
++ ])
++
+ AC_DEFUN([WITH_SSH],
+ [ AC_ARG_WITH([ssh],
+ [AC_HELP_STRING([--with-ssh],
+diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
+index c4ce2588b..39380c462 100644
+--- a/src/config/SSSDConfig/sssdoptions.py
++++ b/src/config/SSSDConfig/sssdoptions.py
+@@ -265,6 +265,7 @@ class SSSDOptions(object):
+ 'ipa_deskprofile_request_interval': _("The amount of time in minutes between lookups of Desktop Profiles "
+ "rules against the IPA server when the last request did not find any "
+ "rule"),
++ 'ipa_subid_ranges_search_base': _("Search base for SUBID ranges"),
+ 'ipa_host_fqdn': _('The LDAP attribute that contains FQDN of the host.'),
+ 'ipa_host_object_class': _('The object class of a host entry in LDAP.'),
+ 'ipa_host_search_base': _('Use the given string as search base for host objects.'),
+diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
+index 0a3c32a97..d8190c2f4 100644
+--- a/src/config/cfg_rules.ini
++++ b/src/config/cfg_rules.ini
+@@ -538,6 +538,7 @@ option = ipa_backup_server
+ option = ipa_deskprofile_refresh
+ option = ipa_deskprofile_request_interval
+ option = ipa_deskprofile_search_base
++option = ipa_subid_ranges_search_base
+ option = ipa_domain
+ option = ipa_dyndns_iface
+ option = ipa_dyndns_ttl
+diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
+index 9a81389ca..02c9089fd 100644
+--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
++++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
+@@ -4,6 +4,7 @@ ipa_server = str, None, false
+ ipa_backup_server = str, None, false
+ ipa_hostname = str, None, false
+ ipa_deskprofile_search_base = str, None, false
++ipa_subid_ranges_search_base = str, None, false
+ ipa_dyndns_update = bool, None, false
+ ipa_dyndns_ttl = int, None, false
+ ipa_dyndns_iface = str, None, false
+diff --git a/src/db/sysdb.h b/src/db/sysdb.h
+index a29232f48..b638f4397 100644
+--- a/src/db/sysdb.h
++++ b/src/db/sysdb.h
+@@ -143,6 +143,12 @@
+
+ #define SYSDB_SSH_PUBKEY "sshPublicKey"
+
++#define SYSDB_SUBID_UID_COUND "subUidCount"
++#define SYSDB_SUBID_GID_COUNT "subGidCount"
++#define SYSDB_SUBID_UID_NUMBER "subUidNumber"
++#define SYSDB_SUBID_GID_NUMBER "subGidNumber"
++#define SYSDB_SUBID_OWNER "subidOwner"
++
+ #define SYSDB_AUTH_TYPE "authType"
+ #define SYSDB_USER_CERT "userCertificate"
+ #define SYSDB_USER_MAPPED_CERT "userMappedCertificate"
+diff --git a/src/db/sysdb_subid.c b/src/db/sysdb_subid.c
+new file mode 100644
+index 000000000..519b0834c
+--- /dev/null
++++ b/src/db/sysdb_subid.c
+@@ -0,0 +1,163 @@
++/*
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include <talloc.h>
++
++#include "db/sysdb_private.h"
++#include "db/sysdb_subid.h"
++
++#define SUBID_SUBDIR "subid_ranges"
++
++
++errno_t sysdb_store_subid_range(struct sss_domain_info *domain,
++ const char *name,
++ int expiration_period,
++ struct sysdb_attrs *attrs)
++{
++ TALLOC_CTX *tmp_ctx;
++ errno_t ret, sret;
++ bool in_transaction = false;
++ time_t now = time(NULL);
++
++ DEBUG(SSSDBG_TRACE_FUNC, "Storing subid ranges for %s, expiration period = %d\n",
++ name, expiration_period);
++
++ tmp_ctx = talloc_new(NULL);
++ if (!tmp_ctx) {
++ return ENOMEM;
++ }
++
++ ret = sysdb_transaction_start(domain->sysdb);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
++ goto done;
++ }
++
++ in_transaction = true;
++
++ ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_SUBID_RANGE_OC);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Could not set object class [%d]: %s\n", ret, strerror(ret));
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Could not set name attribute [%d]: %s\n", ret, strerror(ret));
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Could not set sysdb lastUpdate [%d]: %s\n",
++ ret, strerror(ret));
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
++ expiration_period ? (now + expiration_period) : 0);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "Could not set sysdb cache expire [%d]: %s\n",
++ ret, strerror(ret));
++ goto done;
++ }
++
++ ret = sysdb_store_custom(domain, name, SUBID_SUBDIR, attrs);
++ if (ret != EOK) {
++ goto done;
++ }
++
++ ret = sysdb_transaction_commit(domain->sysdb);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
++ goto done;
++ }
++
++ in_transaction = false;
++
++ ret = EOK;
++
++done:
++ if (in_transaction) {
++ sret = sysdb_transaction_cancel(domain->sysdb);
++ if (sret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
++ }
++ }
++
++ talloc_free(tmp_ctx);
++
++ return ret;
++}
++
++errno_t sysdb_get_subid_ranges(TALLOC_CTX *mem_ctx,
++ struct sss_domain_info *domain,
++ const char *name,
++ const char **attrs,
++ struct ldb_message **_range)
++{
++ TALLOC_CTX *tmp_ctx;
++ errno_t ret;
++ const char *filter;
++ struct ldb_message **ranges;
++ size_t num_ranges;
++
++ tmp_ctx = talloc_new(NULL);
++ if (!tmp_ctx) {
++ return ENOMEM;
++ }
++
++ filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
++ SYSDB_OBJECTCLASS, SYSDB_SUBID_RANGE_OC,
++ SYSDB_NAME, name);
++ if (!filter) {
++ ret = ENOMEM;
++ goto done;
++ }
++
++ ret = sysdb_search_custom(tmp_ctx, domain, filter,
++ SUBID_SUBDIR, attrs,
++ &num_ranges, &ranges);
++ if (ret != EOK) {
++ goto done;
++ }
++
++ if (num_ranges > 1) {
++ ret = EINVAL;
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Found more than one range with name %s\n", name);
++ goto done;
++ }
++
++ *_range = talloc_steal(mem_ctx, ranges[0]);
++ ret = EOK;
++
++done:
++ talloc_free(tmp_ctx);
++
++ return ret;
++}
++
++errno_t sysdb_delete_subid_range(struct sss_domain_info *domain,
++ const char *name)
++{
++ DEBUG(SSSDBG_TRACE_FUNC, "Deleting subid ranges for %s\n", name);
++ return sysdb_delete_custom(domain, name, SUBID_SUBDIR);
++}
+diff --git a/src/db/sysdb_subid.h b/src/db/sysdb_subid.h
+new file mode 100644
+index 000000000..4b4a86334
+--- /dev/null
++++ b/src/db/sysdb_subid.h
+@@ -0,0 +1,39 @@
++/*
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#ifndef _SYSDB_SUBID_H_
++#define _SYSDB_SUBID_H_
++
++#include "db/sysdb.h"
++
++#define SYSDB_SUBID_RANGE_OC "subordinateid"
++
++errno_t sysdb_store_subid_range(struct sss_domain_info *domain,
++ const char *name,
++ int expiration_period,
++ struct sysdb_attrs *attrs);
++
++errno_t sysdb_get_subid_ranges(TALLOC_CTX *mem_ctx,
++ struct sss_domain_info *domain,
++ const char *name,
++ const char **attrs,
++ struct ldb_message **range);
++
++errno_t sysdb_delete_subid_range(struct sss_domain_info *domain,
++ const char *name);
++
++#endif /* _SYSDB_SSH_H_ */
+diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
+index 7b630493d..2bbf67c83 100644
+--- a/src/man/sssd-ipa.5.xml
++++ b/src/man/sssd-ipa.5.xml
+@@ -356,6 +356,20 @@
+ </listitem>
+ </varlistentry>
+
++ <varlistentry condition="with_subid">
++ <term>ipa_subid_ranges_search_base (string)</term>
++ <listitem>
++ <para>
++ Optional. Use the given string as search base for
++ subordinate ranges related objects.
++ </para>
++ <para>
++ Default: the value of
++ <emphasis>cn=subids,%basedn</emphasis>
++ </para>
++ </listitem>
++ </varlistentry>
++
+ <varlistentry>
+ <term>ipa_hbac_search_base (string)</term>
+ <listitem>
+diff --git a/src/providers/data_provider_req.c b/src/providers/data_provider_req.c
+index e22cfd71a..b7f4d152e 100644
+--- a/src/providers/data_provider_req.c
++++ b/src/providers/data_provider_req.c
+@@ -44,6 +44,8 @@ const char *be_req2str(dbus_uint32_t req_type)
+ return be_req_to_str(BE_REQ_HOST);
+ case BE_REQ_IP_NETWORK:
+ return be_req_to_str(BE_REQ_IP_NETWORK);
++ case BE_REQ_SUBID_RANGES:
++ return be_req_to_str(BE_REQ_SUBID_RANGES);
+ case BE_REQ_BY_SECID:
+ return be_req_to_str(BE_REQ_BY_SECID);
+ case BE_REQ_USER_AND_GROUP:
+diff --git a/src/providers/data_provider_req.h b/src/providers/data_provider_req.h
+index 75f7f9713..4c6ab5a7e 100644
+--- a/src/providers/data_provider_req.h
++++ b/src/providers/data_provider_req.h
+@@ -35,6 +35,7 @@
+ #define BE_REQ_SUDO_RULES 0x0007
+ #define BE_REQ_HOST 0x0008
+ #define BE_REQ_IP_NETWORK 0x0009
++#define BE_REQ_SUBID_RANGES 0x0010
+ #define BE_REQ_BY_SECID 0x0011
+ #define BE_REQ_USER_AND_GROUP 0x0012
+ #define BE_REQ_BY_UUID 0x0013
+diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
+index 23b358819..1509cb1ce 100644
+--- a/src/providers/ipa/ipa_common.c
++++ b/src/providers/ipa/ipa_common.c
+@@ -152,6 +152,9 @@ static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
+ case IPA_DESKPROFILE_SEARCH_BASE:
+ class_name = "IPA_DESKPROFILE";
+ break;
++ case IPA_SUBID_RANGES_SEARCH_BASE:
++ class_name = "IPA_SUBID_RANGES";
++ break;
+ default:
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "Unknown search base type: [%d]\n", class);
+@@ -481,6 +484,41 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
+ &ipa_opts->deskprofile_search_bases);
+ if (ret != EOK) goto done;
+
++#ifdef BUILD_SUBID
++ if (NULL == dp_opt_get_string(ipa_opts->basic,
++ IPA_SUBID_RANGES_SEARCH_BASE)) {
++ value = talloc_asprintf(tmpctx, "cn=subids,%s",
++ ipa_opts->id->sdom->search_bases[0]->basedn);
++ if (!value) {
++ ret = ENOMEM;
++ goto done;
++ }
++
++ ret = dp_opt_set_string(ipa_opts->basic, IPA_SUBID_RANGES_SEARCH_BASE, value);
++ if (ret != EOK) {
++ goto done;
++ }
++
++ DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
++ ipa_opts->basic[IPA_SUBID_RANGES_SEARCH_BASE].opt_name,
++ dp_opt_get_string(ipa_opts->basic,
++ IPA_SUBID_RANGES_SEARCH_BASE));
++ }
++ ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
++ IPA_SUBID_RANGES_SEARCH_BASE,
++ &ipa_opts->id->sdom->subid_ranges_search_bases);
++ if (ret != EOK) goto done;
++
++ ret = sdap_get_map(ipa_opts->id,
++ cdb, conf_path,
++ ipa_subid_map,
++ SDAP_OPTS_SUBID_RANGE,
++ &ipa_opts->id->subid_map);
++ if (ret != EOK) {
++ goto done;
++ }
++#endif
++
+ value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
+ if (value != NULL) {
+ ret = deref_string_to_val(value, &i);
+diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
+index 480f7b664..eb0eda8eb 100644
+--- a/src/providers/ipa/ipa_common.h
++++ b/src/providers/ipa/ipa_common.h
+@@ -68,6 +68,7 @@ enum ipa_basic_opt {
+ IPA_DESKPROFILE_SEARCH_BASE,
+ IPA_DESKPROFILE_REFRESH,
+ IPA_DESKPROFILE_REQUEST_INTERVAL,
++ IPA_SUBID_RANGES_SEARCH_BASE,
+
+ IPA_OPTS_BASIC /* opts counter */
+ };
+diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
+index 2cbe0c9c7..636e07965 100644
+--- a/src/providers/ipa/ipa_id.c
++++ b/src/providers/ipa/ipa_id.c
+@@ -728,6 +728,22 @@ static errno_t ipa_id_get_account_info_get_original_step(struct tevent_req *req,
+ struct ipa_id_get_account_info_state);
+ struct tevent_req *subreq;
+
++#ifdef BUILD_SUBID
++ if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_SUBID_RANGES) {
++ if (!state->ctx->opts->sdom->subid_ranges_search_bases ||
++ !state->ctx->opts->sdom->subid_ranges_search_bases[0] ||
++ !state->ctx->opts->sdom->subid_ranges_search_bases[0]->basedn) {
++ DEBUG(SSSDBG_OP_FAILURE, "subid_ranges_search_bases isn't set\n");
++ return EINVAL;
++ }
++ ar->extra_value = talloc_asprintf(ar,
++ "%s=%s,"SYSDB_USERS_CONTAINER",%s",
++ state->ctx->opts->user_map[SDAP_AT_USER_NAME].name,
++ ar->filter_value,
++ state->ctx->opts->sdom->user_search_bases[0]->basedn);
++ }
++#endif
++
+ subreq = sdap_handle_acct_req_send(state, state->ctx->be, ar,
+ state->ipa_ctx->sdap_id_ctx,
+ state->ipa_ctx->sdap_id_ctx->opts->sdom,
+@@ -769,6 +785,7 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
+ }
+
+ if (! is_object_overridable(state->ar)) {
++ DEBUG(SSSDBG_FUNC_DATA, "Object not overridable, ending request\n");
+ state->dp_error = DP_ERR_OK;
+ tevent_req_done(req);
+ return;
+diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
+index 09e360a43..dc0a2201b 100644
+--- a/src/providers/ipa/ipa_opts.c
++++ b/src/providers/ipa/ipa_opts.c
+@@ -26,6 +26,7 @@
+ #include "db/sysdb_autofs.h"
+ #include "db/sysdb_services.h"
+ #include "db/sysdb_selinux.h"
++#include "db/sysdb_subid.h"
+ #include "providers/ldap/ldap_common.h"
+
+ struct dp_option ipa_basic_opts[] = {
+@@ -51,6 +52,7 @@ struct dp_option ipa_basic_opts[] = {
+ { "ipa_deskprofile_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ipa_deskprofile_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
+ { "ipa_deskprofile_request_interval", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
++ { "ipa_subid_ranges_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ DP_OPTION_TERMINATOR
+ };
+
+@@ -250,6 +252,16 @@ struct sdap_attr_map ipa_netgroup_map[] = {
+ SDAP_ATTR_MAP_TERMINATOR
+ };
+
++struct sdap_attr_map ipa_subid_map[] = {
++ { "ipa_subuid_object_class", "ipasubordinateid", SYSDB_SUBID_RANGE_OC, NULL },
++ { "ipa_subuid_count", "ipaSubUidCount", SYSDB_SUBID_UID_COUND, NULL },
++ { "ipa_subgid_count", "ipaSubGidCount", SYSDB_SUBID_GID_COUNT, NULL },
++ { "ipa_subuid_number", "ipaSubUidNumber", SYSDB_SUBID_UID_NUMBER, NULL },
++ { "ipa_subgid_number", "ipaSubGidNumber", SYSDB_SUBID_GID_NUMBER, NULL },
++ { "ipa_owner", "ipaOwner", SYSDB_SUBID_OWNER, NULL },
++ SDAP_ATTR_MAP_TERMINATOR
++};
++
+ struct sdap_attr_map ipa_host_map[] = {
+ { "ipa_host_object_class", "ipaHost", SYSDB_HOST_CLASS, NULL },
+ { "ipa_host_name", "cn", SYSDB_NAME, NULL },
+diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
+index 378a9922c..6f54e57a9 100644
+--- a/src/providers/ipa/ipa_opts.h
++++ b/src/providers/ipa/ipa_opts.h
+@@ -40,6 +40,8 @@ extern struct sdap_attr_map ipa_group_map[];
+
+ extern struct sdap_attr_map ipa_netgroup_map[];
+
++extern struct sdap_attr_map ipa_subid_map[];
++
+ extern struct sdap_attr_map ipa_host_map[];
+
+ extern struct sdap_attr_map ipa_hostgroup_map[];
+diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
+index 13e6d4871..c78338b5d 100644
+--- a/src/providers/ldap/ldap_common.h
++++ b/src/providers/ldap/ldap_common.h
+@@ -446,4 +446,18 @@ errno_t users_get_handle_no_user(TALLOC_CTX *mem_ctx,
+ errno_t groups_get_handle_no_group(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ int filter_type, const char *filter_value);
++
++#ifdef BUILD_SUBID
++struct tevent_req *subid_ranges_get_send(TALLOC_CTX *memctx,
++ struct tevent_context *ev,
++ struct sdap_id_ctx *ctx,
++ struct sdap_domain *sdom,
++ struct sdap_id_conn_ctx *conn,
++ const char* filter_value,
++ const char *extra_value);
++
++int subid_ranges_get_recv(struct tevent_req *req, int *dp_error_out,
++ int *sdap_ret);
++#endif
++
+ #endif /* _LDAP_COMMON_H_ */
+diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
+index ebc0ab8e4..9b67773a8 100644
+--- a/src/providers/ldap/ldap_id.c
++++ b/src/providers/ldap/ldap_id.c
+@@ -1449,6 +1449,24 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
+ noexist_delete);
+ break;
+
++ case BE_REQ_SUBID_RANGES:
++#ifdef BUILD_SUBID
++ if (!ar->extra_value) {
++ ret = ERR_GET_ACCT_SUBID_RANGES_NOT_SUPPORTED;
++ state->err = "This id_provider doesn't support subid ranges";
++ goto done;
++ }
++ subreq = subid_ranges_get_send(state, be_ctx->ev, id_ctx,
++ sdom, conn,
++ ar->filter_value,
++ ar->extra_value);
++#else
++ ret = ERR_GET_ACCT_SUBID_RANGES_NOT_SUPPORTED;
++ state->err = "Subid ranges are not supported";
++ goto done;
++#endif
++ break;
++
+ case BE_REQ_NETGROUP:
+ if (ar->filter_type != BE_FILTER_NAME) {
+ ret = EINVAL;
+@@ -1533,6 +1551,11 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
+ default: /*fail*/
+ ret = EINVAL;
+ state->err = "Invalid request type";
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Unexpected request type: 0x%X [%s:%s] in %s\n",
++ ar->entry_type, ar->filter_value,
++ ar->extra_value?ar->extra_value:"-",
++ ar->domain);
+ goto done;
+ }
+
+@@ -1578,6 +1601,14 @@ sdap_handle_acct_req_done(struct tevent_req *subreq)
+ err = "Init group lookup failed";
+ ret = groups_by_user_recv(subreq, &state->dp_error, &state->sdap_ret);
+ break;
++ case BE_REQ_SUBID_RANGES:
++ err = "Subid ranges lookup failed";
++#ifdef BUILD_SUBID
++ ret = subid_ranges_get_recv(subreq, &state->dp_error, &state->sdap_ret);
++#else
++ ret = EINVAL;
++#endif
++ break;
+ case BE_REQ_NETGROUP:
+ err = "Netgroup lookup failed";
+ ret = ldap_netgroup_get_recv(subreq, &state->dp_error, &state->sdap_ret);
+diff --git a/src/providers/ldap/ldap_id_subid.c b/src/providers/ldap/ldap_id_subid.c
+new file mode 100644
+index 000000000..d25c6aaac
+--- /dev/null
++++ b/src/providers/ldap/ldap_id_subid.c
+@@ -0,0 +1,255 @@
++/*
++ SSSD
++
++ LDAP Identity Backend Module - subid ranges support
++
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include <errno.h>
++
++#include "db/sysdb_subid.h"
++#include "providers/ldap/ldap_common.h"
++#include "providers/ldap/sdap_async.h"
++#include "providers/ldap/sdap_ops.h"
++
++static int subid_ranges_get_retry(struct tevent_req *req);
++static void subid_ranges_get_connect_done(struct tevent_req *subreq);
++static void subid_ranges_get_search(struct tevent_req *req);
++static void subid_ranges_get_done(struct tevent_req *subreq);
++
++
++struct subid_ranges_get_state {
++ struct tevent_context *ev;
++ struct sdap_id_ctx *ctx;
++ struct sdap_domain *sdom;
++ struct sdap_id_conn_ctx *conn;
++ struct sdap_id_op *op;
++ struct sss_domain_info *domain;
++
++ char *filter;
++ char *name;
++ const char **attrs;
++
++ int dp_error;
++ int sdap_ret;
++};
++
++struct tevent_req *subid_ranges_get_send(TALLOC_CTX *memctx,
++ struct tevent_context *ev,
++ struct sdap_id_ctx *ctx,
++ struct sdap_domain *sdom,
++ struct sdap_id_conn_ctx *conn,
++ const char *filter_value,
++ const char *extra_value)
++{
++ struct tevent_req *req;
++ struct subid_ranges_get_state *state;
++ int ret;
++
++ req = tevent_req_create(memctx, &state, struct subid_ranges_get_state);
++ if (!req) return NULL;
++
++ state->ev = ev;
++ state->ctx = ctx;
++ state->sdom = sdom;
++ state->conn = conn;
++ state->dp_error = DP_ERR_FATAL;
++ state->name = talloc_strdup(state, filter_value);
++ if (!state->name) {
++ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ state->op = sdap_id_op_create(state, state->conn->conn_cache);
++ if (!state->op) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ state->domain = sdom->dom;
++
++ state->filter = talloc_asprintf(state,
++ "(&(%s=%s)(%s=%s))",
++ SYSDB_OBJECTCLASS,
++ ctx->opts->subid_map[SDAP_OC_SUBID_RANGE].name,
++ ctx->opts->subid_map[SDAP_AT_SUBID_RANGE_OWNER].name,
++ extra_value);
++
++ ret = subid_ranges_get_retry(req);
++ if (ret != EOK) {
++ goto done;
++ }
++
++ return req;
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ } else {
++ tevent_req_done(req);
++ }
++ return tevent_req_post(req, ev);
++}
++
++static int subid_ranges_get_retry(struct tevent_req *req)
++{
++ struct subid_ranges_get_state *state = tevent_req_data(req,
++ struct subid_ranges_get_state);
++ struct tevent_req *subreq;
++ int ret = EOK;
++
++ subreq = sdap_id_op_connect_send(state->op, state, &ret);
++ if (!subreq) {
++ return ret;
++ }
++
++ tevent_req_set_callback(subreq, subid_ranges_get_connect_done, req);
++ return EOK;
++}
++
++static void subid_ranges_get_connect_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req = tevent_req_callback_data(subreq,
++ struct tevent_req);
++ struct subid_ranges_get_state *state = tevent_req_data(req,
++ struct subid_ranges_get_state);
++ int dp_error = DP_ERR_FATAL;
++ int ret;
++
++ ret = sdap_id_op_connect_recv(subreq, &dp_error);
++ talloc_zfree(subreq);
++
++ if (ret != EOK) {
++ state->dp_error = dp_error;
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ subid_ranges_get_search(req);
++}
++
++static void subid_ranges_get_search(struct tevent_req *req)
++{
++ struct subid_ranges_get_state *state = tevent_req_data(req,
++ struct subid_ranges_get_state);
++ struct tevent_req *subreq = NULL;
++ const char **attrs;
++ int ret;
++
++ ret = build_attrs_from_map(state, state->ctx->opts->subid_map,
++ SDAP_OPTS_SUBID_RANGE, NULL, &attrs, NULL);
++ if (ret != EOK) {
++ tevent_req_error(req, ENOMEM);
++ return;
++ }
++
++ subreq = sdap_search_bases_send(state, state->ev, state->ctx->opts,
++ sdap_id_op_handle(state->op),
++ state->sdom->subid_ranges_search_bases,
++ state->ctx->opts->subid_map,
++ false, /* allow_paging */
++ dp_opt_get_int(state->ctx->opts->basic,
++ SDAP_SEARCH_TIMEOUT),
++ state->filter,
++ attrs,
++ NULL);
++ talloc_free(attrs);
++ if (!subreq) {
++ tevent_req_error(req, ENOMEM);
++ return;
++ }
++ tevent_req_set_callback(subreq, subid_ranges_get_done, req);
++}
++
++static void subid_ranges_get_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req = tevent_req_callback_data(subreq,
++ struct tevent_req);
++ struct subid_ranges_get_state *state = tevent_req_data(req,
++ struct subid_ranges_get_state);
++ int dp_error = DP_ERR_FATAL;
++ int ret;
++ struct sysdb_attrs **results;
++ size_t num_results;
++
++ ret = sdap_search_bases_recv(subreq, state, &num_results, &results);
++ talloc_zfree(subreq);
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ ret = sdap_id_op_done(state->op, ret, &dp_error);
++ if (dp_error == DP_ERR_OK && ret != EOK) {
++ /* retry */
++ ret = subid_ranges_get_retry(req);
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++ return;
++ }
++ state->sdap_ret = ret;
++
++ if (ret && ret != ENOENT) {
++ DEBUG(SSSDBG_OP_FAILURE, "Failed to retrieve subid ranges.\n");
++ state->dp_error = dp_error;
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ if (num_results == 0 || !results) {
++ DEBUG(SSSDBG_MINOR_FAILURE,
++ "No such user '%s' or user doesn't have subid range\n",
++ state->name);
++ sysdb_delete_subid_range(state->domain, state->name);
++ } else {
++ if (num_results > 1) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Multiple subid ranges, only first will be processed\n");
++ }
++
++ /* store range */
++ sysdb_store_subid_range(state->domain, state->name,
++ state->domain->user_timeout,
++ results[0]);
++ }
++
++ state->dp_error = DP_ERR_OK;
++ tevent_req_done(req);
++}
++
++int subid_ranges_get_recv(struct tevent_req *req, int *dp_error_out,
++ int *sdap_ret)
++{
++ struct subid_ranges_get_state *state = tevent_req_data(req,
++ struct subid_ranges_get_state);
++
++ if (dp_error_out) {
++ *dp_error_out = state->dp_error;
++ }
++
++ if (sdap_ret) {
++ *sdap_ret = state->sdap_ret;
++ }
++
++ TEVENT_REQ_RETURN_ON_ERROR(req);
++
++ return EOK;
++}
+diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
+index ffcbee8a5..6382bec25 100644
+--- a/src/providers/ldap/sdap.h
++++ b/src/providers/ldap/sdap.h
+@@ -389,6 +389,19 @@ enum sdap_ipnetwork_entry_attrs {
+ SDAP_OPTS_IPNETWORK /* attrs counter */
+ };
+
++#ifdef BUILD_SUBID
++enum sdap_subid_range_attrs {
++ SDAP_OC_SUBID_RANGE = 0,
++ SDAP_AT_SUBID_RANGE_UID_COUNT,
++ SDAP_AT_SUBID_RANGE_GID_COUNT,
++ SDAP_AT_SUBID_RANGE_UID_NUMBER,
++ SDAP_AT_SUBID_RANGE_GID_NUMBER,
++ SDAP_AT_SUBID_RANGE_OWNER,
++
++ SDAP_OPTS_SUBID_RANGE /* attrs counter */
++};
++#endif
++
+ enum sdap_autofs_map_attrs {
+ SDAP_OC_AUTOFS_MAP,
+ SDAP_AT_AUTOFS_MAP_NAME,
+@@ -453,6 +466,9 @@ struct sdap_domain {
+ struct sdap_search_base **iphost_search_bases;
+ struct sdap_search_base **ipnetwork_search_bases;
+ struct sdap_search_base **autofs_search_bases;
++#ifdef BUILD_SUBID
++ struct sdap_search_base **subid_ranges_search_bases;
++#endif
+
+ struct sdap_domain *next, *prev;
+ /* Need to modify the list from a talloc destructor */
+@@ -495,6 +511,9 @@ struct sdap_options {
+ struct sdap_attr_map *service_map;
+ struct sdap_attr_map *iphost_map;
+ struct sdap_attr_map *ipnetwork_map;
++#ifdef BUILD_SUBID
++ struct sdap_attr_map *subid_map;
++#endif
+
+ /* ID-mapping support */
+ struct sdap_idmap_ctx *idmap_ctx;
+diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
+index 889547ba7..750d655c1 100644
+--- a/src/responder/common/cache_req/cache_req.c
++++ b/src/responder/common/cache_req/cache_req.c
+@@ -45,6 +45,10 @@ cache_req_get_plugin(enum cache_req_type type)
+ &cache_req_initgroups_by_name,
+ &cache_req_initgroups_by_upn,
+
++#ifdef BUILD_SUBID
++ &cache_req_subid_ranges_by_name,
++#endif
++
+ &cache_req_object_by_sid,
+ &cache_req_object_by_name,
+ &cache_req_object_by_id,
+diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h
+index d5c25ccf0..055fb405b 100644
+--- a/src/responder/common/cache_req/cache_req.h
++++ b/src/responder/common/cache_req/cache_req.h
+@@ -39,6 +39,10 @@ enum cache_req_type {
+ CACHE_REQ_INITGROUPS,
+ CACHE_REQ_INITGROUPS_BY_UPN,
+
++#ifdef BUILD_SUBID
++ CACHE_REQ_SUBID_RANGES_BY_NAME,
++#endif
++
+ CACHE_REQ_OBJECT_BY_SID,
+ CACHE_REQ_OBJECT_BY_NAME,
+ CACHE_REQ_OBJECT_BY_ID,
+diff --git a/src/responder/common/cache_req/cache_req_data.c b/src/responder/common/cache_req/cache_req_data.c
+index e82dc8ab6..3c60eb484 100644
+--- a/src/responder/common/cache_req/cache_req_data.c
++++ b/src/responder/common/cache_req/cache_req_data.c
+@@ -90,6 +90,9 @@ cache_req_data_create(TALLOC_CTX *mem_ctx,
+ case CACHE_REQ_GROUP_BY_FILTER:
+ case CACHE_REQ_INITGROUPS:
+ case CACHE_REQ_INITGROUPS_BY_UPN:
++#ifdef BUILD_SUBID
++ case CACHE_REQ_SUBID_RANGES_BY_NAME:
++#endif
+ case CACHE_REQ_NETGROUP_BY_NAME:
+ case CACHE_REQ_OBJECT_BY_NAME:
+ case CACHE_REQ_AUTOFS_MAP_ENTRIES:
+diff --git a/src/responder/common/cache_req/cache_req_plugin.h b/src/responder/common/cache_req/cache_req_plugin.h
+index 9e4986f93..f86a02042 100644
+--- a/src/responder/common/cache_req/cache_req_plugin.h
++++ b/src/responder/common/cache_req/cache_req_plugin.h
+@@ -302,6 +302,9 @@ extern const struct cache_req_plugin cache_req_group_by_name;
+ extern const struct cache_req_plugin cache_req_group_by_id;
+ extern const struct cache_req_plugin cache_req_initgroups_by_name;
+ extern const struct cache_req_plugin cache_req_initgroups_by_upn;
++#ifdef BUILD_SUBID
++extern const struct cache_req_plugin cache_req_subid_ranges_by_name;
++#endif
+ extern const struct cache_req_plugin cache_req_user_by_cert;
+ extern const struct cache_req_plugin cache_req_user_by_filter;
+ extern const struct cache_req_plugin cache_req_group_by_filter;
+diff --git a/src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c b/src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
+new file mode 100644
+index 000000000..54852711f
+--- /dev/null
++++ b/src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
+@@ -0,0 +1,143 @@
++/*
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include <talloc.h>
++#include <ldb.h>
++
++#include "db/sysdb.h"
++#include "db/sysdb_subid.h"
++#include "util/util.h"
++#include "providers/data_provider.h"
++#include "responder/common/cache_req/cache_req_plugin.h"
++
++static errno_t
++cache_req_subid_ranges_by_name_prepare_domain_data(struct cache_req *cr,
++ struct cache_req_data *data,
++ struct sss_domain_info *domain)
++{
++ TALLOC_CTX *tmp_ctx;
++ const char *name;
++ errno_t ret;
++
++ if (cr->data->name.name == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: parsed name is NULL?\n");
++ return ERR_INTERNAL;
++ }
++
++ tmp_ctx = talloc_new(NULL);
++ if (tmp_ctx == NULL) {
++ return ENOMEM;
++ }
++
++ name = sss_get_cased_name(tmp_ctx, cr->data->name.name,
++ domain->case_sensitive);
++ if (name == NULL) {
++ ret = ENOMEM;
++ goto done;
++ }
++
++ name = sss_reverse_replace_space(tmp_ctx, name, cr->rctx->override_space);
++ if (name == NULL) {
++ ret = ENOMEM;
++ goto done;
++ }
++
++ talloc_zfree(data->name.lookup);
++ data->name.lookup = talloc_steal(data, name);
++
++ ret = EOK;
++
++done:
++ talloc_free(tmp_ctx);
++ return ret;
++}
++
++static const char *
++cache_req_subid_ranges_by_name_create_debug_name(TALLOC_CTX *mem_ctx,
++ struct cache_req_data *data,
++ struct sss_domain_info *domain)
++{
++ return talloc_strdup(mem_ctx, data->name.lookup);
++}
++
++static errno_t
++cache_req_subid_ranges_by_name_lookup(TALLOC_CTX *mem_ctx,
++ struct cache_req *cr,
++ struct cache_req_data *data,
++ struct sss_domain_info *domain,
++ struct ldb_result **_result)
++{
++ struct ldb_result *result;
++ struct ldb_message *msg;
++ errno_t ret;
++
++ ret = sysdb_get_subid_ranges(mem_ctx, domain, data->name.name,
++ data->attrs, &msg);
++ if (ret != EOK) {
++ return ret;
++ }
++
++ result = cache_req_create_ldb_result_from_msg(mem_ctx, msg);
++ if (result == NULL) {
++ return ENOMEM;
++ }
++
++ *_result = result;
++
++ return EOK;
++}
++
++static struct tevent_req *
++cache_req_subid_ranges_by_name_dp_send(TALLOC_CTX *mem_ctx,
++ struct cache_req *cr,
++ struct cache_req_data *data,
++ struct sss_domain_info *domain,
++ struct ldb_result *result)
++{
++ /* Views aren't yet supported */
++ return sss_dp_get_account_send(mem_ctx, cr->rctx, domain, true,
++ SSS_DP_SUBID_RANGES, cr->data->name.lookup, 0, NULL);
++}
++
++const struct cache_req_plugin cache_req_subid_ranges_by_name = {
++ .name = "SubID ranges by name",
++ .attr_expiration = SYSDB_CACHE_EXPIRE,
++ .parse_name = true,
++ .ignore_default_domain = false,
++ .bypass_cache = false,
++ .only_one_result = false,
++ .search_all_domains = false,
++ .require_enumeration = false,
++ .allow_missing_fqn = false,
++ .allow_switch_to_upn = false,
++ .upn_equivalent = CACHE_REQ_SENTINEL,
++ .get_next_domain_flags = SSS_GND_DESCEND,
++
++ .is_well_known_fn = NULL,
++ .prepare_domain_data_fn = cache_req_subid_ranges_by_name_prepare_domain_data,
++ .create_debug_name_fn = cache_req_subid_ranges_by_name_create_debug_name,
++ .global_ncache_add_fn = NULL,
++ .ncache_check_fn = NULL,
++ .ncache_add_fn = NULL,
++ .ncache_filter_fn = NULL,
++ .lookup_fn = cache_req_subid_ranges_by_name_lookup,
++ .dp_send_fn = cache_req_subid_ranges_by_name_dp_send,
++ .dp_recv_fn = cache_req_common_dp_recv,
++ .dp_get_domain_check_fn = NULL,
++ .dp_get_domain_send_fn = NULL,
++ .dp_get_domain_recv_fn = NULL,
++};
+diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
+index a5d6359a0..fbe46f335 100644
+--- a/src/responder/common/responder.h
++++ b/src/responder/common/responder.h
+@@ -273,6 +273,7 @@ enum sss_dp_acct_type {
+ SSS_DP_USER = 1,
+ SSS_DP_GROUP,
+ SSS_DP_INITGROUPS,
++ SSS_DP_SUBID_RANGES,
+ SSS_DP_NETGR,
+ SSS_DP_SERVICES,
+ SSS_DP_SECID,
+diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
+index 8076e1e43..1b016dba1 100644
+--- a/src/responder/common/responder_dp.c
++++ b/src/responder/common/responder_dp.c
+@@ -70,6 +70,7 @@ sss_dp_account_files_params(struct sss_domain_info *dom,
+ *_opt_name_out = opt_name_in;
+ return EAGAIN;
+ /* These are not handled by the files provider, just fall back */
++ case SSS_DP_SUBID_RANGES:
+ case SSS_DP_NETGR:
+ case SSS_DP_SERVICES:
+ case SSS_DP_SECID:
+@@ -109,6 +110,9 @@ sss_dp_get_account_filter(TALLOC_CTX *mem_ctx,
+ case SSS_DP_INITGROUPS:
+ entry_type = BE_REQ_INITGROUPS;
+ break;
++ case SSS_DP_SUBID_RANGES:
++ entry_type = BE_REQ_SUBID_RANGES;
++ break;
+ case SSS_DP_NETGR:
+ entry_type = BE_REQ_NETGROUP;
+ break;
+diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
+index a487e1c24..ef59daea8 100644
+--- a/src/responder/nss/nss_cmd.c
++++ b/src/responder/nss/nss_cmd.c
+@@ -1041,6 +1041,25 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
+ SSS_MC_INITGROUPS, nss_protocol_fill_initgr);
+ }
+
++static errno_t nss_cmd_subid_ranges(struct cli_ctx *cli_ctx)
++{
++#ifdef BUILD_SUBID
++ const char *attrs[] =
++ {
++ SYSDB_SUBID_UID_COUND,
++ SYSDB_SUBID_GID_COUNT,
++ SYSDB_SUBID_UID_NUMBER,
++ SYSDB_SUBID_GID_NUMBER,
++ NULL
++ };
++
++ return nss_getby_name(cli_ctx, false, CACHE_REQ_SUBID_RANGES_BY_NAME, attrs,
++ SSS_MC_NONE, nss_protocol_fill_subid_ranges);
++#else
++ return ENOTSUP;
++#endif
++}
++
+ static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
+ {
+ struct nss_state_ctx *state_ctx;
+@@ -1332,6 +1351,7 @@ struct sss_cmd_table *get_nss_cmds(void)
+ { SSS_NSS_GETGRENT, nss_cmd_getgrent },
+ { SSS_NSS_ENDGRENT, nss_cmd_endgrent },
+ { SSS_NSS_INITGR, nss_cmd_initgroups },
++ { SSS_NSS_GET_SUBID_RANGES, nss_cmd_subid_ranges },
+ { SSS_NSS_SETNETGRENT, nss_cmd_setnetgrent },
+ /* { SSS_NSS_GETNETGRENT, "not needed" }, */
+ /* { SSS_NSS_ENDNETGRENT, "not needed" }, */
+diff --git a/src/responder/nss/nss_protocol.h b/src/responder/nss/nss_protocol.h
+index 364f19c83..949b6291a 100644
+--- a/src/responder/nss/nss_protocol.h
++++ b/src/responder/nss/nss_protocol.h
+@@ -147,6 +147,14 @@ nss_protocol_fill_initgr(struct nss_ctx *nss_ctx,
+ struct sss_packet *packet,
+ struct cache_req_result *result);
+
++#ifdef BUILD_SUBID
++errno_t
++nss_protocol_fill_subid_ranges(struct nss_ctx *nss_ctx,
++ struct nss_cmd_ctx *cmd_ctx,
++ struct sss_packet *packet,
++ struct cache_req_result *result);
++#endif
++
+ errno_t
+ nss_protocol_fill_netgrent(struct nss_ctx *nss_ctx,
+ struct nss_cmd_ctx *cmd_ctx,
+diff --git a/src/responder/nss/nss_protocol_subid.c b/src/responder/nss/nss_protocol_subid.c
+new file mode 100644
+index 000000000..29a957762
+--- /dev/null
++++ b/src/responder/nss/nss_protocol_subid.c
+@@ -0,0 +1,60 @@
++/*
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include "responder/nss/nss_protocol.h"
++
++errno_t
++nss_protocol_fill_subid_ranges(struct nss_ctx *nss_ctx,
++ struct nss_cmd_ctx *cmd_ctx,
++ struct sss_packet *packet,
++ struct cache_req_result *result)
++{
++ static const uint32_t one = 1;
++ errno_t ret;
++ uint8_t *body;
++ size_t body_len;
++ size_t rp = 0;
++ uint32_t gid, uid, gidCount, uidCount;
++
++ if (!result->count || !result->msgs) {
++ return ENOENT;
++ }
++
++ uid = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_SUBID_UID_NUMBER, 0);
++ uidCount = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_SUBID_UID_COUND, 0);
++ gid = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_SUBID_GID_NUMBER, 0);
++ gidCount = ldb_msg_find_attr_as_uint(result->msgs[0], SYSDB_SUBID_GID_COUNT, 0);
++ if (!uid || !gid || !gidCount || !uidCount) {
++ return ENOENT;
++ }
++
++ /* only single uid & gid range is expected currently */
++ ret = sss_packet_grow(packet, (2 + 2*2) * sizeof(uint32_t));
++ if (ret != EOK) {
++ return ret;
++ }
++
++ sss_packet_get_body(packet, &body, &body_len);
++ SAFEALIGN_COPY_UINT32(&body[rp], &one, &rp);
++ SAFEALIGN_COPY_UINT32(&body[rp], &one, &rp);
++ SAFEALIGN_COPY_UINT32(&body[rp], &uid, &rp);
++ SAFEALIGN_COPY_UINT32(&body[rp], &uidCount, &rp);
++ SAFEALIGN_COPY_UINT32(&body[rp], &gid, &rp);
++ SAFEALIGN_COPY_UINT32(&body[rp], &gidCount, &rp);
++
++ return EOK;
++}
+diff --git a/src/sss_client/common.c b/src/sss_client/common.c
+index d29332939..9416e21d1 100644
+--- a/src/sss_client/common.c
++++ b/src/sss_client/common.c
+@@ -1008,7 +1008,7 @@ void sss_pam_close_fd(void)
+ sss_pam_unlock();
+ }
+
+-static enum sss_status
++enum sss_status
+ sss_cli_make_request_with_checks(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ int timeout,
+diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
+index 2c3c71bc4..1347ce71d 100644
+--- a/src/sss_client/sss_cli.h
++++ b/src/sss_client/sss_cli.h
+@@ -284,6 +284,10 @@ SSS_NSS_GETSIDBYGID = 0x0119, /**< Takes an unsigned 32bit integer (POSIX GID)
+ and return the zero terminated string
+ representation of the SID of the object
+ with the given UID. */
++
++/* subid */
++ SSS_NSS_GET_SUBID_RANGES = 0x0130, /**< Requests both subuid and subgid ranges
++ defined for a user. */
+ };
+
+ /**
+@@ -631,6 +635,13 @@ enum sss_cli_error_codes {
+
+ const char *ssscli_err2string(int err);
+
++enum sss_status sss_cli_make_request_with_checks(enum sss_cli_command cmd,
++ struct sss_cli_req_data *rd,
++ int timeout,
++ uint8_t **repbuf, size_t *replen,
++ int *errnop,
++ const char *socket_name);
++
+ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
+ struct sss_cli_req_data *rd,
+ uint8_t **repbuf, size_t *replen,
+diff --git a/src/sss_client/subid/sss_subid.c b/src/sss_client/subid/sss_subid.c
+new file mode 100644
+index 000000000..ae74ece3c
+--- /dev/null
++++ b/src/sss_client/subid/sss_subid.c
+@@ -0,0 +1,209 @@
++/*
++ Copyright (C) 2021 Red Hat
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++*/
++
++#include <stdlib.h>
++#include <string.h>
++#include <shadow/subid.h>
++#include "sss_cli.h"
++
++/* This shadow-utils plugin contains partial SSSD implementation
++ * of `subid_nss_ops` API as described in
++ * https://github.com/shadow-maint/shadow/blob/d4b6d1549b2af48ce3cb6ff78d9892095fb8fdd9/lib/prototypes.h#L271
++ */
++
++/* Find all subid ranges delegated to a user.
++ *
++ * Usage in shadow-utils:
++ * libsubid: get_sub?id_ranges() -> list_owner_ranges()
++ *
++ * SUBID_RANGES Reply:
++ *
++ * 0-3: 32bit unsigned number of UID results
++ * 4-7: 32bit unsigned number of GID results
++ * For each result (sub-uid ranges first):
++ * 0-3: 32bit number with "start" id
++ * 4-7: 32bit number with "count" (range size)
++ */
++enum subid_status shadow_subid_list_owner_ranges(const char *user,
++ enum subid_type id_type,
++ struct subid_range **ranges,
++ int *count)
++{
++ size_t user_len;
++ enum sss_status ret;
++ uint8_t *repbuf = NULL;
++ size_t index = 0;
++ size_t replen;
++ int errnop;
++ struct sss_cli_req_data rd;
++ uint32_t num_results = 0;
++ uint32_t val;
++
++ if ( !user || !ranges || !count ||
++ ((id_type != ID_TYPE_UID) && (id_type != ID_TYPE_GID)) ) {
++ return SUBID_STATUS_ERROR;
++ }
++
++ ret = sss_strnlen(user, SSS_NAME_MAX, &user_len);
++ if (ret != 0) {
++ return SUBID_STATUS_UNKNOWN_USER;
++ }
++ rd.len = user_len + 1;
++ rd.data = user;
++
++ sss_nss_lock();
++ /* Anticipated workflow will always request both
++ * sub-uid and sub-gid ranges anyway.
++ * So don't bother with dedicated commands -
++ * just request everything in one shot.
++ * The second request will get data from the cache.
++ */
++ ret = sss_cli_make_request_with_checks(SSS_NSS_GET_SUBID_RANGES, &rd,
++ SSS_CLI_SOCKET_TIMEOUT,
++ &repbuf, &replen, &errnop,
++ SSS_NSS_SOCKET_NAME);
++ sss_nss_unlock();
++
++ if ((ret != SSS_STATUS_SUCCESS) || (errnop != EOK)) {
++ free(repbuf);
++ if (ret == SSS_STATUS_UNAVAIL) {
++ return SUBID_STATUS_ERROR_CONN;
++ }
++ return SUBID_STATUS_ERROR;
++ }
++
++ SAFEALIGN_COPY_UINT32(&num_results, repbuf, NULL);
++ if (id_type == ID_TYPE_UID) {
++ index = 2 * sizeof(uint32_t);
++ } else {
++ index = (2 + 2*num_results) * sizeof(uint32_t);
++ SAFEALIGN_COPY_UINT32(&num_results, repbuf + sizeof(uint32_t), NULL);
++ }
++ if (num_results == 0) {
++ /* TODO: how to distinguish "user not found" vs "user doesn't have ranges defined" here?
++ * Options:
++ * - special "fake" entry in the cache
++ * - provide 'nss_protocol_done_fn' to 'nss_getby_name' to avoid "ENOENT -> "empty packet" logic
++ * - add custom error code for this case and handle in generic 'nss_protocol_done'
++ *
++ * Note: at the moment this is not important, since shadow-utils doesn't use return code internally
++ * and returns -1 from libsubid on any error anyway.
++ */
++ free(repbuf);
++ return SUBID_STATUS_UNKNOWN_USER;
++ }
++
++ *count = num_results;
++ if (*count < 0) {
++ free(repbuf);
++ return SUBID_STATUS_ERROR;
++ }
++
++ *ranges = malloc(num_results * sizeof(struct subid_range));
++ if (!*ranges) {
++ free(repbuf);
++ return SUBID_STATUS_ERROR;
++ }
++
++ for (uint32_t c = 0; c < num_results; ++c) {
++ SAFEALIGN_COPY_UINT32(&val, repbuf + index, &index);
++ (*ranges)[c].start = val;
++ SAFEALIGN_COPY_UINT32(&val, repbuf + index, &index);
++ (*ranges)[c].count = val;
++ }
++ free(repbuf);
++
++ return SUBID_STATUS_SUCCESS;
++}
++
++/* Does a user own a given subid range?
++ *
++ * Usage in shadow-utils:
++ * newuidmap/user busy : have_sub_uids() -> has_range()
++ */
++enum subid_status shadow_subid_has_range(const char *owner,
++ unsigned long start,
++ unsigned long count,
++ enum subid_type id_type,
++ bool *result)
++{
++ enum subid_status ret;
++ struct subid_range *range;
++ int amount;
++ unsigned long end = start + count;
++
++ if (!result || (end < start)) {
++ return SUBID_STATUS_ERROR;
++ }
++
++ if (count == 0) {
++ *result = true;
++ return SUBID_STATUS_SUCCESS;
++ }
++
++ /* Anticipated workflow is the following:
++ *
++ * 1) Podman figures out ranges available for a user:
++ * libsubid::get_subid_ranges() -> ... -> list_owner_ranges()
++ *
++ * 2) Podman maps available ranges:
++ * newuidmap -> have_sub_uids() -> has_range()
++ * At this point all ranges are available in a cache from step (1)
++ * so it doesn't make sense to try "smart" LDAP searches (even if possible)
++ * Let's just reuse list_owner_ranges() and do a check.
++ *
++ * It might have some sense to do a check at responder's side (i.e. without
++ * fetching all ranges), but range is just a couple of numbers (and FreeIPA
++ * only supports a single range per user anyway), so this optimization
++ * wouldn't save much traffic anyway, but would introduce new
++ * `sss_cli_command`/responder handler.
++ */
++
++ ret = shadow_subid_list_owner_ranges(owner, id_type, &range, &amount);
++ if (ret != SUBID_STATUS_SUCCESS) {
++ return ret;
++ }
++
++ *result = false;
++
++ for (int i = 0; i < amount; ++i) {
++ if ((range[i].start <= start) &&
++ (range[i].start + range[i].count >= end)) {
++ *result = true;
++ }
++ /* TODO: handle coverage via multiple ranges (once IPA supports this) */
++ }
++
++ free(range);
++ return ret;
++}
++
++/* Find uids who own a given subid.
++ *
++ * Usage in shadow-utils:
++ * libsubid: get_sub?id_owners() -> find_subid_owners()
++ */
++enum subid_status shadow_subid_find_subid_owners(unsigned long subid,
++ enum subid_type id_type,
++ uid_t **uids,
++ int *count)
++{
++ /* Not yet implemented.
++ * Currently there are no users of this function.
++ */
++ return SUBID_STATUS_ERROR;
++}
+diff --git a/src/sss_client/subid/sss_subid.exports b/src/sss_client/subid/sss_subid.exports
+new file mode 100644
+index 000000000..87c073b48
+--- /dev/null
++++ b/src/sss_client/subid/sss_subid.exports
+@@ -0,0 +1,12 @@
++EXPORTED {
++
++ # public functions
++ global:
++ shadow_subid_has_range;
++ shadow_subid_list_owner_ranges;
++ shadow_subid_find_subid_owners;
++
++ # everything else is local
++ local:
++ *;
++};
+diff --git a/src/systemtap/sssd_functions.stp b/src/systemtap/sssd_functions.stp
+index 01f553177..513029046 100644
+--- a/src/systemtap/sssd_functions.stp
++++ b/src/systemtap/sssd_functions.stp
+@@ -29,8 +29,8 @@ function acct_req_desc(entry_type)
+ str_entry_type = "host"
+ } else if (entry_type == 0x0009) {
+ str_entry_type = "ip_network"
+- # See src/providers/data_provider_req.h, no 0x0010 there..
+ } else if (entry_type == 0x0010) {
++ str_entry_type = "subid_ranges"
+ } else if (entry_type == 0x0011) {
+ str_entry_type = "by_secid"
+ } else if (entry_type == 0x0012) {
+diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
+index 60f71036e..6d3dc45e5 100644
+--- a/src/tests/cwrap/Makefile.am
++++ b/src/tests/cwrap/Makefile.am
+@@ -74,6 +74,9 @@ SSSD_CACHE_REQ_OBJ = \
+ ../../../src/responder/common/cache_req/plugins/cache_req_ip_network_by_name.c \
+ ../../../src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c \
+ $(NULL)
++if BUILD_SUBID
++ SSSD_CACHE_REQ_OBJ += ../../../src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
++endif
+
+ SSSD_RESPONDER_IFACE_OBJ = \
+ ../../../src/responder/common/responder_iface.c \
+diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c
+index ab44c213c..6d3345cbe 100644
+--- a/src/tests/dlopen-tests.c
++++ b/src/tests/dlopen-tests.c
+@@ -60,6 +60,9 @@ struct so {
+ #ifdef BUILD_AUTOFS
+ { "libsss_autofs.so", { LIBPFX"libsss_autofs.so", NULL } },
+ #endif
++#ifdef BUILD_SUBID
++ { "libsubid_sss.so", { LIBPFX"libsubid_sss.so", NULL } },
++#endif
+ #ifdef HAVE_KRB5_LOCATOR_PLUGIN
+ { "sssd_krb5_locator_plugin.so", { LIBPFX"sssd_krb5_locator_plugin.so",
+ NULL } },
+diff --git a/src/util/sss_cli_cmd.c b/src/util/sss_cli_cmd.c
+index 82dc33b33..bc9332aaa 100644
+--- a/src/util/sss_cli_cmd.c
++++ b/src/util/sss_cli_cmd.c
+@@ -230,6 +230,11 @@ const char *sss_cmd2str(enum sss_cli_command cmd)
+ return "SSS_NSS_GETIDBYSID";
+ case SSS_NSS_GETORIGBYNAME:
+ return "SSS_NSS_GETORIGBYNAME";
++
++ /* SUBID ranges */
++ case SSS_NSS_GET_SUBID_RANGES:
++ return "SSS_NSS_GET_SUBID_RANGES";
++
+ default:
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Translation's string is missing for command [%#x].\n", cmd);
+diff --git a/src/util/util_errors.c b/src/util/util_errors.c
+index 7ba2621d1..f2d1d5dfc 100644
+--- a/src/util/util_errors.c
++++ b/src/util/util_errors.c
+@@ -120,6 +120,7 @@ struct err_string error_to_str[] = {
+ { "Unable to verify peer" }, /* ERR_UNABLE_TO_VERIFY_PEER */
+ { "Unable to resolve host" }, /* ERR_UNABLE_TO_RESOLVE_HOST */
+ { "GetAccountDomain() not supported" }, /* ERR_GET_ACCT_DOM_NOT_SUPPORTED */
++ { "Subid ranges are not supported by this provider" }, /* ERR_GET_ACCT_SUBID_RANGES_NOT_SUPPORTED */
+ { "The last GetAccountDomain() result is still valid" }, /* ERR_GET_ACCT_DOM_CACHED */
+ { "ID is outside the allowed range" }, /* ERR_ID_OUTSIDE_RANGE */
+ { "Group ID is duplicated" }, /* ERR_GID_DUPLICATED */
+diff --git a/src/util/util_errors.h b/src/util/util_errors.h
+index 37ce2de23..4098e818d 100644
+--- a/src/util/util_errors.h
++++ b/src/util/util_errors.h
+@@ -141,6 +141,7 @@ enum sssd_errors {
+ ERR_UNABLE_TO_VERIFY_PEER,
+ ERR_UNABLE_TO_RESOLVE_HOST,
+ ERR_GET_ACCT_DOM_NOT_SUPPORTED,
++ ERR_GET_ACCT_SUBID_RANGES_NOT_SUPPORTED,
+ ERR_GET_ACCT_DOM_CACHED,
+ ERR_ID_OUTSIDE_RANGE,
+ ERR_GID_DUPLICATED,
+--
+2.26.3
+
diff --git a/SOURCES/0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch b/SOURCES/0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
new file mode 100644
index 0000000..534a7a2
--- /dev/null
+++ b/SOURCES/0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
@@ -0,0 +1,284 @@
+From 7ab83f97e1cbefb78ece17232185bdd2985f0bbe Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 18 Jun 2021 13:17:19 +0200
+Subject: [PATCH] TOOLS: replace system() with execvp() to avoid execution of
+ user supplied command
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+:relnote: A flaw was found in SSSD, where the sssctl command was
+vulnerable to shell command injection via the logs-fetch and
+cache-expire subcommands. This flaw allows an attacker to trick
+the root user into running a specially crafted sssctl command,
+such as via sudo, to gain root access. The highest threat from this
+vulnerability is to confidentiality, integrity, as well as system
+availability.
+This patch fixes a flaw by replacing system() with execvp().
+
+:fixes: CVE-2021-3621
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/tools/sssctl/sssctl.c | 39 ++++++++++++++++-------
+ src/tools/sssctl/sssctl.h | 2 +-
+ src/tools/sssctl/sssctl_data.c | 57 +++++++++++-----------------------
+ src/tools/sssctl/sssctl_logs.c | 32 +++++++++++++++----
+ 4 files changed, 73 insertions(+), 57 deletions(-)
+
+diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
+index 2997dbf96..8adaf3091 100644
+--- a/src/tools/sssctl/sssctl.c
++++ b/src/tools/sssctl/sssctl.c
+@@ -97,22 +97,36 @@ sssctl_prompt(const char *message,
+ return SSSCTL_PROMPT_ERROR;
+ }
+
+-errno_t sssctl_run_command(const char *command)
++errno_t sssctl_run_command(const char *const argv[])
+ {
+ int ret;
++ int wstatus;
+
+- DEBUG(SSSDBG_TRACE_FUNC, "Running %s\n", command);
++ DEBUG(SSSDBG_TRACE_FUNC, "Running '%s'\n", argv[0]);
+
+- ret = system(command);
++ ret = fork();
+ if (ret == -1) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to execute %s\n", command);
+ ERROR("Error while executing external command\n");
+ return EFAULT;
+- } else if (WEXITSTATUS(ret) != 0) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Command %s failed with [%d]\n",
+- command, WEXITSTATUS(ret));
++ }
++
++ if (ret == 0) {
++ /* cast is safe - see
++ https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
++ "The statement about argv[] and envp[] being constants ... "
++ */
++ execvp(argv[0], discard_const_p(char * const, argv));
+ ERROR("Error while executing external command\n");
+- return EIO;
++ _exit(1);
++ } else {
++ if (waitpid(ret, &wstatus, 0) == -1) {
++ ERROR("Error while executing external command '%s'\n", argv[0]);
++ return EFAULT;
++ } else if (WEXITSTATUS(wstatus) != 0) {
++ ERROR("Command '%s' failed with [%d]\n",
++ argv[0], WEXITSTATUS(wstatus));
++ return EIO;
++ }
+ }
+
+ return EOK;
+@@ -132,11 +146,14 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
+ #elif defined(HAVE_SERVICE)
+ switch (action) {
+ case SSSCTL_SVC_START:
+- return sssctl_run_command(SERVICE_PATH" sssd start");
++ return sssctl_run_command(
++ (const char *[]){SERVICE_PATH, "sssd", "start", NULL});
+ case SSSCTL_SVC_STOP:
+- return sssctl_run_command(SERVICE_PATH" sssd stop");
++ return sssctl_run_command(
++ (const char *[]){SERVICE_PATH, "sssd", "stop", NULL});
+ case SSSCTL_SVC_RESTART:
+- return sssctl_run_command(SERVICE_PATH" sssd restart");
++ return sssctl_run_command(
++ (const char *[]){SERVICE_PATH, "sssd", "restart", NULL});
+ }
+ #endif
+
+diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
+index 0115b2457..599ef6519 100644
+--- a/src/tools/sssctl/sssctl.h
++++ b/src/tools/sssctl/sssctl.h
+@@ -47,7 +47,7 @@ enum sssctl_prompt_result
+ sssctl_prompt(const char *message,
+ enum sssctl_prompt_result defval);
+
+-errno_t sssctl_run_command(const char *command);
++errno_t sssctl_run_command(const char *const argv[]); /* argv[0] - command */
+ bool sssctl_start_sssd(bool force);
+ bool sssctl_stop_sssd(bool force);
+ bool sssctl_restart_sssd(bool force);
+diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c
+index 8d79b977f..bf2291341 100644
+--- a/src/tools/sssctl/sssctl_data.c
++++ b/src/tools/sssctl/sssctl_data.c
+@@ -105,15 +105,15 @@ static errno_t sssctl_backup(bool force)
+ }
+ }
+
+- ret = sssctl_run_command("sss_override user-export "
+- SSS_BACKUP_USER_OVERRIDES);
++ ret = sssctl_run_command((const char *[]){"sss_override", "user-export",
++ SSS_BACKUP_USER_OVERRIDES, NULL});
+ if (ret != EOK) {
+ ERROR("Unable to export user overrides\n");
+ return ret;
+ }
+
+- ret = sssctl_run_command("sss_override group-export "
+- SSS_BACKUP_GROUP_OVERRIDES);
++ ret = sssctl_run_command((const char *[]){"sss_override", "group-export",
++ SSS_BACKUP_GROUP_OVERRIDES, NULL});
+ if (ret != EOK) {
+ ERROR("Unable to export group overrides\n");
+ return ret;
+@@ -158,8 +158,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
+ }
+
+ if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
+- ret = sssctl_run_command("sss_override user-import "
+- SSS_BACKUP_USER_OVERRIDES);
++ ret = sssctl_run_command((const char *[]){"sss_override", "user-import",
++ SSS_BACKUP_USER_OVERRIDES, NULL});
+ if (ret != EOK) {
+ ERROR("Unable to import user overrides\n");
+ return ret;
+@@ -167,8 +167,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
+ }
+
+ if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
+- ret = sssctl_run_command("sss_override group-import "
+- SSS_BACKUP_GROUP_OVERRIDES);
++ ret = sssctl_run_command((const char *[]){"sss_override", "group-import",
++ SSS_BACKUP_GROUP_OVERRIDES, NULL});
+ if (ret != EOK) {
+ ERROR("Unable to import group overrides\n");
+ return ret;
+@@ -296,40 +296,19 @@ errno_t sssctl_cache_expire(struct sss_cmdline *cmdline,
+ void *pvt)
+ {
+ errno_t ret;
+- char *cmd_args = NULL;
+- const char *cachecmd = SSS_CACHE;
+- char *cmd = NULL;
+- int i;
+-
+- if (cmdline->argc == 0) {
+- ret = sssctl_run_command(cachecmd);
+- goto done;
+- }
+
+- cmd_args = talloc_strdup(tool_ctx, "");
+- if (cmd_args == NULL) {
+- ret = ENOMEM;
+- goto done;
++ const char **args = talloc_array_size(tool_ctx,
++ sizeof(char *),
++ cmdline->argc + 2);
++ if (!args) {
++ return ENOMEM;
+ }
++ memcpy(&args[1], cmdline->argv, sizeof(char *) * cmdline->argc);
++ args[0] = SSS_CACHE;
++ args[cmdline->argc + 1] = NULL;
+
+- for (i = 0; i < cmdline->argc; i++) {
+- cmd_args = talloc_strdup_append(cmd_args, cmdline->argv[i]);
+- if (i != cmdline->argc - 1) {
+- cmd_args = talloc_strdup_append(cmd_args, " ");
+- }
+- }
+-
+- cmd = talloc_asprintf(tool_ctx, "%s %s", cachecmd, cmd_args);
+- if (cmd == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+-
+- ret = sssctl_run_command(cmd);
+-
+-done:
+- talloc_free(cmd_args);
+- talloc_free(cmd);
++ ret = sssctl_run_command(args);
+
++ talloc_free(args);
+ return ret;
+ }
+diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
+index 9ff2be05b..ebb2c4571 100644
+--- a/src/tools/sssctl/sssctl_logs.c
++++ b/src/tools/sssctl/sssctl_logs.c
+@@ -31,6 +31,7 @@
+ #include <ldb.h>
+ #include <popt.h>
+ #include <stdio.h>
++#include <glob.h>
+
+ #include "util/util.h"
+ #include "tools/common/sss_process.h"
+@@ -230,6 +231,7 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
+ {
+ struct sssctl_logs_opts opts = {0};
+ errno_t ret;
++ glob_t globbuf;
+
+ /* Parse command line. */
+ struct poptOption options[] = {
+@@ -253,8 +255,20 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
+
+ sss_signal(SIGHUP);
+ } else {
++ globbuf.gl_offs = 4;
++ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
++ if (ret != 0) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
++ return ret;
++ }
++ globbuf.gl_pathv[0] = discard_const_p(char, "truncate");
++ globbuf.gl_pathv[1] = discard_const_p(char, "--no-create");
++ globbuf.gl_pathv[2] = discard_const_p(char, "--size");
++ globbuf.gl_pathv[3] = discard_const_p(char, "0");
++
+ PRINT("Truncating log files...\n");
+- ret = sssctl_run_command("truncate --no-create --size 0 " LOG_FILES);
++ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
++ globfree(&globbuf);
+ if (ret != EOK) {
+ ERROR("Unable to truncate log files\n");
+ return ret;
+@@ -269,8 +283,8 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
+ void *pvt)
+ {
+ const char *file;
+- const char *cmd;
+ errno_t ret;
++ glob_t globbuf;
+
+ /* Parse command line. */
+ ret = sss_tool_popt_ex(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL,
+@@ -280,13 +294,19 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
+ return ret;
+ }
+
+- cmd = talloc_asprintf(tool_ctx, "tar -czf %s %s", file, LOG_FILES);
+- if (cmd == NULL) {
+- ERROR("Out of memory!");
++ globbuf.gl_offs = 3;
++ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
++ if (ret != 0) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
++ return ret;
+ }
++ globbuf.gl_pathv[0] = discard_const_p(char, "tar");
++ globbuf.gl_pathv[1] = discard_const_p(char, "-czf");
++ globbuf.gl_pathv[2] = discard_const_p(char, file);
+
+ PRINT("Archiving log files into %s...\n", file);
+- ret = sssctl_run_command(cmd);
++ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
++ globfree(&globbuf);
+ if (ret != EOK) {
+ ERROR("Unable to archive log files\n");
+ return ret;
+--
+2.26.3
+
diff --git a/SOURCES/0003-NSS-don-t-treat-absent-CLEAR_MC_FLAG-as-an-error-Thi.patch b/SOURCES/0003-NSS-don-t-treat-absent-CLEAR_MC_FLAG-as-an-error-Thi.patch
new file mode 100644
index 0000000..0f23bee
--- /dev/null
+++ b/SOURCES/0003-NSS-don-t-treat-absent-CLEAR_MC_FLAG-as-an-error-Thi.patch
@@ -0,0 +1,30 @@
+From 365cd676c9fbeed8246c4e0c017dcac0c72a2526 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 10 Aug 2021 18:21:56 +0200
+Subject: [PATCH] NSS: don't treat absent 'CLEAR_MC_FLAG' as an error (This is
+ expected in case of SIGHUP sent for log rotation.)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/responder/nss/nsssrv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 9c5907d86..526d97b08 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -63,7 +63,7 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
+ if (ret == ENOENT) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "CLEAR_MC_FLAG not found. Nothing to do.\n");
+- return ret;
++ return EOK; /* Most probably log rotation SIGHUP to monitor */
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to check existence of "CLEAR_MC_FLAG": %s.\n",
+--
+2.26.3
+
diff --git a/SOURCES/0004-po-update-translations.patch b/SOURCES/0004-po-update-translations.patch
new file mode 100644
index 0000000..90f5c86
--- /dev/null
+++ b/SOURCES/0004-po-update-translations.patch
@@ -0,0 +1,10871 @@
+From 861e226b5f8588d491a20b14aa9536f63746a723 Mon Sep 17 00:00:00 2001
+From: Weblate <noreply@weblate.org>
+Date: Tue, 20 Jul 2021 09:04:36 +0200
+Subject: [PATCH] po: update translations
+
+(Russian) currently translated at 47.2% (1333 of 2821 strings)
+Translation: SSSD/sssd-manpage
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
+
+po: update translations
+
+(Japanese) currently translated at 36.5% (1030 of 2821 strings)
+Translation: SSSD/sssd-manpage
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ja/
+
+po: update translations
+
+(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (730 of 730 strings)
+Translation: SSSD/sssd
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
+
+po: update translations
+
+(French) currently translated at 100.0% (730 of 730 strings)
+Translation: SSSD/sssd
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
+
+po: update translations
+
+(Japanese) currently translated at 100.0% (730 of 730 strings)
+Translation: SSSD/sssd
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
+
+po: update translations
+
+(Japanese) currently translated at 100.0% (730 of 730 strings)
+Translation: SSSD/sssd
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
+
+po: update translations
+
+(Korean) currently translated at 3.5% (26 of 730 strings)
+Translation: SSSD/sssd
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
+
+po: update translations
+
+(Ukrainian) currently translated at 100.0% (2821 of 2821 strings)
+Translation: SSSD/sssd-manpage
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
+
+po: update translations
+
+(Russian) currently translated at 41.1% (1160 of 2821 strings)
+Translation: SSSD/sssd-manpage
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
+
+Added translation using Weblate (Korean)
+
+po: update translations
+
+(Ukrainian) currently translated at 99.8% (2816 of 2821 strings)
+Translation: SSSD/sssd-manpage
+Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
+---
+ po/LINGUAS | 1 +
+ po/fr.po | 64 +-
+ po/ja.po | 55 +-
+ po/ko.po | 3230 ++++++++++++++++++++++++++++++++++++++++++++++
+ po/zh_CN.po | 75 +-
+ src/man/po/ja.po | 35 +-
+ src/man/po/ru.po | 1922 +++++++++++++++++++++------
+ src/man/po/uk.po | 69 +-
+ 8 files changed, 4888 insertions(+), 563 deletions(-)
+ create mode 100644 po/ko.po
+
+diff --git a/po/LINGUAS b/po/LINGUAS
+index 6b7728d4c..3defbc44a 100644
+--- a/po/LINGUAS
++++ b/po/LINGUAS
+@@ -23,3 +23,4 @@ uk
+ zh_CN
+ zh_TW
+
++ko
+diff --git a/po/fr.po b/po/fr.po
+index dfe73dbd4..b8a821f14 100644
+--- a/po/fr.po
++++ b/po/fr.po
+@@ -17,7 +17,7 @@ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+ "POT-Creation-Date: 2021-07-12 20:53+0200\n"
+-"PO-Revision-Date: 2021-03-18 10:39+0000\n"
++"PO-Revision-Date: 2021-07-20 07:04+0000\n"
+ "Last-Translator: Sundeep Anand <suanand@redhat.com>\n"
+ "Language-Team: French <https://translate.fedoraproject.org/projects/sssd/"
+ "sssd-master/fr/>\n"
+@@ -26,7 +26,7 @@ msgstr ""
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=n > 1;\n"
+-"X-Generator: Weblate 4.5.1\n"
++"X-Generator: Weblate 4.7.1\n"
+
+ #: src/config/SSSDConfig/sssdoptions.py:20
+ #: src/config/SSSDConfig/sssdoptions.py:21
+@@ -44,7 +44,7 @@ msgstr ""
+
+ #: src/config/SSSDConfig/sssdoptions.py:24
+ msgid "Enable/disable debug backtrace"
+-msgstr ""
++msgstr "Activer/Désactiver Backtrace débogage"
+
+ #: src/config/SSSDConfig/sssdoptions.py:25
+ msgid "Watchdog timeout before restarting service"
+@@ -353,15 +353,15 @@ msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
+ msgid "List of domains accessible even for untrusted users."
+ msgstr ""
+ "Liste des domaines accessibles y compris par les utilisateurs non dignes de "
+-"confiance"
++"confiance."
+
+ #: src/config/SSSDConfig/sssdoptions.py:97
+ msgid "Message printed when user account is expired."
+-msgstr "Message affiché lorsque le compte a expiré"
++msgstr "Message affiché lorsque le compte a expiré."
+
+ #: src/config/SSSDConfig/sssdoptions.py:98
+ msgid "Message printed when user account is locked."
+-msgstr "Message affiché lorsque le compte a expiré"
++msgstr "Message affiché lorsque le compte a expiré."
+
+ #: src/config/SSSDConfig/sssdoptions.py:99
+ msgid "Allow certificate based/Smartcard authentication."
+@@ -373,9 +373,8 @@ msgstr ""
+ "Chemin d'accès à la base de données des certificats des modules PKCS#11."
+
+ #: src/config/SSSDConfig/sssdoptions.py:101
+-#, fuzzy
+ msgid "Tune certificate verification for PAM authentication."
+-msgstr "Régler la vérification du certificat"
++msgstr "Régler la vérification du certificat d’authentification PAM."
+
+ #: src/config/SSSDConfig/sssdoptions.py:102
+ msgid "How many seconds will pam_sss wait for p11_child to finish"
+@@ -420,6 +419,8 @@ msgid ""
+ "List of pairs <PAM service>:<authentication indicator> that must be enforced "
+ "for PAM access with GSSAPI authentication"
+ msgstr ""
++"Liste des paires <PAM service>:<authentication indicator> qui doivent être "
++"appliquées pour l'accès PAM avec authentification GSSAPI"
+
+ #: src/config/SSSDConfig/sssdoptions.py:114
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -689,7 +690,7 @@ msgstr "Afficher les utilisateurs/groupes dans un format complétement qualifié
+
+ #: src/config/SSSDConfig/sssdoptions.py:194
+ msgid "Don't include group members in group lookups"
+-msgstr "Ne pas inclure les membres des groupes dans les recherches de groupes."
++msgstr "Ne pas inclure les membres des groupes dans les recherches de groupes"
+
+ #: src/config/SSSDConfig/sssdoptions.py:195
+ #: src/config/SSSDConfig/sssdoptions.py:205
+@@ -935,7 +936,7 @@ msgstr "Classe d'objet surchargeant les objets"
+
+ #: src/config/SSSDConfig/sssdoptions.py:259
+ msgid "Attribute with the reference to the original object"
+-msgstr "Attribut faisant référence à l'objet originel "
++msgstr "Attribut faisant référence à l'objet originel"
+
+ #: src/config/SSSDConfig/sssdoptions.py:260
+ msgid "Objectclass for user override objects"
+@@ -1481,7 +1482,7 @@ msgstr "Désactiver le contrôle des pages LDAP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:405
+ msgid "Disable Active Directory range retrieval"
+-msgstr "Désactiver la récupération de plage Active Directory."
++msgstr "Désactiver la récupération de plage Active Directory"
+
+ #: src/config/SSSDConfig/sssdoptions.py:408
+ msgid "Length of time to wait for a search request"
+@@ -1511,7 +1512,7 @@ msgstr ""
+
+ #: src/config/SSSDConfig/sssdoptions.py:414
+ msgid "Base DN for user lookups"
+-msgstr "Base DN pour les recherches d'utilisateurs"
++msgstr "Base DN pour les recherches d'utilisateurs"
+
+ #: src/config/SSSDConfig/sssdoptions.py:415
+ msgid "Scope of user lookups"
+@@ -1877,7 +1878,7 @@ msgstr "Périodicité de rafraichissement intelligent"
+
+ #: src/config/SSSDConfig/sssdoptions.py:518
+ msgid "Smart and full refresh random offset"
+-msgstr ""
++msgstr "Décalage aléatoire Smart ou de Rafraîchissement total"
+
+ #: src/config/SSSDConfig/sssdoptions.py:519
+ msgid "Whether to filter rules by hostname, IP addresses and network"
+@@ -2152,15 +2153,15 @@ msgstr "Afficher le numéro de version et quitte"
+
+ #: src/monitor/monitor.c:2461
+ msgid "Option -i|--interactive is not allowed together with -D|--daemon\n"
+-msgstr ""
++msgstr "Option -i|--interactive non authorisée avec -D|--daemon\n"
+
+ #: src/monitor/monitor.c:2467
+ msgid "Option -g is incompatible with -D or -i\n"
+-msgstr ""
++msgstr "Option -g incompatible avec -D ou -i\n"
+
+ #: src/monitor/monitor.c:2480
+ msgid "Running under %"
+-msgstr ""
++msgstr "En cours d’exécution sous %"
+
+ #: src/monitor/monitor.c:2562
+ msgid "SSSD is already running\n"
+@@ -2196,7 +2197,7 @@ msgstr "Options FAST ('never', 'try', 'demand')"
+
+ #: src/providers/krb5/krb5_child.c:3343
+ msgid "Specifies the server principal to use for FAST"
+-msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
++msgstr "Spécifie le principal de serveur afin d'utiliser FAST"
+
+ #: src/providers/krb5/krb5_child.c:3345
+ msgid "Requests canonicalization of the principal name"
+@@ -2207,13 +2208,12 @@ msgid "Use custom version of krb5_get_init_creds_password"
+ msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
+
+ #: src/providers/krb5/krb5_child.c:3375 src/providers/ldap/ldap_child.c:663
+-#, fuzzy
+ msgid "talloc_asprintf failed.\n"
+-msgstr "malloc a échoué.\n"
++msgstr "Échec de talloc_asprintf.\n"
+
+ #: src/providers/krb5/krb5_child.c:3385 src/providers/ldap/ldap_child.c:672
+ msgid "set_debug_file_from_fd failed.\n"
+-msgstr ""
++msgstr "Échec de set_debug_file_from_fd.\n"
+
+ #: src/providers/data_provider_be.c:733
+ msgid "Domain of the information provider (mandatory)"
+@@ -2255,7 +2255,7 @@ msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
+
+ #: src/sss_client/pam_sss.c:68
+ msgid "Permission denied. "
+-msgstr "Accès refusé."
++msgstr "Accès refusé. "
+
+ #: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:785
+ #: src/sss_client/pam_sss.c:796
+@@ -2277,7 +2277,7 @@ msgstr "Authentifié avec les crédits mis en cache"
+
+ #: src/sss_client/pam_sss.c:533
+ msgid ", your cached password will expire at: "
+-msgstr ", votre mot de passe en cache expirera à :"
++msgstr ", votre mot de passe en cache expirera à : "
+
+ #: src/sss_client/pam_sss.c:563
+ #, c-format
+@@ -2292,7 +2292,7 @@ msgstr "Votre mot de passe expirera dans %1$d %2$s."
+
+ #: src/sss_client/pam_sss.c:658
+ msgid "Authentication is denied until: "
+-msgstr "L'authentification est refusée jusque :"
++msgstr "L'authentification est refusée jusque : "
+
+ #: src/sss_client/pam_sss.c:679
+ msgid "System is offline, password change not possible"
+@@ -2309,7 +2309,7 @@ msgstr ""
+
+ #: src/sss_client/pam_sss.c:782 src/sss_client/pam_sss.c:795
+ msgid "Password change failed. "
+-msgstr "Échec du changement de mot de passe."
++msgstr "Échec du changement de mot de passe. "
+
+ #: src/sss_client/pam_sss.c:2045
+ msgid "New Password: "
+@@ -2321,7 +2321,7 @@ msgstr "Retaper le nouveau mot de passe : "
+
+ #: src/sss_client/pam_sss.c:2208 src/sss_client/pam_sss.c:2211
+ msgid "First Factor: "
+-msgstr "Premier facteur :"
++msgstr "Premier facteur : "
+
+ #: src/sss_client/pam_sss.c:2209 src/sss_client/pam_sss.c:2383
+ msgid "Second Factor (optional): "
+@@ -2329,7 +2329,7 @@ msgstr "Deuxième facteur (facultatif) : "
+
+ #: src/sss_client/pam_sss.c:2212 src/sss_client/pam_sss.c:2386
+ msgid "Second Factor: "
+-msgstr "Second facteur :"
++msgstr "Second facteur : "
+
+ #: src/sss_client/pam_sss.c:2230
+ msgid "Password: "
+@@ -2662,7 +2662,7 @@ msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
+
+ #: src/tools/sss_groupshow.c:616
+ msgid "Magic Private "
+-msgstr "Magie privée"
++msgstr "Magie privée "
+
+ #: src/tools/sss_groupshow.c:615
+ #, c-format
+@@ -2677,7 +2677,7 @@ msgstr "%1$s GID numéro : %2$d\n"
+ #: src/tools/sss_groupshow.c:620
+ #, c-format
+ msgid "%1$sMember users: "
+-msgstr "Utilisateurs membres de %1$s :"
++msgstr "Utilisateurs membres de %1$s : "
+
+ #: src/tools/sss_groupshow.c:627
+ #, c-format
+@@ -2826,12 +2826,12 @@ msgid ""
+ "multi-valued attributes, the command replaces the values already present"
+ msgstr ""
+ "Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour "
+-"les attributs multi-valués, la commande remplace les valeurs déjà présentes."
++"les attributs multi-valués, la commande remplace les valeurs déjà présentes"
+
+ #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+ #: src/tools/sss_usermod.c:135
+ msgid "Specify the attribute name/value pair(s)\n"
+-msgstr "Indiquer les paires nom d'attributs et valeurs.\n"
++msgstr "Indiquer les paires nom d'attributs et valeurs\n"
+
+ #: src/tools/sss_usermod.c:152
+ msgid "Specify user to modify\n"
+@@ -3003,7 +3003,7 @@ msgstr "Impossible de lire l'entrée de l'utilisateur\n"
+ #: src/tools/sssctl/sssctl.c:91
+ #, c-format
+ msgid "Invalid input, please provide either '%s' or '%s'.\n"
+-msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
++msgstr "Entrée non valable, veuillez fournir %s ou %s.\n"
+
+ #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
+ msgid "Error while executing external command\n"
+@@ -3149,7 +3149,7 @@ msgstr "Fichiers de configuration utilisés : %zu\n"
+ #: src/tools/sssctl/sssctl_data.c:89
+ #, c-format
+ msgid "Unable to create backup directory [%d]: %s"
+-msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
++msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
+
+ #: src/tools/sssctl/sssctl_data.c:95
+ msgid "SSSD backup of local data already exists, override?"
+diff --git a/po/ja.po b/po/ja.po
+index 598c3f915..27f88fe52 100644
+--- a/po/ja.po
++++ b/po/ja.po
+@@ -6,7 +6,7 @@
+ # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
+ # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
+ # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
+-# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
++# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021.
+ # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
+ # Sundeep Anand <suanand@redhat.com>, 2021.
+ msgid ""
+@@ -14,7 +14,7 @@ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+ "POT-Creation-Date: 2021-07-12 20:53+0200\n"
+-"PO-Revision-Date: 2021-03-18 10:39+0000\n"
++"PO-Revision-Date: 2021-07-19 07:07+0000\n"
+ "Last-Translator: Sundeep Anand <suanand@redhat.com>\n"
+ "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
+ "sssd-master/ja/>\n"
+@@ -23,7 +23,7 @@ msgstr ""
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+-"X-Generator: Weblate 4.5.1\n"
++"X-Generator: Weblate 4.7.1\n"
+
+ #: src/config/SSSDConfig/sssdoptions.py:20
+ #: src/config/SSSDConfig/sssdoptions.py:21
+@@ -40,7 +40,7 @@ msgstr "デバッグログにミリ秒単位のタイムスタンプを含める
+
+ #: src/config/SSSDConfig/sssdoptions.py:24
+ msgid "Enable/disable debug backtrace"
+-msgstr ""
++msgstr "デバッグバックトレースの有効化/無効化"
+
+ #: src/config/SSSDConfig/sssdoptions.py:25
+ msgid "Watchdog timeout before restarting service"
+@@ -150,9 +150,7 @@ msgstr "検索するドメインの特定の順番"
+ msgid ""
+ "Controls if SSSD should monitor the state of resolv.conf to identify when it "
+ "needs to update its internal DNS resolver."
+-msgstr ""
+-"内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv."
+-"conf の状態を監視するかどうかを制御します。"
++msgstr "内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv.conf の状態を監視するかどうかを制御します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:54
+ msgid ""
+@@ -342,9 +340,8 @@ msgid "Path to certificate database with PKCS#11 modules."
+ msgstr "PKCS#11 モジュールでの証明書データベースへのパス。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:101
+-#, fuzzy
+ msgid "Tune certificate verification for PAM authentication."
+-msgstr "証明書検証の調整"
++msgstr "PAM 認証の証明書検証の調整。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:102
+ msgid "How many seconds will pam_sss wait for p11_child to finish"
+@@ -384,6 +381,7 @@ msgid ""
+ "List of pairs <PAM service>:<authentication indicator> that must be enforced "
+ "for PAM access with GSSAPI authentication"
+ msgstr ""
++"GSSAPI 認証で PAM アクセスを強制する必要があるペア <PAM service>:<authentication indicator> のリスト"
+
+ #: src/config/SSSDConfig/sssdoptions.py:114
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -539,9 +537,8 @@ msgid ""
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+ msgstr ""
+-"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS が"
+-"返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更など"
+-"の可能性がある場合には、その後になります。"
++"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS "
++"が返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:167
+ msgid ""
+@@ -549,9 +546,8 @@ msgid ""
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+ msgstr ""
+-"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリス"
+-"トです。NSS が返すグループ名にマッチします。つまり、スペースの置換、大文字小"
+-"文字の変更などの可能性がある場合には、その後になります。"
++"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリストです。NSS "
++"が返すグループ名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:170
+ msgid ""
+@@ -771,9 +767,7 @@ msgstr ""
+ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+-msgstr ""
+-"リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何"
+-"秒キャッシュするか。"
++msgstr "リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何秒キャッシュするか。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:233
+ msgid ""
+@@ -781,9 +775,8 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
+-"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、"
+-"この値は、最初の認証要素 (長期パスワード) を SHA512 ハッシュとしてキャッシュ"
+-"に保存する必要がある最小の長さを決定します。"
++"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、この値は、最初の認証要素 (長期パスワード) "
++"を SHA512 ハッシュとしてキャッシュに保存する必要がある最小の長さを決定します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:239
+ msgid "IPA domain"
+@@ -1347,9 +1340,7 @@ msgstr ""
+ msgid ""
+ "Allows to retain local users as members of an LDAP group for servers that "
+ "use the RFC2307 schema."
+-msgstr ""
+-"RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカル"
+-"ユーザーを保持することができます。"
++msgstr "RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカルユーザーを保持することができます。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:398
+ msgid "entryUSN attribute"
+@@ -1752,7 +1743,7 @@ msgstr "自動的なスマート更新間隔"
+
+ #: src/config/SSSDConfig/sssdoptions.py:518
+ msgid "Smart and full refresh random offset"
+-msgstr ""
++msgstr "スマートおよびフル更新ランダムオフセット"
+
+ #: src/config/SSSDConfig/sssdoptions.py:519
+ msgid "Whether to filter rules by hostname, IP addresses and network"
+@@ -2017,15 +2008,15 @@ msgstr "バージョン番号を表示して終了する"
+
+ #: src/monitor/monitor.c:2461
+ msgid "Option -i|--interactive is not allowed together with -D|--daemon\n"
+-msgstr ""
++msgstr "Option -i|--interactive iは、 -D|--daemon とは使用できません\n"
+
+ #: src/monitor/monitor.c:2467
+ msgid "Option -g is incompatible with -D or -i\n"
+-msgstr ""
++msgstr "Option -g は -D または -i と互換性がありません\n"
+
+ #: src/monitor/monitor.c:2480
+ msgid "Running under %"
+-msgstr ""
++msgstr "% 化で実行"
+
+ #: src/monitor/monitor.c:2562
+ msgid "SSSD is already running\n"
+@@ -2072,13 +2063,12 @@ msgid "Use custom version of krb5_get_init_creds_password"
+ msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
+
+ #: src/providers/krb5/krb5_child.c:3375 src/providers/ldap/ldap_child.c:663
+-#, fuzzy
+ msgid "talloc_asprintf failed.\n"
+-msgstr "malloc は失敗しました。\n"
++msgstr "talloc_asprintf failed.\n"
+
+ #: src/providers/krb5/krb5_child.c:3385 src/providers/ldap/ldap_child.c:672
+ msgid "set_debug_file_from_fd failed.\n"
+-msgstr ""
++msgstr "set_debug_file_from_fd failed.\n"
+
+ #: src/providers/data_provider_be.c:733
+ msgid "Domain of the information provider (mandatory)"
+@@ -2670,8 +2660,7 @@ msgid ""
+ "Set an attribute to a name/value pair. The format is attrname=value. For "
+ "multi-valued attributes, the command replaces the values already present"
+ msgstr ""
+-"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属"
+-"性の場合、コマンドがすでに存在する値に置き換えられます"
++"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属性の場合、コマンドがすでに存在する値に置き換えられます"
+
+ #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+ #: src/tools/sss_usermod.c:135
+diff --git a/po/ko.po b/po/ko.po
+new file mode 100644
+index 000000000..19ba2c466
+--- /dev/null
++++ b/po/ko.po
+@@ -0,0 +1,3230 @@
++# SOME DESCRIPTIVE TITLE.
++# Copyright (C) YEAR Red Hat, Inc.
++# This file is distributed under the same license as the PACKAGE package.
++# Ludek Janda <ljanda@redhat.com>, 2021.
++# simmon <simmon@nplob.com>, 2021.
++msgid ""
++msgstr ""
++"Project-Id-Version: PACKAGE VERSION\n"
++"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
++"POT-Creation-Date: 2021-07-12 20:53+0200\n"
++"PO-Revision-Date: 2021-07-17 04:04+0000\n"
++"Last-Translator: simmon <simmon@nplob.com>\n"
++"Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/"
++"sssd-master/ko/>\n"
++"Language: ko\n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=UTF-8\n"
++"Content-Transfer-Encoding: 8bit\n"
++"Plural-Forms: nplurals=1; plural=0;\n"
++"X-Generator: Weblate 4.7.1\n"
++
++#: src/config/SSSDConfig/sssdoptions.py:20
++#: src/config/SSSDConfig/sssdoptions.py:21
++msgid "Set the verbosity of the debug logging"
++msgstr "디버그 로깅의 자세한 정보 설정"
++
++#: src/config/SSSDConfig/sssdoptions.py:22
++msgid "Include timestamps in debug logs"
++msgstr "디버그 기록에 시간표시 포함"
++
++#: src/config/SSSDConfig/sssdoptions.py:23
++msgid "Include microseconds in timestamps in debug logs"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:24
++msgid "Enable/disable debug backtrace"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:25
++msgid "Watchdog timeout before restarting service"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:26
++msgid "Command to start service"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:27
++msgid "Number of times to attempt connection to Data Providers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:28
++msgid "The number of file descriptors that may be opened by this responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:29
++msgid "Idle time before automatic disconnection of a client"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:30
++msgid "Idle time before automatic shutdown of the responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:31
++msgid "Always query all the caches before querying the Data Providers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:32
++msgid ""
++"When SSSD switches to offline mode the amount of time before it tries to go "
++"back online will increase based upon the time spent disconnected. This value "
++"is in seconds and calculated by the following: offline_timeout + "
++"random_offset."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:38
++msgid ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:39
++msgid "SSSD Services to start"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:40
++msgid "SSSD Domains to start"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:41
++msgid "Timeout for messages sent over the SBUS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:42
++msgid "Regex to parse username and domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:43
++msgid "Printf-compatible format for displaying fully-qualified names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:44
++msgid ""
++"Directory on the filesystem where SSSD should store Kerberos replay cache "
++"files."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:45
++msgid "Domain to add to names without a domain component."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:46
++msgid "The user to drop privileges to"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:47
++msgid "Tune certificate verification"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:48
++msgid "All spaces in group or user names will be replaced with this character"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:49
++msgid "Tune sssd to honor or ignore netlink state changes"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:50
++msgid "Enable or disable the implicit files domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:51
++msgid "A specific order of the domains to be looked up"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:52
++msgid ""
++"Controls if SSSD should monitor the state of resolv.conf to identify when it "
++"needs to update its internal DNS resolver."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:54
++msgid ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:59
++msgid "Enumeration cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:60
++msgid "Entry cache background update timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:61
++#: src/config/SSSDConfig/sssdoptions.py:120
++msgid "Negative cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:62
++msgid "Files negative cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:63
++msgid "Users that SSSD should explicitly ignore"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:64
++msgid "Groups that SSSD should explicitly ignore"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:65
++msgid "Should filtered users appear in groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:66
++msgid "The value of the password field the NSS provider should return"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:67
++msgid "Override homedir value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:68
++msgid ""
++"Substitute empty homedir value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:69
++msgid "Override shell value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:70
++msgid "The list of shells users are allowed to log in with"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:71
++msgid ""
++"The list of shells that will be vetoed, and replaced with the fallback shell"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:72
++msgid ""
++"If a shell stored in central directory is allowed but not available, use "
++"this fallback"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:73
++msgid "Shell to use if the provider does not list one"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:74
++msgid "How long will be in-memory cache records valid"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:75
++msgid ""
++"Size (in megabytes) of the data table allocated inside fast in-memory cache "
++"for passwd requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:76
++msgid ""
++"Size (in megabytes) of the data table allocated inside fast in-memory cache "
++"for group requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:77
++msgid ""
++"Size (in megabytes) of the data table allocated inside fast in-memory cache "
++"for initgroups requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:78
++msgid ""
++"The value of this option will be used in the expansion of the "
++"override_homedir option if the template contains the format string %H."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:80
++msgid ""
++"Specifies time in seconds for which the list of subdomains will be "
++"considered valid."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:82
++msgid ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:87
++msgid "How long to allow cached logins between online logins (days)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:88
++msgid "How many failed logins attempts are allowed when offline"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:90
++msgid ""
++"How long (minutes) to deny login after offline_failed_login_attempts has "
++"been reached"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:91
++msgid "What kind of messages are displayed to the user during authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:92
++msgid "Filter PAM responses sent to the pam_sss"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:93
++msgid "How many seconds to keep identity information cached for PAM requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:94
++msgid "How many days before password expiration a warning should be displayed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:95
++msgid "List of trusted uids or user's name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:96
++msgid "List of domains accessible even for untrusted users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:97
++msgid "Message printed when user account is expired."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:98
++msgid "Message printed when user account is locked."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:99
++msgid "Allow certificate based/Smartcard authentication."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:100
++msgid "Path to certificate database with PKCS#11 modules."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:101
++msgid "Tune certificate verification for PAM authentication."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:102
++msgid "How many seconds will pam_sss wait for p11_child to finish"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:103
++msgid "Which PAM services are permitted to contact application domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:104
++msgid "Allowed services for using smartcards"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:105
++msgid "Additional timeout to wait for a card if requested"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:106
++msgid ""
++"PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:107
++msgid "When shall the PAM responder force an initgroups request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:108
++msgid "List of PAM services that are allowed to authenticate with GSSAPI."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:109
++msgid "Whether to match authenticated UPN with target user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:110
++msgid ""
++"List of pairs <PAM service>:<authentication indicator> that must be enforced "
++"for PAM access with GSSAPI authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:114
++msgid "Whether to evaluate the time-based attributes in sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:115
++msgid "If true, SSSD will switch back to lower-wins ordering logic"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:116
++msgid ""
++"Maximum number of rules that can be refreshed at once. If this is exceeded, "
++"full refresh is performed."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:123
++msgid "Whether to hash host names and addresses in the known_hosts file"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:124
++msgid ""
++"How many seconds to keep a host in the known_hosts file after its host keys "
++"were requested"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:126
++msgid "Path to storage of trusted CA certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:127
++msgid "Allow to generate ssh-keys from certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:128
++msgid ""
++"Use the following matching rules to filter the certificates for ssh-key "
++"generation"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:132
++msgid "List of UIDs or user names allowed to access the PAC responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:133
++msgid "How long the PAC data is considered valid"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:136
++msgid "List of user attributes the InfoPipe is allowed to publish"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:139
++msgid "The provider where the secrets will be stored in"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:140
++msgid "The maximum allowed number of nested containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:141
++msgid "The maximum number of secrets that can be stored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:142
++msgid "The maximum number of secrets that can be stored per UID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:143
++msgid "The maximum payload size of a secret in kilobytes"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:145
++msgid "The URL Custodia server is listening on"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:146
++msgid "The method to use when authenticating to a Custodia server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:147
++msgid ""
++"The name of the headers that will be added into a HTTP request with the "
++"value defined in auth_header_value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:149
++msgid "The value sssd-secrets would use for auth_header_name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:150
++msgid ""
++"The list of the headers to forward to the Custodia server together with the "
++"request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:151
++msgid ""
++"The username to use when authenticating to a Custodia server using basic_auth"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:152
++msgid ""
++"The password to use when authenticating to a Custodia server using basic_auth"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:153
++msgid "If true peer's certificate is verified if proxy_url uses https protocol"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:154
++msgid ""
++"If false peer's certificate may contain different hostname than proxy_url "
++"when https protocol is used"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:156
++msgid "Path to directory where certificate authority certificates are stored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:157
++msgid "Path to file containing server's CA certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:158
++msgid "Path to file containing client's certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:159
++msgid "Path to file containing client's private key"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:162
++msgid ""
++"One of the following strings specifying the scope of session recording: none "
++"- No users are recorded. some - Users/groups specified by users and groups "
++"options are recorded. all - All users are recorded."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:165
++msgid ""
++"A comma-separated list of users which should have session recording enabled. "
++"Matches user names as returned by NSS. I.e. after the possible space "
++"replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:167
++msgid ""
++"A comma-separated list of groups, members of which should have session "
++"recording enabled. Matches group names as returned by NSS. I.e. after the "
++"possible space replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:170
++msgid ""
++"A comma-separated list of users to be excluded from recording, only when "
++"scope=all"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:171
++msgid ""
++"A comma-separated list of groups, members of which should be excluded from "
++"recording, only when scope=all. "
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:175
++msgid "Identity provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:176
++msgid "Authentication provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:177
++msgid "Access control provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:178
++msgid "Password change provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:179
++msgid "SUDO provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:180
++msgid "Autofs provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:181
++msgid "Host identity provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:182
++msgid "SELinux provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:183
++msgid "Session management provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:184
++msgid "Resolver provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:187
++msgid "Whether the domain is usable by the OS or by applications"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:188
++msgid "Enable or disable the domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:189
++msgid "Minimum user ID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:190
++msgid "Maximum user ID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:191
++msgid "Enable enumerating all users/groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:192
++msgid "Cache credentials for offline login"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:193
++msgid "Display users/groups in fully-qualified form"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:194
++msgid "Don't include group members in group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:195
++#: src/config/SSSDConfig/sssdoptions.py:205
++#: src/config/SSSDConfig/sssdoptions.py:206
++#: src/config/SSSDConfig/sssdoptions.py:207
++#: src/config/SSSDConfig/sssdoptions.py:208
++#: src/config/SSSDConfig/sssdoptions.py:209
++#: src/config/SSSDConfig/sssdoptions.py:210
++#: src/config/SSSDConfig/sssdoptions.py:211
++msgid "Entry cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:196
++msgid ""
++"Restrict or prefer a specific address family when performing DNS lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:197
++msgid "How long to keep cached entries after last successful login (days)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:198
++msgid ""
++"How long should SSSD talk to single DNS server before trying next server "
++"(miliseconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:200
++msgid "How long should keep trying to resolve single DNS query (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:201
++msgid "How long to wait for replies from DNS when resolving servers (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:202
++msgid "The domain part of service discovery DNS query"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:203
++msgid "Override GID value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:204
++msgid "Treat usernames as case sensitive"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:212
++msgid "How often should expired entries be refreshed in background"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:213
++msgid "Whether to automatically update the client's DNS entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:214
++#: src/config/SSSDConfig/sssdoptions.py:244
++msgid "The TTL to apply to the client's DNS entry after updating it"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:215
++#: src/config/SSSDConfig/sssdoptions.py:245
++msgid "The interface whose IP should be used for dynamic DNS updates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:216
++msgid "How often to periodically update the client's DNS entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:217
++msgid "Whether the provider should explicitly update the PTR record as well"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:218
++msgid "Whether the nsupdate utility should default to using TCP"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:219
++msgid "What kind of authentication should be used to perform the DNS update"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:220
++msgid "Override the DNS server used to perform the DNS update"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:221
++msgid "Control enumeration of trusted domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:222
++msgid "How often should subdomains list be refreshed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:223
++msgid "List of options that should be inherited into a subdomain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:224
++msgid "Default subdomain homedir value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:225
++msgid "How long can cached credentials be used for cached authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:226
++msgid "Whether to automatically create private groups for users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:227
++msgid "Display a warning N days before the password expires."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:228
++msgid ""
++"Various tags stored by the realmd configuration service for this domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:229
++msgid ""
++"The provider which should handle fetching of subdomains. This value should "
++"be always the same as id_provider."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:231
++msgid ""
++"How many seconds to keep a host ssh key after refresh. IE how long to cache "
++"the host key for."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:233
++msgid ""
++"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
++"this value determines the minimal length the first authentication factor "
++"(long term password) must have to be saved as SHA512 hash into the cache."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:239
++msgid "IPA domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:240
++msgid "IPA server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:241
++msgid "Address of backup IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:242
++msgid "IPA client hostname"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:243
++msgid "Whether to automatically update the client's DNS entry in FreeIPA"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:246
++msgid "Search base for HBAC related objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:247
++msgid ""
++"The amount of time between lookups of the HBAC rules against the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:248
++msgid ""
++"The amount of time in seconds between lookups of the SELinux maps against "
++"the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:250
++msgid "If set to false, host argument given by PAM will be ignored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:251
++msgid "The automounter location this IPA client is using"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:252
++msgid "Search base for object containing info about IPA domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:253
++msgid "Search base for objects containing info about ID ranges"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:254
++#: src/config/SSSDConfig/sssdoptions.py:308
++msgid "Enable DNS sites - location based service discovery"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:255
++msgid "Search base for view containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:256
++msgid "Objectclass for view containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:257
++msgid "Attribute with the name of the view"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:258
++msgid "Objectclass for override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:259
++msgid "Attribute with the reference to the original object"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:260
++msgid "Objectclass for user override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:261
++msgid "Objectclass for group override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:262
++msgid "Search base for Desktop Profile related objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:263
++msgid ""
++"The amount of time in seconds between lookups of the Desktop Profile rules "
++"against the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:265
++msgid ""
++"The amount of time in minutes between lookups of Desktop Profiles rules "
++"against the IPA server when the last request did not find any rule"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:268
++msgid "The LDAP attribute that contains FQDN of the host."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:269
++#: src/config/SSSDConfig/sssdoptions.py:292
++msgid "The object class of a host entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:270
++msgid "Use the given string as search base for host objects."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:271
++msgid "The LDAP attribute that contains the host's SSH public keys."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:272
++msgid "The LDAP attribute that contains NIS domain name of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:273
++msgid "The LDAP attribute that contains the names of the netgroup's members."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:274
++msgid ""
++"The LDAP attribute that lists FQDNs of hosts and host groups that are "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:276
++msgid ""
++"The LDAP attribute that lists hosts and host groups that are direct members "
++"of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:278
++msgid "The LDAP attribute that lists netgroup's memberships."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:279
++msgid ""
++"The LDAP attribute that lists system users and groups that are direct "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:281
++msgid "The LDAP attribute that corresponds to the netgroup name."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:282
++msgid "The object class of a netgroup entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:283
++msgid ""
++"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:284
++msgid ""
++"The LDAP attribute that contains whether or not is user map enabled for "
++"usage."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:286
++msgid "The LDAP attribute that contains host category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:287
++msgid ""
++"The LDAP attribute that contains all hosts / hostgroups this rule match "
++"against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:289
++msgid ""
++"The LDAP attribute that contains all users / groups this rule match against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:291
++msgid "The LDAP attribute that contains the name of SELinux usermap."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:293
++msgid ""
++"The LDAP attribute that contains DN of HBAC rule which can be used for "
++"matching instead of memberUser and memberHost."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:295
++msgid "The LDAP attribute that contains SELinux user string itself."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:296
++msgid "The LDAP attribute that contains user category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:297
++msgid "The LDAP attribute that contains unique ID of the user map."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:298
++msgid ""
++"The option denotes that the SSSD is running on IPA server and should perform "
++"lookups of users and groups from trusted domains differently."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:300
++msgid "Use the given string as search base for trusted domains."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:303
++msgid "Active Directory domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:304
++msgid "Enabled Active Directory domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:305
++msgid "Active Directory server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:306
++msgid "Active Directory backup server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:307
++msgid "Active Directory client hostname"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:309
++#: src/config/SSSDConfig/sssdoptions.py:503
++msgid "LDAP filter to determine access privileges"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:310
++msgid "Whether to use the Global Catalog for lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:311
++msgid "Operation mode for GPO-based access control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:312
++msgid ""
++"The amount of time between lookups of the GPO policy files against the AD "
++"server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:313
++msgid ""
++"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
++"settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:315
++msgid ""
++"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
++"policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:317
++msgid ""
++"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:318
++msgid ""
++"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:319
++msgid ""
++"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:320
++msgid "PAM service names for which GPO-based access is always granted"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:321
++msgid "PAM service names for which GPO-based access is always denied"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:322
++msgid ""
++"Default logon right (or permit/deny) to use for unmapped PAM service names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:323
++msgid "a particular site to be used by the client"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:324
++msgid ""
++"Maximum age in days before the machine account password should be renewed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:326
++msgid "Option for tuning the machine account renewal task"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:327
++msgid "Whether to update the machine account password in the Samba database"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:329
++msgid "Use LDAPS port for LDAP and Global Catalog requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:330
++msgid "Do not filter domain local groups from other domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:333
++#: src/config/SSSDConfig/sssdoptions.py:334
++msgid "Kerberos server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:335
++msgid "Kerberos backup server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:336
++msgid "Kerberos realm"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:337
++msgid "Authentication timeout"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:338
++msgid "Whether to create kdcinfo files"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:339
++msgid "Where to drop krb5 config snippets"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:342
++msgid "Directory to store credential caches"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:343
++msgid "Location of the user's credential cache"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:344
++msgid "Location of the keytab to validate credentials"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:345
++msgid "Enable credential validation"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:346
++msgid "Store password if offline for later online authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:347
++msgid "Renewable lifetime of the TGT"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:348
++msgid "Lifetime of the TGT"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:349
++msgid "Time between two checks for renewal"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:350
++msgid "Enables FAST"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:351
++msgid "Selects the principal to use for FAST"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:352
++msgid "Enables principal canonicalization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:353
++msgid "Enables enterprise principals"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:354
++msgid "Enables using of subdomains realms for authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:355
++msgid "A mapping from user names to Kerberos principal names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:358
++#: src/config/SSSDConfig/sssdoptions.py:359
++msgid "Server where the change password service is running if not on the KDC"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:362
++msgid "ldap_uri, The URI of the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:363
++msgid "ldap_backup_uri, The URI of the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:364
++msgid "The default base DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:365
++msgid "The Schema Type in use on the LDAP server, rfc2307"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:366
++msgid "Mode used to change user password"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:367
++msgid "The default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:368
++msgid "The type of the authentication token of the default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:369
++msgid "The authentication token of the default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:370
++msgid "Length of time to attempt connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:371
++msgid "Length of time to attempt synchronous LDAP operations"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:372
++msgid "Length of time between attempts to reconnect while offline"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:373
++msgid "Use only the upper case for realm names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:374
++msgid "File that contains CA certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:375
++msgid "Path to CA certificate directory"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:376
++msgid "File that contains the client certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:377
++msgid "File that contains the client key"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:378
++msgid "List of possible ciphers suites"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:379
++msgid "Require TLS certificate verification"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:380
++msgid "Specify the sasl mechanism to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:381
++msgid "Specify the sasl authorization id to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:382
++msgid "Specify the sasl authorization realm to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:383
++msgid "Specify the minimal SSF for LDAP sasl authorization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:384
++msgid "Specify the maximal SSF for LDAP sasl authorization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:385
++msgid "Kerberos service keytab"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:386
++msgid "Use Kerberos auth for LDAP connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:387
++msgid "Follow LDAP referrals"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:388
++msgid "Lifetime of TGT for LDAP connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:389
++msgid "How to dereference aliases"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:390
++msgid "Service name for DNS service lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:391
++msgid "The number of records to retrieve in a single LDAP query"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:392
++msgid "The number of members that must be missing to trigger a full deref"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:393
++msgid ""
++"Whether the LDAP library should perform a reverse lookup to canonicalize the "
++"host name during a SASL bind"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:395
++msgid ""
++"Allows to retain local users as members of an LDAP group for servers that "
++"use the RFC2307 schema."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:398
++msgid "entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:399
++msgid "lastUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:401
++msgid "How long to retain a connection to the LDAP server before disconnecting"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:404
++msgid "Disable the LDAP paging control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:405
++msgid "Disable Active Directory range retrieval"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:408
++msgid "Length of time to wait for a search request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:409
++msgid "Length of time to wait for a enumeration request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:410
++msgid "Length of time between enumeration updates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:411
++msgid "Length of time between cache cleanups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:412
++msgid "Require TLS for ID lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:413
++msgid "Use ID-mapping of objectSID instead of pre-set IDs"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:414
++msgid "Base DN for user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:415
++msgid "Scope of user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:416
++msgid "Filter for user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:417
++msgid "Objectclass for users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:418
++msgid "Username attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:419
++msgid "UID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:420
++msgid "Primary GID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:421
++msgid "GECOS attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:422
++msgid "Home directory attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:423
++msgid "Shell attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:424
++msgid "UUID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:425
++#: src/config/SSSDConfig/sssdoptions.py:463
++msgid "objectSID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:426
++msgid "Active Directory primary group attribute for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:427
++msgid "User principal attribute (for Kerberos)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:428
++msgid "Full Name"
++msgstr "성명"
++
++#: src/config/SSSDConfig/sssdoptions.py:429
++msgid "memberOf attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:430
++msgid "Modification time attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:431
++msgid "shadowLastChange attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:432
++msgid "shadowMin attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:433
++msgid "shadowMax attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:434
++msgid "shadowWarning attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:435
++msgid "shadowInactive attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:436
++msgid "shadowExpire attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:437
++msgid "shadowFlag attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:438
++msgid "Attribute listing authorized PAM services"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:439
++msgid "Attribute listing authorized server hosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:440
++msgid "Attribute listing authorized server rhosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:441
++msgid "krbLastPwdChange attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:442
++msgid "krbPasswordExpiration attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:443
++msgid "Attribute indicating that server side password policies are active"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:444
++msgid "accountExpires attribute of AD"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:445
++msgid "userAccountControl attribute of AD"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:446
++msgid "nsAccountLock attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:447
++msgid "loginDisabled attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:448
++msgid "loginExpirationTime attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:449
++msgid "loginAllowedTimeMap attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:450
++msgid "SSH public key attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:451
++msgid "attribute listing allowed authentication types for a user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:452
++msgid "attribute containing the X509 certificate of the user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:453
++msgid "attribute containing the email address of the user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:454
++msgid "A list of extra attributes to download along with the user entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:456
++msgid "Base DN for group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:457
++msgid "Objectclass for groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:458
++msgid "Group name"
++msgstr "그룹 이름"
++
++#: src/config/SSSDConfig/sssdoptions.py:459
++msgid "Group password"
++msgstr "그룹 비밀번호"
++
++#: src/config/SSSDConfig/sssdoptions.py:460
++msgid "GID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:461
++msgid "Group member attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:462
++msgid "Group UUID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:464
++msgid "Modification time attribute for groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:465
++msgid "Type of the group and other flags"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:466
++msgid "The LDAP group external member attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:467
++msgid "Maximum nesting level SSSD will follow"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:468
++msgid "Filter for group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:469
++msgid "Scope of group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:471
++msgid "Base DN for netgroup lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:472
++msgid "Objectclass for netgroups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:473
++msgid "Netgroup name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:474
++msgid "Netgroups members attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:475
++msgid "Netgroup triple attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:476
++msgid "Modification time attribute for netgroups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:478
++msgid "Base DN for service lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:479
++msgid "Objectclass for services"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:480
++msgid "Service name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:481
++msgid "Service port attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:482
++msgid "Service protocol attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:484
++msgid "Lower bound for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:485
++msgid "Upper bound for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:486
++msgid "Number of IDs for each slice when ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:487
++msgid "Use autorid-compatible algorithm for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:488
++msgid "Name of the default domain for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:489
++msgid "SID of the default domain for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:490
++msgid "Number of secondary slices"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:492
++msgid "Whether to use Token-Groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:493
++msgid "Set lower boundary for allowed IDs from the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:494
++msgid "Set upper boundary for allowed IDs from the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:495
++msgid "DN for ppolicy queries"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:496
++msgid "How many maximum entries to fetch during a wildcard request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:497
++msgid "Set libldap debug level"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:500
++msgid "Policy to evaluate the password expiration"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:504
++msgid "Which attributes shall be used to evaluate if an account is expired"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:505
++msgid "Which rules should be used to evaluate access control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:508
++msgid "URI of an LDAP server where password changes are allowed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:509
++msgid "URI of a backup LDAP server where password changes are allowed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:510
++msgid "DNS service name for LDAP password change server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:511
++msgid ""
++"Whether to update the ldap_user_shadow_last_change attribute after a "
++"password change"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:515
++msgid "Base DN for sudo rules lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:516
++msgid "Automatic full refresh period"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:517
++msgid "Automatic smart refresh period"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:518
++msgid "Smart and full refresh random offset"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:519
++msgid "Whether to filter rules by hostname, IP addresses and network"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:520
++msgid ""
++"Hostnames and/or fully qualified domain names of this machine to filter sudo "
++"rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:521
++msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:522
++msgid "Whether to include rules that contains netgroup in host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:523
++msgid ""
++"Whether to include rules that contains regular expression in host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:524
++msgid "Object class for sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:525
++msgid "Name of attribute that is used as object class for sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:526
++msgid "Sudo rule name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:527
++msgid "Sudo rule command attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:528
++msgid "Sudo rule host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:529
++msgid "Sudo rule user attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:530
++msgid "Sudo rule option attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:531
++msgid "Sudo rule runas attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:532
++msgid "Sudo rule runasuser attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:533
++msgid "Sudo rule runasgroup attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:534
++msgid "Sudo rule notbefore attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:535
++msgid "Sudo rule notafter attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:536
++msgid "Sudo rule order attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:539
++msgid "Object class for automounter maps"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:540
++msgid "Automounter map name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:541
++msgid "Object class for automounter map entries"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:542
++msgid "Automounter map entry key attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:543
++msgid "Automounter map entry value attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:544
++msgid "Base DN for automounter map lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:545
++msgid "The name of the automount master map in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:548
++msgid "Base DN for IP hosts lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:549
++msgid "Object class for IP hosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:550
++msgid "IP host name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:551
++msgid "IP host number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:552
++msgid "IP host entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:553
++msgid "Base DN for IP networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:554
++msgid "Object class for IP networks"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:555
++msgid "IP network name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:556
++msgid "IP network number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:557
++msgid "IP network entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:560
++msgid "Comma separated list of allowed users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:561
++msgid "Comma separated list of prohibited users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:562
++msgid ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:564
++msgid ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:568
++msgid "Base for home directories"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:569
++msgid "Indicate if a home directory should be created for new users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:570
++msgid "Indicate if a home directory should be removed for deleted users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:571
++msgid "Specify the default permissions on a newly created home directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:572
++msgid "The skeleton directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:573
++msgid "The mail spool directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:574
++msgid "The command that is run after a user is removed."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:577
++msgid "The number of preforked proxy children."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:580
++msgid "The name of the NSS library to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:581
++msgid "The name of the NSS library to use for hosts and networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:582
++msgid "Whether to look up canonical group name from cache if possible"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:585
++msgid "PAM stack to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:588
++msgid "Path of passwd file sources."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:589
++msgid "Path of group file sources."
++msgstr ""
++
++#: src/monitor/monitor.c:2408
++msgid "Become a daemon (default)"
++msgstr ""
++
++#: src/monitor/monitor.c:2410
++msgid "Run interactive (not a daemon)"
++msgstr ""
++
++#: src/monitor/monitor.c:2413
++msgid "Disable netlink interface"
++msgstr ""
++
++#: src/monitor/monitor.c:2415 src/tools/sssctl/sssctl_config.c:77
++#: src/tools/sssctl/sssctl_logs.c:310
++msgid "Specify a non-default config file"
++msgstr ""
++
++#: src/monitor/monitor.c:2417
++msgid "Refresh the configuration database, then exit"
++msgstr ""
++
++#: src/monitor/monitor.c:2420
++msgid "Similar to --genconf, but only refreshes the given section"
++msgstr ""
++
++#: src/monitor/monitor.c:2423
++msgid "Print version number and exit"
++msgstr ""
++
++#: src/monitor/monitor.c:2461
++msgid "Option -i|--interactive is not allowed together with -D|--daemon\n"
++msgstr ""
++
++#: src/monitor/monitor.c:2467
++msgid "Option -g is incompatible with -D or -i\n"
++msgstr ""
++
++#: src/monitor/monitor.c:2480
++msgid "Running under %"
++msgstr ""
++
++#: src/monitor/monitor.c:2562
++msgid "SSSD is already running\n"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3327 src/providers/ldap/ldap_child.c:639
++msgid "An open file descriptor for the debug logs"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3330
++msgid "The user to create FAST ccache as"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3332
++msgid "The group to create FAST ccache as"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3334
++msgid "Kerberos realm to use"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3336
++msgid "Requested lifetime of the ticket"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3338
++msgid "Requested renewable lifetime of the ticket"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3340
++msgid "FAST options ('never', 'try', 'demand')"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3343
++msgid "Specifies the server principal to use for FAST"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3345
++msgid "Requests canonicalization of the principal name"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3347
++msgid "Use custom version of krb5_get_init_creds_password"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3375 src/providers/ldap/ldap_child.c:663
++msgid "talloc_asprintf failed.\n"
++msgstr ""
++
++#: src/providers/krb5/krb5_child.c:3385 src/providers/ldap/ldap_child.c:672
++msgid "set_debug_file_from_fd failed.\n"
++msgstr ""
++
++#: src/providers/data_provider_be.c:733
++msgid "Domain of the information provider (mandatory)"
++msgstr ""
++
++#: src/sss_client/common.c:1088
++msgid "Privileged socket has wrong ownership or permissions."
++msgstr ""
++
++#: src/sss_client/common.c:1091
++msgid "Public socket has wrong ownership or permissions."
++msgstr ""
++
++#: src/sss_client/common.c:1094
++msgid "Unexpected format of the server credential message."
++msgstr ""
++
++#: src/sss_client/common.c:1097
++msgid "SSSD is not run by root."
++msgstr ""
++
++#: src/sss_client/common.c:1100
++msgid "SSSD socket does not exist."
++msgstr ""
++
++#: src/sss_client/common.c:1103
++msgid "Cannot get stat of SSSD socket."
++msgstr ""
++
++#: src/sss_client/common.c:1108
++msgid "An error occurred, but no description can be found."
++msgstr ""
++
++#: src/sss_client/common.c:1114
++msgid "Unexpected error while looking for an error description"
++msgstr ""
++
++#: src/sss_client/pam_sss.c:68
++msgid "Permission denied. "
++msgstr "권한이 거부되었습니다. "
++
++#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:785
++#: src/sss_client/pam_sss.c:796
++msgid "Server message: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:303
++msgid "Passwords do not match"
++msgstr "비밀번호가 일치하지 않습니다"
++
++#: src/sss_client/pam_sss.c:491
++msgid "Password reset by root is not supported."
++msgstr ""
++
++#: src/sss_client/pam_sss.c:532
++msgid "Authenticated with cached credentials"
++msgstr ""
++
++#: src/sss_client/pam_sss.c:533
++msgid ", your cached password will expire at: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:563
++#, c-format
++msgid "Your password has expired. You have %1$d grace login(s) remaining."
++msgstr ""
++
++#: src/sss_client/pam_sss.c:609
++#, c-format
++msgid "Your password will expire in %1$d %2$s."
++msgstr ""
++
++#: src/sss_client/pam_sss.c:658
++msgid "Authentication is denied until: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:679
++msgid "System is offline, password change not possible"
++msgstr ""
++
++#: src/sss_client/pam_sss.c:694
++msgid ""
++"After changing the OTP password, you need to log out and back in order to "
++"acquire a ticket"
++msgstr ""
++
++#: src/sss_client/pam_sss.c:782 src/sss_client/pam_sss.c:795
++msgid "Password change failed. "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2045
++msgid "New Password: "
++msgstr "신규 비밀번호: "
++
++#: src/sss_client/pam_sss.c:2046
++msgid "Reenter new Password: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2208 src/sss_client/pam_sss.c:2211
++msgid "First Factor: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2209 src/sss_client/pam_sss.c:2383
++msgid "Second Factor (optional): "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2212 src/sss_client/pam_sss.c:2386
++msgid "Second Factor: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2230
++msgid "Password: "
++msgstr "비밀번호: "
++
++#: src/sss_client/pam_sss.c:2382 src/sss_client/pam_sss.c:2385
++msgid "First Factor (Current Password): "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2389
++msgid "Current Password: "
++msgstr ""
++
++#: src/sss_client/pam_sss.c:2746
++msgid "Password expired. Change your password now."
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
++#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
++#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
++#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
++#: src/tools/sss_cache.c:732
++msgid "The debug level to run with"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
++msgid "The SSSD domain to use"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
++#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
++#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
++#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
++#: src/tools/sss_cache.c:778
++msgid "Error setting the locale\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
++msgid "Not enough memory\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
++msgid "User not specified\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
++msgid "Error looking up public keys\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
++msgid "The port to use to connect to the host"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
++msgid "Print the host ssh public keys"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
++msgid "Invalid port\n"
++msgstr "잘못된 포트\n"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
++msgid "Host not specified\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
++msgid "The path to the proxy command must be absolute\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:326
++#, c-format
++msgid "sss_ssh_knownhostsproxy: unable to proxy data: %s\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:330
++#, c-format
++msgid "sss_ssh_knownhostsproxy: connect to host %s port %d: %s\n"
++msgstr ""
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:334
++#, c-format
++msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
++msgid "The UID of the user"
++msgstr ""
++
++#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
++msgid "The comment string"
++msgstr ""
++
++#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
++msgid "Home directory"
++msgstr "홈 디렉토리"
++
++#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
++msgid "Login shell"
++msgstr ""
++
++#: src/tools/sss_useradd.c:53
++msgid "Groups"
++msgstr "그룹"
++
++#: src/tools/sss_useradd.c:54
++msgid "Create user's directory if it does not exist"
++msgstr ""
++
++#: src/tools/sss_useradd.c:55
++msgid "Never create user's directory, overrides config"
++msgstr ""
++
++#: src/tools/sss_useradd.c:56
++msgid "Specify an alternative skeleton directory"
++msgstr ""
++
++#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
++msgid "The SELinux user for user's login"
++msgstr ""
++
++#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
++#: src/tools/sss_usermod.c:92
++msgid "Specify group to add to\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:111
++msgid "Specify user to add\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
++#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
++#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
++#: src/tools/sss_usermod.c:162
++msgid "Error initializing the tools - no local domain\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
++#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
++#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
++#: src/tools/sss_usermod.c:164
++msgid "Error initializing the tools\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
++#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
++#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
++#: src/tools/sss_usermod.c:173
++msgid "Invalid domain specified in FQDN\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
++#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
++#: src/tools/sss_usermod.c:226
++msgid "Internal error while parsing parameters\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
++#: src/tools/sss_usermod.c:235
++msgid "Groups must be in the same domain as user\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:159
++#, c-format
++msgid "Cannot find group %1$s in local domain\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
++msgid "Cannot set default values\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
++msgid "The selected UID is outside the allowed range\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
++msgid "Cannot set SELinux login context\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:224
++msgid "Cannot get info about the user\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:236
++msgid "User's home directory already exists, not copying data from skeldir\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:239
++#, c-format
++msgid "Cannot create user's home directory: %1$s\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:250
++#, c-format
++msgid "Cannot create user's mail spool: %1$s\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:270
++msgid "Could not allocate ID for the user - domain full?\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:274
++msgid "A user or group with the same name or ID already exists\n"
++msgstr ""
++
++#: src/tools/sss_useradd.c:280
++msgid "Transaction error. Could not add user.\n"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
++msgid "The GID of the group"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:76
++msgid "Specify group to add\n"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
++msgid "The selected GID is outside the allowed range\n"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:143
++msgid "Could not allocate ID for the group - domain full?\n"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:147
++msgid "A group with the same name or GID already exists\n"
++msgstr ""
++
++#: src/tools/sss_groupadd.c:153
++msgid "Transaction error. Could not add group.\n"
++msgstr ""
++
++#: src/tools/sss_groupdel.c:70
++msgid "Specify group to delete\n"
++msgstr ""
++
++#: src/tools/sss_groupdel.c:104
++#, c-format
++msgid "Group %1$s is outside the defined ID range for domain\n"
++msgstr ""
++
++#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
++#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
++#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
++#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
++#, c-format
++msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
++msgstr ""
++
++#: src/tools/sss_groupdel.c:132
++msgid ""
++"No such group in local domain. Removing groups only allowed in local "
++"domain.\n"
++msgstr ""
++
++#: src/tools/sss_groupdel.c:137
++msgid "Internal error. Could not remove group.\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:44
++msgid "Groups to add this group to"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:46
++msgid "Groups to remove this group from"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
++msgid "Specify group to remove from\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:101
++msgid "Specify group to modify\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:130
++msgid ""
++"Cannot find group in local domain, modifying groups is allowed only in local "
++"domain\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
++msgid "Member groups must be in the same domain as parent group\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
++#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
++#, c-format
++msgid ""
++"Cannot find group %1$s in local domain, only groups in local domain are "
++"allowed\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:257
++msgid "Could not modify group - check if member group names are correct\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:261
++msgid "Could not modify group - check if groupname is correct\n"
++msgstr ""
++
++#: src/tools/sss_groupmod.c:265
++msgid "Transaction error. Could not modify group.\n"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:616
++msgid "Magic Private "
++msgstr ""
++
++#: src/tools/sss_groupshow.c:615
++#, c-format
++msgid "%1$s%2$sGroup: %3$s\n"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:618
++#, c-format
++msgid "%1$sGID number: %2$d\n"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:620
++#, c-format
++msgid "%1$sMember users: "
++msgstr ""
++
++#: src/tools/sss_groupshow.c:627
++#, c-format
++msgid ""
++"\n"
++"%1$sIs a member of: "
++msgstr ""
++
++#: src/tools/sss_groupshow.c:634
++#, c-format
++msgid ""
++"\n"
++"%1$sMember groups: "
++msgstr ""
++
++#: src/tools/sss_groupshow.c:670
++msgid "Print indirect group members recursively"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:704
++msgid "Specify group to show\n"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:744
++msgid ""
++"No such group in local domain. Printing groups only allowed in local "
++"domain.\n"
++msgstr ""
++
++#: src/tools/sss_groupshow.c:749
++msgid "Internal error. Could not print group.\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:138
++msgid "Remove home directory and mail spool"
++msgstr ""
++
++#: src/tools/sss_userdel.c:140
++msgid "Do not remove home directory and mail spool"
++msgstr ""
++
++#: src/tools/sss_userdel.c:142
++msgid "Force removal of files not owned by the user"
++msgstr ""
++
++#: src/tools/sss_userdel.c:144
++msgid "Kill users' processes before removing him"
++msgstr ""
++
++#: src/tools/sss_userdel.c:190
++msgid "Specify user to delete\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:236
++#, c-format
++msgid "User %1$s is outside the defined ID range for domain\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:261
++msgid "Cannot reset SELinux login context\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:273
++#, c-format
++msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:278
++msgid "Cannot determine if the user was logged in on this platform"
++msgstr ""
++
++#: src/tools/sss_userdel.c:283
++msgid "Error while checking if the user was logged in\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:290
++#, c-format
++msgid "The post-delete command failed: %1$s\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:310
++msgid "Not removing home dir - not owned by user\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:312
++#, c-format
++msgid "Cannot remove homedir: %1$s\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:326
++msgid ""
++"No such user in local domain. Removing users only allowed in local domain.\n"
++msgstr ""
++
++#: src/tools/sss_userdel.c:331
++msgid "Internal error. Could not remove user.\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:49
++msgid "The GID of the user"
++msgstr ""
++
++#: src/tools/sss_usermod.c:53
++msgid "Groups to add this user to"
++msgstr ""
++
++#: src/tools/sss_usermod.c:54
++msgid "Groups to remove this user from"
++msgstr ""
++
++#: src/tools/sss_usermod.c:55
++msgid "Lock the account"
++msgstr ""
++
++#: src/tools/sss_usermod.c:56
++msgid "Unlock the account"
++msgstr ""
++
++#: src/tools/sss_usermod.c:57
++msgid "Add an attribute/value pair. The format is attrname=value."
++msgstr ""
++
++#: src/tools/sss_usermod.c:58
++msgid "Delete an attribute/value pair. The format is attrname=value."
++msgstr ""
++
++#: src/tools/sss_usermod.c:59
++msgid ""
++"Set an attribute to a name/value pair. The format is attrname=value. For "
++"multi-valued attributes, the command replaces the values already present"
++msgstr ""
++
++#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
++#: src/tools/sss_usermod.c:135
++msgid "Specify the attribute name/value pair(s)\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:152
++msgid "Specify user to modify\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:180
++msgid ""
++"Cannot find user in local domain, modifying users is allowed only in local "
++"domain\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:322
++msgid "Could not modify user - check if group names are correct\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:326
++msgid "Could not modify user - user already member of groups?\n"
++msgstr ""
++
++#: src/tools/sss_usermod.c:330
++msgid "Transaction error. Could not modify user.\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:245
++msgid "No cache object matched the specified search\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:536
++#, c-format
++msgid "Couldn't invalidate %1$s\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:543
++#, c-format
++msgid "Couldn't invalidate %1$s %2$s\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:734
++msgid "Invalidate all cached entries"
++msgstr ""
++
++#: src/tools/sss_cache.c:736
++msgid "Invalidate particular user"
++msgstr ""
++
++#: src/tools/sss_cache.c:738
++msgid "Invalidate all users"
++msgstr ""
++
++#: src/tools/sss_cache.c:740
++msgid "Invalidate particular group"
++msgstr ""
++
++#: src/tools/sss_cache.c:742
++msgid "Invalidate all groups"
++msgstr ""
++
++#: src/tools/sss_cache.c:744
++msgid "Invalidate particular netgroup"
++msgstr ""
++
++#: src/tools/sss_cache.c:746
++msgid "Invalidate all netgroups"
++msgstr ""
++
++#: src/tools/sss_cache.c:748
++msgid "Invalidate particular service"
++msgstr ""
++
++#: src/tools/sss_cache.c:750
++msgid "Invalidate all services"
++msgstr ""
++
++#: src/tools/sss_cache.c:753
++msgid "Invalidate particular autofs map"
++msgstr ""
++
++#: src/tools/sss_cache.c:755
++msgid "Invalidate all autofs maps"
++msgstr ""
++
++#: src/tools/sss_cache.c:759
++msgid "Invalidate particular SSH host"
++msgstr ""
++
++#: src/tools/sss_cache.c:761
++msgid "Invalidate all SSH hosts"
++msgstr ""
++
++#: src/tools/sss_cache.c:765
++msgid "Invalidate particular sudo rule"
++msgstr ""
++
++#: src/tools/sss_cache.c:767
++msgid "Invalidate all cached sudo rules"
++msgstr ""
++
++#: src/tools/sss_cache.c:770
++msgid "Only invalidate entries from a particular domain"
++msgstr ""
++
++#: src/tools/sss_cache.c:824
++msgid ""
++"Unexpected argument(s) provided, options that invalidate a single object "
++"only accept a single provided argument.\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:834
++msgid "Please select at least one object to invalidate\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:917
++#, c-format
++msgid ""
++"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
++"use fully qualified name instead of --domain/-d parameter.\n"
++msgstr ""
++
++#: src/tools/sss_cache.c:922
++msgid "Could not open available domains\n"
++msgstr ""
++
++#: src/tools/tools_util.c:202
++#, c-format
++msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
++msgstr ""
++
++#: src/tools/tools_util.c:309
++msgid "Out of memory\n"
++msgstr "메모리 부족\n"
++
++#: src/tools/tools_util.h:40
++#, c-format
++msgid "%1$s must be run as root\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:35
++msgid "yes"
++msgstr "예"
++
++#: src/tools/sssctl/sssctl.c:37
++msgid "no"
++msgstr "아니요"
++
++#: src/tools/sssctl/sssctl.c:39
++msgid "error"
++msgstr "오류"
++
++#: src/tools/sssctl/sssctl.c:42
++msgid "Invalid result."
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:78
++msgid "Unable to read user input\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:91
++#, c-format
++msgid "Invalid input, please provide either '%s' or '%s'.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
++msgid "Error while executing external command\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:156
++msgid "SSSD needs to be running. Start SSSD now?"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:195
++msgid "SSSD must not be running. Stop SSSD now?"
++msgstr ""
++
++#: src/tools/sssctl/sssctl.c:231
++msgid "SSSD needs to be restarted. Restart SSSD now?"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:31
++#, c-format
++msgid " %s is not present in cache.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:33
++msgid "Name"
++msgstr "이름"
++
++#: src/tools/sssctl/sssctl_cache.c:34
++msgid "Cache entry creation date"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:35
++msgid "Cache entry last update time"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:36
++msgid "Cache entry expiration time"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:37
++msgid "Cached in InfoPipe"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:522
++#, c-format
++msgid "Error: Unable to get object [%d]: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:538
++#, c-format
++msgid "%s: Unable to read value [%d]: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:566
++msgid "Specify name."
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:576
++#, c-format
++msgid "Unable to parse name %s.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
++msgid "Search by SID"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:603
++msgid "Search by user ID"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:612
++msgid "Initgroups expiration time"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_cache.c:650
++msgid "Search by group ID"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:79
++msgid ""
++"Specify a non-default snippet dir (The default is to look in the same place "
++"where the main config file is located. For example if the config is set to "
++"\"/my/path/sssd.conf\", the snippet dir \"/my/path/conf.d\" is used)"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:118
++#, c-format
++msgid "Failed to open %s\n"
++msgstr "%s 열기 실패\n"
++
++#: src/tools/sssctl/sssctl_config.c:123
++#, c-format
++msgid "File %1$s does not exist.\n"
++msgstr "파일 %1$s이 존재하지 않음.\n"
++
++#: src/tools/sssctl/sssctl_config.c:127
++msgid ""
++"File ownership and permissions check failed. Expected root:root and 0600.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:133
++#, c-format
++msgid "Failed to load configuration from %s.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:139
++msgid "Error while reading configuration directory.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:147
++msgid ""
++"There is no configuration. SSSD will use default configuration with files "
++"provider.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:159
++msgid "Failed to run validators"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:163
++#, c-format
++msgid "Issues identified by validators: %zu\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:174
++#, c-format
++msgid "Messages generated during configuration merging: %zu\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_config.c:185
++#, c-format
++msgid "Used configuration snippet files: %zu\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:89
++#, c-format
++msgid "Unable to create backup directory [%d]: %s"
++msgstr "백업 디렉토리를 만들 수 없습니다 [%d]: %s"
++
++#: src/tools/sssctl/sssctl_data.c:95
++msgid "SSSD backup of local data already exists, override?"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:111
++msgid "Unable to export user overrides\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:118
++msgid "Unable to export group overrides\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
++msgid "Override existing backup"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:164
++msgid "Unable to import user overrides\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:173
++msgid "Unable to import group overrides\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
++#: src/tools/sssctl/sssctl_domains.c:328
++msgid "Start SSSD if it is not running"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:195
++msgid "Restart SSSD after data import"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:218
++msgid "Create clean cache files and import local data"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:219
++msgid "Stop SSSD before removing the cache"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:220
++msgid "Start SSSD when the cache is removed"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:235
++msgid "Creating backup of local data...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:238
++msgid "Unable to create backup of local data, can not remove the cache.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:243
++msgid "Removing cache files...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:246
++msgid "Unable to remove cache files\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_data.c:251
++msgid "Restoring local data...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:83
++msgid "Show domain list including primary or trusted domain type"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
++#: src/tools/sssctl/sssctl_user_checks.c:95
++msgid "Unable to connect to system bus!\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Online"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Offline"
++msgstr "오프라인"
++
++#: src/tools/sssctl/sssctl_domains.c:167
++#, c-format
++msgid "Online status: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:213
++msgid "This domain has no active servers.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:218
++msgid "Active servers:\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:230
++msgid "not connected"
++msgstr "연결되지 않음"
++
++#: src/tools/sssctl/sssctl_domains.c:267
++msgid "No servers discovered.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:273
++#, c-format
++msgid "Discovered %s servers:\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:285
++msgid "None so far.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:325
++msgid "Show online status"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:326
++msgid "Show information about active server"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:327
++msgid "Show list of discovered servers"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:333
++msgid "Specify domain name."
++msgstr ""
++
++#: src/tools/sssctl/sssctl_domains.c:355
++msgid "Out of memory!\n"
++msgstr "메모리가 다 찼습니다!\n"
++
++#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
++msgid "Unable to get online status\n"
++msgstr "온라인 상태를 얻는 데 실패\n"
++
++#: src/tools/sssctl/sssctl_domains.c:395
++msgid "Unable to get server list\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:46
++msgid "\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:236
++msgid "Delete log files instead of truncating"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:247
++msgid "Deleting log files...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:250
++msgid "Unable to remove log files\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:256
++msgid "Truncating log files...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:259
++msgid "Unable to truncate log files\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:285
++msgid "Out of memory!"
++msgstr "메모리가 다 찼습니다!"
++
++#: src/tools/sssctl/sssctl_logs.c:288
++#, c-format
++msgid "Archiving log files into %s...\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:291
++msgid "Unable to archive log files\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_logs.c:316
++msgid "Specify debug level you want to set"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:117
++msgid "SSSD InfoPipe user lookup result:\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:167
++#, c-format
++msgid "dlopen failed with [%s].\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:174
++#, c-format
++msgid "dlsym failed with [%s].\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:182
++msgid "malloc failed.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:189
++#, c-format
++msgid "sss_getpwnam_r failed with [%d].\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:194
++msgid "SSSD nss user lookup result:\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:195
++#, c-format
++msgid " - user name: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:196
++#, c-format
++msgid " - user id: %d\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:197
++#, c-format
++msgid " - group id: %d\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:198
++#, c-format
++msgid " - gecos: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:199
++#, c-format
++msgid " - home directory: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:200
++#, c-format
++msgid ""
++" - shell: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:232
++msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:235
++msgid "PAM service, default: "
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:240
++msgid "Specify user name."
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:247
++#, c-format
++msgid ""
++"user: %s\n"
++"action: %s\n"
++"service: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:252
++#, c-format
++msgid "User name lookup with [%s] failed.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:257
++#, c-format
++msgid "InfoPipe User lookup with [%s] failed.\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:263
++#, c-format
++msgid "pam_start failed: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:268
++msgid ""
++"testing pam_authenticate\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:272
++#, c-format
++msgid "pam_get_item failed: %s\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:275
++#, c-format
++msgid ""
++"pam_authenticate for user [%s]: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:278
++msgid ""
++"testing pam_chauthtok\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:280
++#, c-format
++msgid ""
++"pam_chauthtok: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:282
++msgid ""
++"testing pam_acct_mgmt\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:284
++#, c-format
++msgid ""
++"pam_acct_mgmt: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:286
++msgid ""
++"testing pam_setcred\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:288
++#, c-format
++msgid ""
++"pam_setcred: [%s]\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:290
++msgid ""
++"testing pam_open_session\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:292
++#, c-format
++msgid ""
++"pam_open_session: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:294
++msgid ""
++"testing pam_close_session\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:296
++#, c-format
++msgid ""
++"pam_close_session: %s\n"
++"\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:298
++msgid "unknown action\n"
++msgstr "알 수 없는 동작\n"
++
++#: src/tools/sssctl/sssctl_user_checks.c:301
++msgid "PAM Environment:\n"
++msgstr ""
++
++#: src/tools/sssctl/sssctl_user_checks.c:309
++msgid " - no env -\n"
++msgstr ""
++
++#: src/util/util.h:93
++msgid "The user ID to run the server as"
++msgstr ""
++
++#: src/util/util.h:95
++msgid "The group ID to run the server as"
++msgstr ""
++
++#: src/util/util.h:103
++msgid "Informs that the responder has been socket-activated"
++msgstr ""
++
++#: src/util/util.h:105
++msgid "Informs that the responder has been dbus-activated"
++msgstr ""
+diff --git a/po/zh_CN.po b/po/zh_CN.po
+index 31542dd52..c10779e8c 100644
+--- a/po/zh_CN.po
++++ b/po/zh_CN.po
+@@ -13,7 +13,7 @@ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+ "POT-Creation-Date: 2021-07-12 20:53+0200\n"
+-"PO-Revision-Date: 2021-03-18 10:39+0000\n"
++"PO-Revision-Date: 2021-07-20 07:04+0000\n"
+ "Last-Translator: Sundeep Anand <suanand@redhat.com>\n"
+ "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/"
+ "projects/sssd/sssd-master/zh_CN/>\n"
+@@ -22,7 +22,7 @@ msgstr ""
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+-"X-Generator: Weblate 4.5.1\n"
++"X-Generator: Weblate 4.7.1\n"
+
+ #: src/config/SSSDConfig/sssdoptions.py:20
+ #: src/config/SSSDConfig/sssdoptions.py:21
+@@ -39,7 +39,7 @@ msgstr "在调试日志中的时间戳中包含微秒"
+
+ #: src/config/SSSDConfig/sssdoptions.py:24
+ msgid "Enable/disable debug backtrace"
+-msgstr ""
++msgstr "启用/禁用 debug backtrace"
+
+ #: src/config/SSSDConfig/sssdoptions.py:25
+ msgid "Watchdog timeout before restarting service"
+@@ -329,9 +329,8 @@ msgid "Path to certificate database with PKCS#11 modules."
+ msgstr "带有 PKCS#11 模块的证书数据库的路径。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:101
+-#, fuzzy
+ msgid "Tune certificate verification for PAM authentication."
+-msgstr "调整证书验证"
++msgstr "对 PAM 验证调整证书验证。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:102
+ msgid "How many seconds will pam_sss wait for p11_child to finish"
+@@ -347,12 +346,12 @@ msgstr "允许服务使用智能卡"
+
+ #: src/config/SSSDConfig/sssdoptions.py:105
+ msgid "Additional timeout to wait for a card if requested"
+-msgstr "等待卡的额外超时,如果请求。"
++msgstr "等待卡的额外超时,如果请求"
+
+ #: src/config/SSSDConfig/sssdoptions.py:106
+ msgid ""
+ "PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
+-msgstr "PKCS#11 URI,用于限制智能卡认证设备的选择。"
++msgstr "PKCS#11 URI,用于限制智能卡认证设备的选择"
+
+ #: src/config/SSSDConfig/sssdoptions.py:107
+ msgid "When shall the PAM responder force an initgroups request"
+@@ -371,6 +370,7 @@ msgid ""
+ "List of pairs <PAM service>:<authentication indicator> that must be enforced "
+ "for PAM access with GSSAPI authentication"
+ msgstr ""
++"<PAM service>:<authentication indicator> 对列表,它们必须强制使用 GSSAPI 身份验证进行 PAM 访问"
+
+ #: src/config/SSSDConfig/sssdoptions.py:114
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -403,13 +403,13 @@ msgstr "到可信 CA 证书存储的路径"
+
+ #: src/config/SSSDConfig/sssdoptions.py:127
+ msgid "Allow to generate ssh-keys from certificates"
+-msgstr "允许从证书中生成 ssh-keys。"
++msgstr "允许从证书中生成 ssh-keys"
+
+ #: src/config/SSSDConfig/sssdoptions.py:128
+ msgid ""
+ "Use the following matching rules to filter the certificates for ssh-key "
+ "generation"
+-msgstr "使用以下匹配规则来过滤生成 ssh-key 的证书。"
++msgstr "使用以下匹配规则来过滤生成 ssh-key 的证书"
+
+ #: src/config/SSSDConfig/sssdoptions.py:132
+ msgid "List of UIDs or user names allowed to access the PAC responder"
+@@ -1698,7 +1698,7 @@ msgstr "自动智能刷新周期"
+
+ #: src/config/SSSDConfig/sssdoptions.py:518
+ msgid "Smart and full refresh random offset"
+-msgstr ""
++msgstr "智能和完整刷新随机偏移"
+
+ #: src/config/SSSDConfig/sssdoptions.py:519
+ msgid "Whether to filter rules by hostname, IP addresses and network"
+@@ -1905,7 +1905,7 @@ msgstr "使用的 NSS 库的名称"
+
+ #: src/config/SSSDConfig/sssdoptions.py:581
+ msgid "The name of the NSS library to use for hosts and networks lookups"
+-msgstr "用于查询主机和网络的 NSS 库名称。"
++msgstr "用于查询主机和网络的 NSS 库名称"
+
+ #: src/config/SSSDConfig/sssdoptions.py:582
+ msgid "Whether to look up canonical group name from cache if possible"
+@@ -1946,7 +1946,7 @@ msgstr "刷新配置数据库,然后退出"
+
+ #: src/monitor/monitor.c:2420
+ msgid "Similar to --genconf, but only refreshes the given section"
+-msgstr "类似于 --genconf,但只刷新指定的部分。"
++msgstr "类似于 --genconf,但只刷新指定的部分"
+
+ #: src/monitor/monitor.c:2423
+ msgid "Print version number and exit"
+@@ -1954,15 +1954,15 @@ msgstr "显示版本号并退出"
+
+ #: src/monitor/monitor.c:2461
+ msgid "Option -i|--interactive is not allowed together with -D|--daemon\n"
+-msgstr ""
++msgstr "选项 -i|--interactive 不能和 -D|--daemon 一起使用\n"
+
+ #: src/monitor/monitor.c:2467
+ msgid "Option -g is incompatible with -D or -i\n"
+-msgstr ""
++msgstr "选项 -g 与 -D 或 -i 不兼容\n"
+
+ #: src/monitor/monitor.c:2480
+ msgid "Running under %"
+-msgstr ""
++msgstr "运行于 % 下"
+
+ #: src/monitor/monitor.c:2562
+ msgid "SSSD is already running\n"
+@@ -2009,13 +2009,12 @@ msgid "Use custom version of krb5_get_init_creds_password"
+ msgstr "使用自定义版本的 krb5_get_init_creds_password"
+
+ #: src/providers/krb5/krb5_child.c:3375 src/providers/ldap/ldap_child.c:663
+-#, fuzzy
+ msgid "talloc_asprintf failed.\n"
+-msgstr "malloc 失败。\n"
++msgstr "talloc_asprintf 失败。\n"
+
+ #: src/providers/krb5/krb5_child.c:3385 src/providers/ldap/ldap_child.c:672
+ msgid "set_debug_file_from_fd failed.\n"
+-msgstr ""
++msgstr "set_debug_file_from_fd 失败。\n"
+
+ #: src/providers/data_provider_be.c:733
+ msgid "Domain of the information provider (mandatory)"
+@@ -2055,7 +2054,7 @@ msgstr "查找错误说明时出现意外错误"
+
+ #: src/sss_client/pam_sss.c:68
+ msgid "Permission denied. "
+-msgstr "权限被拒绝。"
++msgstr "权限被拒绝。 "
+
+ #: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:785
+ #: src/sss_client/pam_sss.c:796
+@@ -2104,15 +2103,15 @@ msgstr "更改 OTP 密码后,您需要注销并重新登录以获得票证"
+
+ #: src/sss_client/pam_sss.c:782 src/sss_client/pam_sss.c:795
+ msgid "Password change failed. "
+-msgstr "更改密码失败。"
++msgstr "更改密码失败。 "
+
+ #: src/sss_client/pam_sss.c:2045
+ msgid "New Password: "
+-msgstr "新密码:"
++msgstr "新密码: "
+
+ #: src/sss_client/pam_sss.c:2046
+ msgid "Reenter new Password: "
+-msgstr "重新输入新密码:"
++msgstr "重新输入新密码: "
+
+ #: src/sss_client/pam_sss.c:2208 src/sss_client/pam_sss.c:2211
+ msgid "First Factor: "
+@@ -2128,7 +2127,7 @@ msgstr "第二因素: "
+
+ #: src/sss_client/pam_sss.c:2230
+ msgid "Password: "
+-msgstr "密码:"
++msgstr "密码: "
+
+ #: src/sss_client/pam_sss.c:2382 src/sss_client/pam_sss.c:2385
+ msgid "First Factor (Current Password): "
+@@ -2136,7 +2135,7 @@ msgstr "第一因素(当前密码): "
+
+ #: src/sss_client/pam_sss.c:2389
+ msgid "Current Password: "
+-msgstr "当前密码:"
++msgstr "当前密码: "
+
+ #: src/sss_client/pam_sss.c:2746
+ msgid "Password expired. Change your password now."
+@@ -2268,7 +2267,7 @@ msgstr "初始化工具时出错 - 没有本地域\n"
+ #: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
+ #: src/tools/sss_usermod.c:164
+ msgid "Error initializing the tools\n"
+-msgstr "初始化工具出错。\n"
++msgstr "初始化工具出错\n"
+
+ #: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+ #: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+@@ -2426,7 +2425,7 @@ msgstr "无法修改组 - 检查成员组名称是否正确\n"
+
+ #: src/tools/sss_groupmod.c:261
+ msgid "Could not modify group - check if groupname is correct\n"
+-msgstr " 无法修改组 - 检查组名是否正确\n"
++msgstr "无法修改组 - 检查组名是否正确\n"
+
+ #: src/tools/sss_groupmod.c:265
+ msgid "Transaction error. Could not modify group.\n"
+@@ -2449,7 +2448,7 @@ msgstr "%1$sGID 号:%2$d\n"
+ #: src/tools/sss_groupshow.c:620
+ #, c-format
+ msgid "%1$sMember users: "
+-msgstr "%1$sMember 用户:"
++msgstr "%1$sMember 用户: "
+
+ #: src/tools/sss_groupshow.c:627
+ #, c-format
+@@ -2458,7 +2457,7 @@ msgid ""
+ "%1$sIs a member of: "
+ msgstr ""
+ "\n"
+-"%1$sIs 一个成员:"
++"%1$sIs 一个成员: "
+
+ #: src/tools/sss_groupshow.c:634
+ #, c-format
+@@ -2467,7 +2466,7 @@ msgid ""
+ "%1$sMember groups: "
+ msgstr ""
+ "\n"
+-"%1$sMember 组:"
++"%1$sMember 组: "
+
+ #: src/tools/sss_groupshow.c:670
+ msgid "Print indirect group members recursively"
+@@ -2541,7 +2540,7 @@ msgstr "没有删除主目录 - 不归用户所有\n"
+ #: src/tools/sss_userdel.c:312
+ #, c-format
+ msgid "Cannot remove homedir: %1$s\n"
+-msgstr "无法删除主目录:%1$s\n"
++msgstr "无法删除主目录: %1$s\n"
+
+ #: src/tools/sss_userdel.c:326
+ msgid ""
+@@ -2584,9 +2583,7 @@ msgstr "删除一个属性/值对。格式为 attrname=value。"
+ msgid ""
+ "Set an attribute to a name/value pair. The format is attrname=value. For "
+ "multi-valued attributes, the command replaces the values already present"
+-msgstr ""
+-"将属性设置为名称/值对。格式为 attrname=value。对于多值属性,替换值的命令已存"
+-"在。"
++msgstr "将属性设置为名称/值对。格式为 attrname=value。对于多值属性,替换值的命令已存在"
+
+ #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+ #: src/tools/sss_usermod.c:135
+@@ -2843,12 +2840,12 @@ msgstr ""
+ #: src/tools/sssctl/sssctl_config.c:118
+ #, c-format
+ msgid "Failed to open %s\n"
+-msgstr "打开失败:%s\n"
++msgstr "打开失败: %s\n"
+
+ #: src/tools/sssctl/sssctl_config.c:123
+ #, c-format
+ msgid "File %1$s does not exist.\n"
+-msgstr "文件 %1$s 不存在\n"
++msgstr "文件 %1$s 不存在。\n"
+
+ #: src/tools/sssctl/sssctl_config.c:127
+ msgid ""
+@@ -3138,11 +3135,11 @@ msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:232
+ msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
+-msgstr "PAM 操作 [auth|acct|setc|chau|open|clos],默认:"
++msgstr "PAM 操作 [auth|acct|setc|chau|open|clos],默认: "
+
+ #: src/tools/sssctl/sssctl_user_checks.c:235
+ msgid "PAM service, default: "
+-msgstr "PAM 服务,默认:"
++msgstr "PAM 服务,默认: "
+
+ #: src/tools/sssctl/sssctl_user_checks.c:240
+ msgid "Specify user name."
+@@ -3174,7 +3171,7 @@ msgstr "使用 [%s] 进行 InfoPipe 用户查找失败。\n"
+ #: src/tools/sssctl/sssctl_user_checks.c:263
+ #, c-format
+ msgid "pam_start failed: %s\n"
+-msgstr "pam_start 失败:%s\n"
++msgstr "pam_start 失败: %s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:268
+ msgid ""
+@@ -3187,7 +3184,7 @@ msgstr ""
+ #: src/tools/sssctl/sssctl_user_checks.c:272
+ #, c-format
+ msgid "pam_get_item failed: %s\n"
+-msgstr "pam_get_item 失败:%s\n"
++msgstr "pam_get_item 失败: %s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:275
+ #, c-format
+diff --git a/src/man/po/ja.po b/src/man/po/ja.po
+index fc098a03a..3c3bd956d 100644
+--- a/src/man/po/ja.po
++++ b/src/man/po/ja.po
+@@ -13,16 +13,16 @@ msgstr ""
+ "Project-Id-Version: sssd-docs 2.3.0\n"
+ "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+ "POT-Creation-Date: 2021-07-12 20:51+0200\n"
+-"PO-Revision-Date: 2020-07-22 07:48-0400\n"
+-"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+-"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
+-"ja/)\n"
++"PO-Revision-Date: 2021-07-20 07:04+0000\n"
++"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
++"Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
++"sssd-manpage-master/ja/>\n"
+ "Language: ja\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+-"X-Generator: Zanata 4.6.2\n"
++"X-Generator: Weblate 4.7.1\n"
+
+ #. type: Content of: <reference><title>
+ #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+@@ -608,7 +608,7 @@ msgstr ""
+ msgid ""
+ "Controls if SSSD should monitor the state of resolv.conf to identify when it "
+ "needs to update its internal DNS resolver."
+-msgstr ""
++msgstr "内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv.conf の状態を監視するかどうかを制御します。"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:360
+@@ -1620,7 +1620,7 @@ msgstr "get_domains_timeout (整数)"
+ msgid ""
+ "Specifies time in seconds for which the list of subdomains will be "
+ "considered valid."
+-msgstr ""
++msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1137
+@@ -2960,6 +2960,8 @@ msgid ""
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+ msgstr ""
++"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS "
++"が返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2265 sssd-session-recording.5.xml:115
+@@ -2978,6 +2980,8 @@ msgid ""
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+ msgstr ""
++"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリストです。NSS "
++"が返すグループ名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2279 sssd.conf.5.xml:2311 sssd-session-recording.5.xml:129
+@@ -3394,7 +3398,7 @@ msgstr ""
+ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+-msgstr ""
++msgstr "リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何秒キャッシュするか。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2632
+@@ -3487,6 +3491,8 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
++"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、この値は、最初の認証要素 (長期パスワード) "
++"を SHA512 ハッシュとしてキャッシュに保存する必要がある最小の長さを決定します。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2715
+@@ -4524,7 +4530,7 @@ msgstr "realmd_tags (文字列)"
+ #: sssd.conf.5.xml:3677
+ msgid ""
+ "Various tags stored by the realmd configuration service for this domain."
+-msgstr ""
++msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3683
+@@ -7113,7 +7119,7 @@ msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
+ msgid ""
+ "Allows to retain local users as members of an LDAP group for servers that "
+ "use the RFC2307 schema."
+-msgstr ""
++msgstr "RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカルユーザーを保持することができます。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1446
+@@ -7440,7 +7446,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1731
+ msgid "The name of the automount master map in LDAP."
+-msgstr ""
++msgstr "LDAP のオートマウントマスターマップの名前。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1734
+@@ -13765,8 +13771,7 @@ msgid ""
+ "Set an attribute to a name/value pair. The format is attrname=value. For "
+ "multi-valued attributes, the command replaces the values already present"
+ msgstr ""
+-"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属"
+-"性の場合、コマンドがすでに存在する値に置き換えられます。"
++"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属性の場合、コマンドがすでに存在する値に置き換えられます"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sss_usermod.8.xml:160
+@@ -17766,7 +17771,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:878
+ msgid "The object class of a host entry in LDAP."
+-msgstr ""
++msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:881 sssd-ldap-attributes.5.xml:978
+@@ -17828,7 +17833,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:942
+ msgid "The LDAP attribute that contains the host's SSH public keys."
+-msgstr ""
++msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:952
+diff --git a/src/man/po/ru.po b/src/man/po/ru.po
+index b56765f17..931165a06 100644
+--- a/src/man/po/ru.po
++++ b/src/man/po/ru.po
+@@ -9,7 +9,7 @@ msgstr ""
+ "Project-Id-Version: sssd-docs 2.3.0\n"
+ "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+ "POT-Creation-Date: 2021-07-12 20:51+0200\n"
+-"PO-Revision-Date: 2021-07-10 16:04+0000\n"
++"PO-Revision-Date: 2021-07-20 07:04+0000\n"
+ "Last-Translator: Olesya Gerasimenko <gammaray@basealt.ru>\n"
+ "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/"
+ "sssd-manpage-master/ru/>\n"
+@@ -1107,6 +1107,9 @@ msgid ""
+ "The SSSD state changes caused by netlink events may be undesirable and can "
+ "be disabled by setting this option to 'true'"
+ msgstr ""
++"Изменения состояния SSSD, вызванные событиями netlink, могут быть "
++"нежелательными. Чтобы их отключить, установите этот параметр в значение "
++"«true»."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:630
+@@ -1124,11 +1127,13 @@ msgid ""
+ "When this option is enabled, SSSD prepends an implicit domain with "
+ "<quote>id_provider=files</quote> before any explicitly configured domains."
+ msgstr ""
++"Когда этот параметр включён, SSSD добавляет перед всеми явно настроенными "
++"доменами неявный домен с<quote>id_provider=files</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:652
+ msgid "domain_resolution_order"
+-msgstr ""
++msgstr "domain_resolution_order"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:655
+@@ -1140,6 +1145,12 @@ msgid ""
+ "subdomains which are not listed as part of <quote>lookup_order</quote> will "
+ "be looked up in a random order for each parent domain."
+ msgstr ""
++"Разделённый запятыми список доменов и поддоменов, который указывает порядок "
++"поиска. В список не требуется включать все возможные домены, так как поиск "
++"отсутствующих доменов будет выполняться на основе порядка, в котором они "
++"представлены в параметре конфигурации <quote>domains</quote>. Поиск "
++"поддоменов, которые не указаны в параметре <quote>lookup_order</quote>, "
++"будет выполняться в случайном порядке для каждого родительского домена."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:667
+@@ -1157,12 +1168,26 @@ msgid ""
+ "shortnames, making this workaround totally not recommended in cases where "
+ "usernames may overlap between domains."
+ msgstr ""
++"Обратите внимание: когда этот параметр задан, для вывода всех команд будет "
++"использоваться полный формат, даже если во входных данных использовались "
++"краткие имена (для всех пользователей, кроме находящихся под управлением "
++"поставщика файлов). Если администратору не требуется полный формат, "
++"параметр full_name_format можно использовать следующим образом: "
++"<quote>full_name_format=%1$s</quote>. Но следует учитывать, что при входе "
++"приложения часто преобразуют имя пользователя в каноническую форму, вызывая "
++"программу <citerefentry> <refentrytitle>getpwnam</refentrytitle> "
++"<manvolnum>3</manvolnum> </citerefentry>, которая, если для входных данных в "
++"полной форме возвращается краткое имя (при попытке обработки данных "
++"пользователя, существующего в нескольких доменах), может перенаправить "
++"попытку входа в домен, который использует краткие имена; следовательно, "
++"такое использование параметра категорически не рекомендуется, когда имена "
++"пользователей в разных доменах могут быть одинаковыми."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:692 sssd.conf.5.xml:1659 sssd.conf.5.xml:3927
+ #: sssd-ad.5.xml:164 sssd-ad.5.xml:304 sssd-ad.5.xml:318
+ msgid "Default: Not set"
+-msgstr ""
++msgstr "По умолчанию: не задано"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:208
+@@ -1174,11 +1199,17 @@ msgid ""
+ "some other important options like the identity domains. <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Отдельные функциональные возможности SSSD обеспечиваются специальными "
++"службами SSSD, которые запускаются и останавливаются вместе с SSSD. Эти "
++"службы находятся под управлением специальной службы, которую часто называют "
++"<quote>монитором</quote>. Настройка монитора и некоторых других важных "
++"параметров (например, доменов профилей) выполняется в разделе <quote>[sssd]</"
++"quote>. <placeholder type=\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd.conf.5.xml:703
+ msgid "SERVICES SECTIONS"
+-msgstr ""
++msgstr "РАЗДЕЛЫ СЛУЖБ"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:705
+@@ -1188,21 +1219,25 @@ msgid ""
+ "section, for example, for NSS service, the section would be <quote>[nss]</"
+ "quote>"
+ msgstr ""
++"В этом разделе приводится описание параметров, которые можно использовать "
++"для настройки различных служб. Они должны находится в разделах с именами "
++"[<replaceable>$NAME</replaceable>]. Например, для службы NSS это будет "
++"раздел <quote>[nss]</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:712
+ msgid "General service configuration options"
+-msgstr ""
++msgstr "Общие параметры настройки служб"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:714
+ msgid "These options can be used to configure any service."
+-msgstr ""
++msgstr "Эти параметры можно использовать для настройки любых служб."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:731
+ msgid "fd_limit"
+-msgstr ""
++msgstr "fd_limit"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:734
+@@ -1213,16 +1248,22 @@ msgid ""
+ "systems without this capability, the resulting value will be the lower value "
+ "of this or the limits.conf \"hard\" limit."
+ msgstr ""
++"Этот параметр задаёт максимальное количество файловых дескрипторов, которые "
++"может одновременно открыть этот процесс SSSD. В системах, где у SSSD имеется "
++"возможность CAP_SYS_RESOURCE, этот параметр будет использоваться независимо "
++"от других параметров системы. В системах без такой возможности количество "
++"дескрипторов будет определяться наименьшим значением этого параметра или "
++"ограничением «hard» в limits.conf."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:743
+ msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+-msgstr ""
++msgstr "По умолчанию: 8192 (или ограничение «hard» в limits.conf)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:748
+ msgid "client_idle_timeout"
+-msgstr ""
++msgstr "client_idle_timeout"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:751
+@@ -1233,6 +1274,11 @@ msgid ""
+ "can't be shorter than 10 seconds. If a lower value is configured, it will be "
+ "adjusted to 10 seconds."
+ msgstr ""
++"Этот параметр задаёт количество секунд, в течение которого клиент процесса "
++"SSSD может удерживать файловый дескриптор без передачи данных. Это значение "
++"ограничено в целях предотвращения исчерпания ресурсов системы. Оно не может "
++"быть меньше 10 секунд. Если указано меньшее значение, оно будет исправлено "
++"на 10 секунд."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:760
+@@ -1254,6 +1300,13 @@ msgid ""
+ "time for the previous ones. After each unsuccessful attempt to go online, "
+ "the new interval is recalculated by the following:"
+ msgstr ""
++"Когда SSSD переключается в автономный режим, количество времени до "
++"выполнения попытки вернуться в сеть будет увеличиваться в соответствии со "
++"временем, проведённым без подключения. По умолчанию SSSD использует "
++"приращение для расчёта задержки между повторными попытками. Поэтому время "
++"ожидания для конкретной попытки будет больше, чем для предыдущих. После "
++"каждой неудачной попытки вернуться в сеть интервал будет пересчитываться по "
++"следующей формуле:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:779 sssd.conf.5.xml:835
+@@ -1261,6 +1314,8 @@ msgid ""
+ "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
+ "offline_timeout_random_offset]"
+ msgstr ""
++"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
++"offline_timeout_random_offset]"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:782
+@@ -1269,6 +1324,10 @@ msgid ""
+ "value is 3600. The offline_timeout_random_offset default value is 30. The "
+ "end result is amount of seconds before next retry."
+ msgstr ""
++"Стандартное значение offline_timeout составляет 60. Стандартное значение "
++"offline_timeout_max — 3600. Стандартное значение "
++"offline_timeout_random_offset — 30. Конечный результат представляет собой "
++"количество секунд до следующей попытки."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:788
+@@ -1276,12 +1335,14 @@ msgid ""
+ "Note that the maximum length of each interval is defined by "
+ "offline_timeout_max (apart of random part)."
+ msgstr ""
++"Обратите внимание, что максимальная длительность каждого интервала задана "
++"параметром offline_timeout_max (кроме случайной части)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:792 sssd.conf.5.xml:1132 sssd.conf.5.xml:1486
+ #: sssd.conf.5.xml:1748 sssd-ldap.5.xml:469
+ msgid "Default: 60"
+-msgstr ""
++msgstr "По умолчанию: 60"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:797
+@@ -1294,11 +1355,13 @@ msgid ""
+ "Controls by how much the time between attempts to go online can be "
+ "incremented following unsuccessful attempts to go online."
+ msgstr ""
++"Управляет тем, насколько можно увеличить время между попытками вернуться в "
++"сеть после неудачных попыток восстановления подключения."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:805
+ msgid "A value of 0 disables the incrementing behaviour."
+-msgstr ""
++msgstr "Значение «0» отключает использование приращения."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:808
+@@ -1306,6 +1369,8 @@ msgid ""
+ "The value of this parameter should be set in correlation to offline_timeout "
+ "parameter value."
+ msgstr ""
++"Значение этого параметра следует устанавливать с учётом значения параметра "
++"offline_timeout."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:812
+@@ -1315,6 +1380,11 @@ msgid ""
+ "rule here should be to set offline_timeout_max to at least 4 times "
+ "offline_timeout."
+ msgstr ""
++"Если параметр offline_timeout установлен в значение «60» (значение по "
++"умолчанию), нет смысла указывать для параметра offlinet_timeout_max значение "
++"меньше 120, поскольку первый же шаг увеличения приведёт к его превышению. "
++"Общее правило таково: значение offline_timeout_max должно по крайней мере в "
++"4 раза превышать значение offline_timeout."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:818
+@@ -1322,6 +1392,9 @@ msgid ""
+ "Although a value between 0 and offline_timeout may be specified, it has the "
+ "effect of overriding the offline_timeout value so is of little use."
+ msgstr ""
++"Несмотря на то, что возможно указать значение от 0 до offline_timeout, "
++"результатом этого станет переопределение значения offline_timeout, что не "
++"имеет практического смысла."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:823
+@@ -1339,6 +1412,8 @@ msgid ""
+ "When SSSD is in offline mode it keeps probing backend servers in specified "
+ "time intervals:"
+ msgstr ""
++"Когда сервис SSSD находится в автономном режиме, он продолжает обращаться к "
++"внутренним серверам через заданные промежутки времени:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:838
+@@ -1346,16 +1421,19 @@ msgid ""
+ "This parameter controls the value of the random offset used for the above "
+ "equation. Final random_offset value will be random number in range:"
+ msgstr ""
++"Этот параметр управляет значением случайной задержки, которое используется "
++"для приведённого выше уравнения. Итоговым значением random_offset будет "
++"случайное число, принадлежащее диапазону:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:843
+ msgid "[0 - offline_timeout_random_offset]"
+-msgstr ""
++msgstr "[0 - offline_timeout_random_offset]"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:846
+ msgid "A value of 0 disables the random offset addition."
+-msgstr ""
++msgstr "Значение «0» отключает добавление случайной задержки."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:849
+@@ -1365,7 +1443,7 @@ msgstr "По умолчанию: 30"
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:854
+ msgid "responder_idle_timeout"
+-msgstr ""
++msgstr "responder_idle_timeout"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:857
+@@ -1378,17 +1456,24 @@ msgid ""
+ "built with systemd support and when services are either socket or D-Bus "
+ "activated."
+ msgstr ""
++"Этот параметр задаёт количество секунд, в течение которого процесс ответчика "
++"SSSD может работать без использования. Это значение ограничено в целях "
++"предотвращения исчерпания ресурсов системы. Минимально допустимое значение: "
++"60 секунд. Установка этого параметра в значение «0» (ноль) означает, что для "
++"ответчика не устанавливается тайм-аут. Этот параметр используется только в "
++"том случае, если сервис SSSD собран с поддержкой systemd и если службы "
++"активируются с помощью сокетов или D-Bus."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:871 sssd.conf.5.xml:1145 sssd.conf.5.xml:2187
+ #: sssd-ldap.5.xml:326
+ msgid "Default: 300"
+-msgstr ""
++msgstr "По умолчанию: 300"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:876
+ msgid "cache_first"
+-msgstr ""
++msgstr "cache_first"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:879
+@@ -1396,17 +1481,21 @@ msgid ""
+ "This option specifies whether the responder should query all caches before "
+ "querying the Data Providers."
+ msgstr ""
++"Этот параметр определяет, следует ли ответчику опрашивать все кэши перед "
++"опросом поставщиков данных."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:891
+ msgid "NSS configuration options"
+-msgstr ""
++msgstr "Параметры настройки NSS"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:893
+ msgid ""
+ "These options can be used to configure the Name Service Switch (NSS) service."
+ msgstr ""
++"Эти параметры можно использовать для настройки службы диспетчера службы имён "
++"(NSS)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:898
+@@ -1419,6 +1508,8 @@ msgid ""
+ "How many seconds should nss_sss cache enumerations (requests for info about "
+ "all users)"
+ msgstr ""
++"Длительность хранения перечислений (запросов информации обо всех "
++"пользователях) в кэше nss_sss в секундах"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:905
+@@ -1437,6 +1528,9 @@ msgid ""
+ "if they are requested beyond a percentage of the entry_cache_timeout value "
+ "for the domain."
+ msgstr ""
++"Можно настроить кэш записей на автоматическое обновление записей в "
++"фоновомрежиме, если запрос о них поступает в срок, определённый в процентах "
++"от значенияentry_cache_timeout для домена."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:919
+@@ -1447,6 +1541,12 @@ msgid ""
+ "but the SSSD will go and update the cache on its own, so that future "
+ "requests will not need to block waiting for a cache update."
+ msgstr ""
++"Например, если параметр entry_cache_timeout домена установлен в значение "
++"«30s» (секунд), а параметр entry_cache_nowait_percentage установлен в "
++"значение «50» (процентов), записи, которые поступят через 15 секунд после "
++"последнего обновления кэша, будут возвращены сразу, но SSSD выполнит "
++"обновление кэша, поэтому будущим запросам не потребуется блокировка в "
++"ожидании обновления кэша."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:929
+@@ -1456,11 +1556,16 @@ msgid ""
+ "percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
+ "disables this feature)"
+ msgstr ""
++"Корректные значения этого параметра находятся в диапазоне 0-99 и "
++"представляют собой значение в процентах от entry_cache_timeout для каждого "
++"домена. Чтобы сохранить производительность, это значение никогда не "
++"уменьшает тайм-аут nowait так, что он становится меньше 10 секунд. Установка "
++"значения «0» отключает эту возможность."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:937 sssd.conf.5.xml:1987
+ msgid "Default: 50"
+-msgstr ""
++msgstr "По умолчанию: 50"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:942
+@@ -1474,6 +1579,10 @@ msgid ""
+ "(that is, queries for invalid database entries, like nonexistent ones) "
+ "before asking the back end again."
+ msgstr ""
++"Означает количество секунд, в течение которого в кэше nss_sss будут "
++"храниться неудачные обращения к кэшу (запросы некорректных записей базы "
++"данных, например, несуществующих) перед повторным запросом к внутреннему "
++"серверу."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:951 sssd.conf.5.xml:2011
+@@ -1492,11 +1601,15 @@ msgid ""
+ "negative cache before trying to look it up in the back end again. Setting "
+ "the option to 0 disables this feature."
+ msgstr ""
++"Означает количество секунд, в течение которого в негативном кэше nss_sss "
++"будут храниться локальные пользователи и группы перед попыткой повторного "
++"поиска на внутреннем сервере. Установка значения «0» отключает эту "
++"возможность."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:965
+ msgid "Default: 14400 (4 hours)"
+-msgstr ""
++msgstr "По умолчанию: 14400 (4 часа)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:970
+@@ -1511,6 +1624,12 @@ msgid ""
+ "also be set per-domain or include fully-qualified names to filter only users "
+ "from the particular domain or by a user principal name (UPN)."
+ msgstr ""
++"Исключить определённых пользователей или группы из списка получения данных "
++"из базы данных NSS sss. Эта возможность особенно полезна для системных "
++"учётных записей. Этот параметр также возможно установить для каждого домена "
++"отдельно или включить в него полные имена, чтобы выполнить фильтрацию только "
++"пользователей из конкретного домена или по именам участников-пользователей "
++"(UPN)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:981
+@@ -1520,6 +1639,11 @@ msgid ""
+ "NSS. E.g. a group having a member group filtered out will still have the "
+ "member users of the latter listed."
+ msgstr ""
++"ПРИМЕЧАНИЕ: параметр filter_groups не влияет на наследование участников "
++"вложенных групп, так как фильтрация выполняется после их распространения для "
++"возврата с помощью NSS. Например, в списке участников группы, вложенная "
++"группа которой была отфильтрована, останутся пользователи из этой "
++"отфильтрованной вложенной группы."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:989
+@@ -1536,6 +1660,8 @@ msgstr "filter_users_in_groups (логическое значение)"
+ msgid ""
+ "If you want filtered user still be group members set this option to false."
+ msgstr ""
++"Если отфильтрованные пользователи должны оставаться участниками групп, "
++"установите этот параметр в значение «false»."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1008
+@@ -1548,12 +1674,16 @@ msgid ""
+ "Set a default template for a user's home directory if one is not specified "
+ "explicitly by the domain's data provider."
+ msgstr ""
++"Установить стандартный шаблон для домашнего каталога пользователя, если он "
++"явно не указан поставщиком данных домена."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1016
+ msgid ""
+ "The available values for this option are the same as for override_homedir."
+ msgstr ""
++"Допустимые значения этого параметра совпадают с допустимыми значениями "
++"параметра override_homedir."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1022
+@@ -1562,17 +1692,19 @@ msgid ""
+ "fallback_homedir = /home/%u\n"
+ " "
+ msgstr ""
++"fallback_homedir = /home/%u\n"
++" "
+
+ #. type: Content of: <varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1020 sssd.conf.5.xml:1553 sssd.conf.5.xml:1572
+ #: sssd.conf.5.xml:1627 sssd-krb5.5.xml:435 include/override_homedir.xml:59
+ msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+-msgstr ""
++msgstr "пример: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1026
+ msgid "Default: not set (no substitution for unset home directories)"
+-msgstr ""
++msgstr "По умолчанию: не задано (без замен для незаданных домашних каталогов)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1032
+@@ -1586,11 +1718,16 @@ msgid ""
+ "shell options if it takes effect and can be set either in the [nss] section "
+ "or per-domain."
+ msgstr ""
++"Переопределить исходную оболочку для всех пользователей. Этот параметр имеет "
++"приоритет над любыми другими параметрами оболочки, когда действует. Его "
++"возможно установить либо в разделе [nss], либо для каждого домена отдельно."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1041
+ msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
+ msgstr ""
++"По умолчанию: не задано (SSSD будет использовать значение, полученное от "
++"LDAP)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1047
+@@ -1602,11 +1739,15 @@ msgstr "allowed_shells (строка)"
+ msgid ""
+ "Restrict user shell to one of the listed values. The order of evaluation is:"
+ msgstr ""
++"Ограничить оболочку пользователя одним из указанных в списке значений. "
++"Порядок вычисления:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1053
+ msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+ msgstr ""
++"1. Если оболочка присутствует в файле <quote>/etc/shells</quote>, будет "
++"использована она."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1057
+@@ -1614,6 +1755,8 @@ msgid ""
+ "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+ "quote>, use the value of the shell_fallback parameter."
+ msgstr ""
++"2. Если оболочка присутствует в списке allowed_shells, но не в файле <quote>/"
++"etc/shells</quote>, использовать значение параметра shell_fallback."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1062
+@@ -1621,11 +1764,15 @@ msgid ""
+ "3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+ "shells</quote>, a nologin shell is used."
+ msgstr ""
++"3. Если оболочка отсутствует в списке allowed_shells и файле <quote>/etc/"
++"shells</quote>, будет использована оболочка, которая не требует входа."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1067
+ msgid "The wildcard (*) can be used to allow any shell."
+ msgstr ""
++"Чтобы разрешить использование любой оболочки, можно использовать "
++"подстановочный знак (*)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1070
+@@ -1634,6 +1781,9 @@ msgid ""
+ "shell is not in <quote>/etc/shells</quote> and maintaining list of all "
+ "allowed shells in allowed_shells would be to much overhead."
+ msgstr ""
++"Знаком (*) можно воспользоваться, чтобы использовать shell_fallback, когда "
++"оболочка пользователя отсутствует в файле <quote>/etc/shells</quote>, а "
++"ведение списка всех разрешённых оболочек в allowed_shells было бы излишним."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1077
+@@ -1646,11 +1796,14 @@ msgid ""
+ "The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+ "that a restart of the SSSD is required in case a new shell is installed."
+ msgstr ""
++"Чтение файла <quote>/etc/shells</quote> выполняется только при запуске SSSD. "
++"Следовательно, в случае установки новой оболочки потребуется перезапуск SSSD."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1084
+ msgid "Default: Not set. The user shell is automatically used."
+ msgstr ""
++"По умолчанию: не задано. Автоматически используется оболочка пользователя."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1089
+@@ -1660,7 +1813,7 @@ msgstr "vetoed_shells (строка)"
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1092
+ msgid "Replace any instance of these shells with the shell_fallback"
+-msgstr ""
++msgstr "Заменять все экземпляры этих оболочек на shell_fallback"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1097
+@@ -1672,16 +1825,18 @@ msgstr "shell_fallback (строка)"
+ msgid ""
+ "The default shell to use if an allowed shell is not installed on the machine."
+ msgstr ""
++"Оболочка по умолчанию, которую следует использовать, если разрешённая "
++"оболочка не установлена на компьютере."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1104
+ msgid "Default: /bin/sh"
+-msgstr ""
++msgstr "По умолчанию: /bin/sh"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1109
+ msgid "default_shell"
+-msgstr ""
++msgstr "default_shell"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1112
+@@ -1689,6 +1844,9 @@ msgid ""
+ "The default shell to use if the provider does not return one during lookup. "
+ "This option can be specified globally in the [nss] section or per-domain."
+ msgstr ""
++"Оболочка по умолчанию, которую следует использовать, если поставщик не "
++"вернул оболочку при поиске. Этот параметр можно указать как глобальный в "
++"разделе [nss] или для каждого домена отдельно."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1118
+@@ -1696,11 +1854,13 @@ msgid ""
+ "Default: not set (Return NULL if no shell is specified and rely on libc to "
+ "substitute something sensible when necessary, usually /bin/sh)"
+ msgstr ""
++"По умолчанию: не задано (вернуть NULL, если оболочка не указана, и "
++"положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1125 sssd.conf.5.xml:1479
+ msgid "get_domains_timeout (int)"
+-msgstr ""
++msgstr "get_domains_timeout (целое число)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1128 sssd.conf.5.xml:1482
+@@ -1708,6 +1868,8 @@ msgid ""
+ "Specifies time in seconds for which the list of subdomains will be "
+ "considered valid."
+ msgstr ""
++"Указывает время в секундах, в течение которого список поддоменов считается "
++"действительным."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1137
+@@ -1720,6 +1882,9 @@ msgid ""
+ "Specifies time in seconds for which records in the in-memory cache will be "
+ "valid. Setting this option to zero will disable the in-memory cache."
+ msgstr ""
++"Указывает время в секундах, в течение которого записи кэша в памяти будут "
++"оставаться действительными. Установка этого параметра в значение «0» "
++"отключит кэш в памяти."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1148
+@@ -1727,6 +1892,9 @@ msgid ""
+ "WARNING: Disabling the in-memory cache will have significant negative impact "
+ "on SSSD's performance and should only be used for testing."
+ msgstr ""
++"ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти окажет значительное негативное "
++"воздействие на производительность SSSD. Этот параметр следует использовать "
++"только для тестирования."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1154 sssd.conf.5.xml:1179 sssd.conf.5.xml:1204
+@@ -1735,6 +1903,9 @@ msgid ""
+ "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+ "client applications will not use the fast in-memory cache."
+ msgstr ""
++"ПРИМЕЧАНИЕ: если переменная среды SSS_NSS_USE_MEMCACHE установлена в "
++"значение «NO», клиентские приложения не будут использовать быстрый кэш в "
++"памяти."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1162
+@@ -1748,11 +1919,14 @@ msgid ""
+ "for passwd requests. Setting the size to 0 will disable the passwd in-"
+ "memory cache."
+ msgstr ""
++"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в "
++"памяти для запросов passwd. Установка размера в значение «0» отключит кэш в "
++"памяти для запросов passwd."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1171 sssd.conf.5.xml:2720 sssd-ldap.5.xml:513
+ msgid "Default: 8"
+-msgstr ""
++msgstr "По умолчанию: 8"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1174 sssd.conf.5.xml:1199 sssd.conf.5.xml:1224
+@@ -1760,6 +1934,8 @@ msgid ""
+ "WARNING: Disabled or too small in-memory cache can have significant negative "
+ "impact on SSSD's performance."
+ msgstr ""
++"ПРЕДУПРЕЖДЕНИЕ: отключение кэша в памяти или его слишком малый размер окажет "
++"значительное негативное воздействие на производительность SSSD."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1187
+@@ -1773,12 +1949,15 @@ msgid ""
+ "for group requests. Setting the size to 0 will disable the group in-memory "
+ "cache."
+ msgstr ""
++"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в "
++"памяти для запросов group. Установка размера в значение «0» отключит кэш в "
++"памяти для запросов group."
+
+ #. type: Content of: <variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1196 sssd.conf.5.xml:3515 sssd-ldap.5.xml:453
+ #: sssd-ldap.5.xml:495 include/failover.xml:116 include/krb5_options.xml:11
+ msgid "Default: 6"
+-msgstr ""
++msgstr "По умолчанию: 6"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1212
+@@ -1792,6 +1971,9 @@ msgid ""
+ "for initgroups requests. Setting the size to 0 will disable the initgroups "
+ "in-memory cache."
+ msgstr ""
++"Размер (в мегабайтах) таблицы данных, которая размещена в быстром кэше в "
++"памяти для запросов групп инициализации. Установка размера в значение «0» "
++"отключит кэш в памяти для запросов групп инициализации."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1237 sssd-ifp.5.xml:74
+@@ -1808,6 +1990,12 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for details) but with no default values."
+ msgstr ""
++"Некоторые из дополнительных запросов ответчика NSS могут возвращать больше "
++"атрибутов, чем просто атрибуты POSIX, определённые интерфейсом NSS. Этот "
++"параметр управляет списком атрибутов. Обработка выполняется тем же способом, "
++"что и для параметра <quote>user_attributes</quote> ответчика InfoPipe (см. "
++"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
++"manvolnum> </citerefentry>), но без стандартных значений."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1253
+@@ -1815,11 +2003,13 @@ msgid ""
+ "To make configuration more easy the NSS responder will check the InfoPipe "
+ "option if it is not set for the NSS responder."
+ msgstr ""
++"Для упрощения настройки ответчик NSS проверит параметр InfoPipe на то, задан "
++"ли он для ответчика NSS."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1258
+ msgid "Default: not set, fallback to InfoPipe option"
+-msgstr "По умолчанию: не задано, вернуться к параметру InfoPipe"
++msgstr "По умолчанию: не задано, использовать параметр InfoPipe"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1263
+@@ -1832,6 +2022,8 @@ msgid ""
+ "The value that NSS operations that return users or groups will return for "
+ "the <quote>password</quote> field."
+ msgstr ""
++"Значение, которое операции NSS, возвращающие пользователей или группы, "
++"вернут для поля <quote>password</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1271
+@@ -1844,6 +2036,8 @@ msgid ""
+ "Note: This option can also be set per-domain which overwrites the value in "
+ "[nss] section."
+ msgstr ""
++"Примечание: этот параметр также возможно задать для каждого домена отдельно, "
++"что будет иметь приоритет над значением в разделе [nss]."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1278
+@@ -1852,11 +2046,14 @@ msgid ""
+ "files domain), <quote>x</quote> (proxy domain with nss_files and sssd-"
+ "shadowutils target)"
+ msgstr ""
++"По умолчанию: <quote>не задано</quote> (удалённые домены), <quote>x</quote> ("
++"домен файлов), <quote>x</quote> (домен прокси с nss_files и целью sssd-"
++"shadowutils)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:1288
+ msgid "PAM configuration options"
+-msgstr ""
++msgstr "Параметры настройки PAM"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:1290
+@@ -1864,6 +2061,8 @@ msgid ""
+ "These options can be used to configure the Pluggable Authentication Module "
+ "(PAM) service."
+ msgstr ""
++"Эти параметры можно использовать для настройки службы подключаемых модулей "
++"проверки подлинности (PAM)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1295
+@@ -1876,6 +2075,9 @@ msgid ""
+ "If the authentication provider is offline, how long should we allow cached "
+ "logins (in days since the last successful online login)."
+ msgstr ""
++"Если поставщик данных для проверки подлинности находится в автономном "
++"режиме, как долго следует разрешать вход по кэшированным данным (в днях с "
++"момента последнего успешного входа в сетевом режиме)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1303 sssd.conf.5.xml:1316
+@@ -1893,6 +2095,8 @@ msgid ""
+ "If the authentication provider is offline, how many failed login attempts "
+ "are allowed."
+ msgstr ""
++"Если поставщик данных для проверки подлинности находится в автономном "
++"режиме, сколько следует допускать неудачных попыток входа."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1322
+@@ -1905,6 +2109,9 @@ msgid ""
+ "The time in minutes which has to pass after offline_failed_login_attempts "
+ "has been reached before a new login attempt is possible."
+ msgstr ""
++"Время в минутах, которое должно пройти после достижения значения "
++"offline_failed_login_attempts, прежде чем станет возможной новая попытка "
++"входа."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1330
+@@ -1913,6 +2120,10 @@ msgid ""
+ "offline_failed_login_attempts has been reached. Only a successful online "
+ "authentication can enable offline authentication again."
+ msgstr ""
++"Если задано значение «0», пользователь не сможет пройти проверку подлинности "
++"в автономном режиме после достижения значения offline_failed_login_attempts. "
++"Для того, чтобы проверка подлинности в автономном режиме снова стала "
++"возможной, необходимо успешно пройти проверку подлинности в сетевом режиме."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1336 sssd.conf.5.xml:1446
+@@ -1930,6 +2141,8 @@ msgid ""
+ "Controls what kind of messages are shown to the user during authentication. "
+ "The higher the number to more messages are displayed."
+ msgstr ""
++"Управляет тем, какие сообщения будут показаны пользователю во время проверки "
++"подлинности. Чем больше число, тем больше сообщений будет показано."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1350
+@@ -1939,22 +2152,23 @@ msgstr "В настоящее время sssd поддерживает след
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1353
+ msgid "<emphasis>0</emphasis>: do not show any message"
+-msgstr ""
++msgstr "<emphasis>0</emphasis>: не показывать никаких сообщений"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1356
+ msgid "<emphasis>1</emphasis>: show only important messages"
+-msgstr ""
++msgstr "<emphasis>1</emphasis>: показывать только важные сообщения"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1360
+ msgid "<emphasis>2</emphasis>: show informational messages"
+-msgstr ""
++msgstr "<emphasis>2</emphasis>: показывать информационные сообщения"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1363
+ msgid "<emphasis>3</emphasis>: show all messages and debug information"
+ msgstr ""
++"<emphasis>3</emphasis>: показывать все сообщения и отладочную информацию"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1367 sssd.8.xml:63
+@@ -1974,6 +2188,11 @@ msgid ""
+ "responses sent to pam_sss e.g. messages displayed to the user or environment "
+ "variables which should be set by pam_sss."
+ msgstr ""
++"Разделённый запятыми список строк, который позволяет удалять (фильтровать) "
++"данные, отправленные ответчиком PAM модулю PAM pam_sss. Ответы, которые "
++"отправляются pam_sss, могут быть разного вида (например, сообщения, которые "
++"показываются пользователю, или переменные среды, которые должны быть "
++"установлены pam_sss)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1384
+@@ -1981,36 +2200,38 @@ msgid ""
+ "While messages already can be controlled with the help of the pam_verbosity "
+ "option this option allows to filter out other kind of responses as well."
+ msgstr ""
++"Сообщениями можно управлять с помощью параметра pam_verbosity, а этот "
++"параметр позволяет отфильтровать также и другие типы ответов."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1391
+ msgid "ENV"
+-msgstr ""
++msgstr "ENV"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1392
+ msgid "Do not send any environment variables to any service."
+-msgstr ""
++msgstr "Не отправлять никаким службам никакие переменные среды."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1395
+ msgid "ENV:var_name"
+-msgstr ""
++msgstr "ENV:var_name"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1396
+ msgid "Do not send environment variable var_name to any service."
+-msgstr ""
++msgstr "Не отправлять переменную среды var_name никаким службам."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1400
+ msgid "ENV:var_name:service"
+-msgstr ""
++msgstr "ENV:var_name:service"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1401
+ msgid "Do not send environment variable var_name to service."
+-msgstr ""
++msgstr "Не отправлять переменную среды var_name указанной службе."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1389
+@@ -2018,6 +2239,8 @@ msgid ""
+ "Currently the following filters are supported: <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"В настоящее время поддерживаются следующие фильтры: <placeholder type="
++"\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1408
+@@ -2029,17 +2252,24 @@ msgid ""
+ "that either all list elements must have a '+' or '-' prefix or none. It is "
+ "considered as an error to mix both styles."
+ msgstr ""
++"Список строк может представлять собой список фильтров, который установит эти "
++"фильтры, перезаписав стандартные значения. Либо каждый элемент списка может "
++"предваряться символом «+» или «-», что, соответственно, добавит этот фильтр "
++"к существующим стандартным фильтрам или удалит его из стандартных фильтров. "
++"Обратите внимание, что следует либо использовать префикс «+» или «-» для "
++"всех элементов списка, либо не использовать его вообще. Использование "
++"префикса только для части элементов списка считается ошибкой."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1419
+ msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
+-msgstr ""
++msgstr "По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1422
+ msgid ""
+ "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
+-msgstr ""
++msgstr "Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1429
+@@ -2053,6 +2283,10 @@ msgid ""
+ "immediately update the cached identity information for the user in order to "
+ "ensure that authentication takes place with the latest information."
+ msgstr ""
++"При любом запросе PAM, поступающем во время работы SSSD в сети, SSSD "
++"выполняет попытку незамедлительно обновить кэшированные данные идентификации "
++"пользователя, чтобы при проверке подлинности использовались самые последние "
++"данные."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1438
+@@ -2062,6 +2296,11 @@ msgid ""
+ "client-application basis) how long (in seconds) we can cache the identity "
+ "information to avoid excessive round-trips to the identity provider."
+ msgstr ""
++"Полный обмен данными PAM может включать несколько запросов PAM (в частности, "
++"для управления учётными записями и открытия сеансов). Этот параметр "
++"управляет (для каждого клиента-приложения отдельно) длительностью (в "
++"секундах) кэширования данных идентификации, позволяющего избежать повторных "
++"обменов данными с поставщиком данных идентификации."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1452
+@@ -2071,7 +2310,7 @@ msgstr "pam_pwd_expiration_warning (целое число)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1455 sssd.conf.5.xml:2744
+ msgid "Display a warning N days before the password expires."
+-msgstr ""
++msgstr "Показать предупреждение за N дней до истечения срока действия пароля."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1458
+@@ -2080,6 +2319,9 @@ msgid ""
+ "expiration time of the password. If this information is missing, sssd "
+ "cannot display a warning."
+ msgstr ""
++"Обратите внимание, что внутренний сервер должен предоставить информацию о "
++"времени истечения срока действия пароля. Если она отсутствует, sssd не "
++"сможет показать предупреждение."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1464 sssd.conf.5.xml:2747
+@@ -2087,6 +2329,9 @@ msgid ""
+ "If zero is set, then this filter is not applied, i.e. if the expiration "
+ "warning was received from backend server, it will automatically be displayed."
+ msgstr ""
++"Если указан ноль, этот фильтр не применяется: если от внутреннего сервера "
++"было получено предупреждение об истечении строка действия, оно будет "
++"показано автоматически."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1469
+@@ -2094,11 +2339,13 @@ msgid ""
+ "This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+ "emphasis> for a particular domain."
+ msgstr ""
++"Этот параметр можно переопределить, установив "
++"<emphasis>pwd_expiration_warning</emphasis> для конкретного домена."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1474 sssd.conf.5.xml:3709 sssd-ldap.5.xml:549 sssd.8.xml:79
+ msgid "Default: 0"
+-msgstr ""
++msgstr "По умолчанию: 0"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1491
+@@ -2114,11 +2361,16 @@ msgid ""
+ "<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
+ "startup."
+ msgstr ""
++"Разделённый запятыми список значений UID или имён пользователей, которым "
++"разрешено выполнять обмен данными PAM с доверенными доменами. Пользователям, "
++"которые отсутствуют в этом списке, разрешён доступ только к доменам, "
++"отмеченным как общедоступные с помощью параметра <quote>pam_public_domains</"
++"quote>. Имена пользователей разрешаются в UID при запуске."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1504
+ msgid "Default: All users are considered trusted by default"
+-msgstr ""
++msgstr "По умолчанию: все пользователи считаются доверенными по умолчанию"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1508
+@@ -2126,6 +2378,8 @@ msgid ""
+ "Please note that UID 0 is always allowed to access the PAM responder even in "
+ "case it is not in the pam_trusted_users list."
+ msgstr ""
++"Обратите внимание, что UID 0 всегда разрешён доступ к ответчику PAM, даже "
++"если этот идентификатор пользователя отсутствует в списке pam_trusted_users."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1515
+@@ -2138,17 +2392,21 @@ msgid ""
+ "Specifies the comma-separated list of domain names that are accessible even "
+ "to untrusted users."
+ msgstr ""
++"Разделённый запятыми список имён доменов, которые доступны даже для "
++"недоверенных пользователей."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1522
+ msgid "Two special values for pam_public_domains option are defined:"
+-msgstr ""
++msgstr "Для параметра pam_public_domains определены два особых значения:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1526
+ msgid ""
+ "all (Untrusted users are allowed to access all domains in PAM responder.)"
+ msgstr ""
++"all (недоверенным пользователя разрешён доступ ко всем доменам в ответчике "
++"PAM)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1530
+@@ -2156,13 +2414,15 @@ msgid ""
+ "none (Untrusted users are not allowed to access any domains PAM in "
+ "responder.)"
+ msgstr ""
++"none (недоверенным пользователя запрещён доступ ко всем доменам в ответчике "
++"PAM)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1534 sssd.conf.5.xml:1559 sssd.conf.5.xml:1578
+ #: sssd.conf.5.xml:1781 sssd.conf.5.xml:2493 sssd.conf.5.xml:3638
+ #: sssd-ldap.5.xml:1091
+ msgid "Default: none"
+-msgstr ""
++msgstr "По умолчанию: none"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1539
+@@ -2175,6 +2435,8 @@ msgid ""
+ "Allows a custom expiration message to be set, replacing the default "
+ "'Permission denied' message."
+ msgstr ""
++"Позволяет задать пользовательское сообщение об истечении срока действия, "
++"которое заменит стандартное сообщение «Доступ запрещён»."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1547
+@@ -2182,6 +2444,9 @@ msgid ""
+ "Note: Please be aware that message is only printed for the SSH service "
+ "unless pam_verbosity is set to 3 (show all messages and debug information)."
+ msgstr ""
++"Примечание: следует учитывать, что для службы SSH сообщение будет показано "
++"только при условии, что параметр pam_verbosity установлен в значение «3» ("
++"показывать все сообщения и отладочную информацию)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1555
+@@ -2190,6 +2455,9 @@ msgid ""
+ "pam_account_expired_message = Account expired, please contact help desk.\n"
+ " "
+ msgstr ""
++"pam_account_expired_message = Срок действия учётной записи истёк, обратитесь "
++"в службу поддержки.\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1564
+@@ -2202,6 +2470,8 @@ msgid ""
+ "Allows a custom lockout message to be set, replacing the default 'Permission "
+ "denied' message."
+ msgstr ""
++"Позволяет задать пользовательское сообщение о блокировке, которое заменит "
++"стандартное сообщение «Доступ запрещён»."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1574
+@@ -2210,6 +2480,9 @@ msgid ""
+ "pam_account_locked_message = Account locked, please contact help desk.\n"
+ " "
+ msgstr ""
++"pam_account_locked_message = Учётная запись заблокирована, обратитесь в "
++"службу поддержки.\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1583
+@@ -2223,13 +2496,16 @@ msgid ""
+ "additional communication with the Smartcard which will delay the "
+ "authentication process this option is disabled by default."
+ msgstr ""
++"Включить проверку подлинности на основе сертификата или смарт-карты. Так как "
++"для этого требуется дополнительный обмен данными со смарт-картой, который "
++"задержит процесс проверки подлинности, по умолчанию этот параметр отключён."
+
+ #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1592 sssd-ldap.5.xml:590 sssd-ldap.5.xml:611
+ #: sssd-ldap.5.xml:1169 sssd-ad.5.xml:482 sssd-ad.5.xml:558 sssd-ad.5.xml:1103
+ #: sssd-ad.5.xml:1152 include/ldap_id_mapping.xml:244
+ msgid "Default: False"
+-msgstr ""
++msgstr "По умолчанию: false"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1597
+@@ -2239,12 +2515,12 @@ msgstr "pam_cert_db_path (строка)"
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1600
+ msgid "The path to the certificate database."
+-msgstr ""
++msgstr "Путь к базе данных сертификатов."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1603 sssd.conf.5.xml:2113 sssd.conf.5.xml:4165
+ msgid "Default:"
+-msgstr ""
++msgstr "По умолчанию:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1605 sssd.conf.5.xml:2115
+@@ -2252,6 +2528,8 @@ msgid ""
+ "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
+ "certificates in PEM format)"
+ msgstr ""
++"/etc/sssd/pki/sssd_auth_ca_db.pem (путь к файлу с доверенными сертификатами "
++"CA в формате PEM)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1615
+@@ -2267,6 +2545,11 @@ msgid ""
+ "section. Supported options are the same of <quote>certificate_verification</"
+ "quote>."
+ msgstr ""
++"Этот параметр позволяет выполнить тонкую настройку проверки сертификатов PAM "
++"с помощью разделённого запятыми списка параметров. Эти параметры "
++"переопределяют значение <quote>certificate_verification</quote> в разделе "
++"<quote>[sssd]</quote>. Поддерживаются те же параметры, что и для "
++"<quote>certificate_verification</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1629
+@@ -2275,6 +2558,8 @@ msgid ""
+ "pam_cert_verification = partial_chain\n"
+ " "
+ msgstr ""
++"pam_cert_verification = partial_chain\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1633
+@@ -2282,9 +2567,9 @@ msgid ""
+ "Default: not set, i.e. use default <quote>certificate_verification</quote> "
+ "option defined in <quote>[sssd]</quote> section."
+ msgstr ""
+-"По умолчанию: не задано, то есть использовать стандартный параметр "
+-"<quote>certificate_verification</quote>, указанный в разделе <quote>[sssd]</"
+-"quote>."
++"По умолчанию: не задано, то есть следует использовать стандартный параметр "
++"<quote>certificate_verification</quote>, указанный в разделе "
++"<quote>[sssd]</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1640
+@@ -2295,6 +2580,8 @@ msgstr "p11_child_timeout (целое число)"
+ #: sssd.conf.5.xml:1643
+ msgid "How many seconds will pam_sss wait for p11_child to finish."
+ msgstr ""
++"Разрешённое количество секунд, в течение которого pam_sss ожидает завершения "
++"работы p11_child."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1652
+@@ -2307,6 +2594,8 @@ msgid ""
+ "Which PAM services are permitted to contact domains of type "
+ "<quote>application</quote>"
+ msgstr ""
++"Указывает, каким службам PAM разрешено устанавливать соединение с доменами "
++"типа <quote>application</quote>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1664
+@@ -2319,6 +2608,8 @@ msgid ""
+ "A comma-separated list of PAM service names for which it will be allowed to "
+ "use Smartcards."
+ msgstr ""
++"Разделённый запятыми список имён служб PAM, для которых будет разрешено "
++"использовать смарт-карты."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1682
+@@ -2327,6 +2618,8 @@ msgid ""
+ "pam_p11_allowed_services = +my_pam_service, -login\n"
+ " "
+ msgstr ""
++"pam_p11_allowed_services = +my_pam_service, -login\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1671
+@@ -2339,57 +2632,64 @@ msgid ""
+ "<quote>my_pam_service</quote>), you would use the following configuration: "
+ "<placeholder type=\"programlisting\" id=\"0\"/>"
+ msgstr ""
++"Можно добавить имя ещё одной службы PAM в стандартный набор с помощью "
++"<quote>+service_name</quote>. Также можно явно удалить имя службы PAM из "
++"стандартного набора с помощью <quote>-service_name</quote>. Например, чтобы "
++"заменить стандартное имя службы PAM для проверки подлинности с помощью смарт-"
++"карт (например, <quote>login</quote>) на пользовательское имя службы PAM ("
++"например, <quote>my_pam_service</quote>), необходимо использовать следующую "
++"конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1686 sssd-ad.5.xml:621 sssd-ad.5.xml:730 sssd-ad.5.xml:788
+ #: sssd-ad.5.xml:846 sssd-ad.5.xml:924
+ msgid "Default: the default set of PAM service names includes:"
+-msgstr ""
++msgstr "По умолчанию: стандартный набор имён служб PAM включает:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1691 sssd-ad.5.xml:625
+ msgid "login"
+-msgstr ""
++msgstr "login"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1696 sssd-ad.5.xml:630
+ msgid "su"
+-msgstr ""
++msgstr "su"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1701 sssd-ad.5.xml:635
+ msgid "su-l"
+-msgstr ""
++msgstr "su-l"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1706 sssd-ad.5.xml:650
+ msgid "gdm-smartcard"
+-msgstr ""
++msgstr "gdm-smartcard"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1711 sssd-ad.5.xml:645
+ msgid "gdm-password"
+-msgstr ""
++msgstr "gdm-password"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1716 sssd-ad.5.xml:655
+ msgid "kdm"
+-msgstr ""
++msgstr "kdm"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1721 sssd-ad.5.xml:933
+ msgid "sudo"
+-msgstr ""
++msgstr "sudo"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1726 sssd-ad.5.xml:938
+ msgid "sudo-i"
+-msgstr ""
++msgstr "sudo-i"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1731
+ msgid "gnome-screensaver"
+-msgstr ""
++msgstr "gnome-screensaver"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1739
+@@ -2403,6 +2703,9 @@ msgid ""
+ "to p11_child_timeout should the PAM responder wait until a Smartcard is "
+ "inserted."
+ msgstr ""
++"Когда требуется проверка подлинности по смарт-карте, этот параметр "
++"определяет, в течение какого количества секунд (в дополнение к значению "
++"p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1753
+@@ -2419,6 +2722,13 @@ msgid ""
+ "first slot found. If multiple readers are connected p11_uri can be used to "
+ "tell p11_child to use a specific reader."
+ msgstr ""
++"URI PKCS#11 (подробное описание доступно в RFC-7512) для ограничения перечня "
++"устройств с проверкой подлинности по смарт-карте. По умолчанию p11_child "
++"SSSD выполняет поиск слота PKCS#11 (устройства чтения) с установленным "
++"флагом «removable» и затем чтение сертификатов со вставленного маркера из "
++"первого найденного слота. Если подключено несколько устройств чтения, с "
++"помощью p11_uri можно указать p11_child использовать конкретное устройство "
++"чтения."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1769
+@@ -2427,6 +2737,8 @@ msgid ""
+ "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
+ " "
+ msgstr ""
++"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1773
+@@ -2435,6 +2747,9 @@ msgid ""
+ "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
+ " "
+ msgstr ""
++"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id="
++"2\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1767
+@@ -2444,27 +2759,34 @@ msgid ""
+ "debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' "
+ "with e.g. the '--list-all' will show PKCS#11 URIs as well."
+ msgstr ""
++"Пример: <placeholder type=\"programlisting\" id=\"0\"/> или <placeholder "
++"type=\"programlisting\" id=\"1\"/> Чтобы найти подходящий URI, проверьте "
++"отладочный вывод p11_child. Либо можно использовать утилиту «p11tool» "
++"GnuTLS, например, с параметром «--list-all»: это тоже позволит просмотреть "
++"URI PKCS#11."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1786
+ msgid "pam_initgroups_scheme"
+-msgstr ""
++msgstr "pam_initgroups_scheme"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1794
+ msgid "always"
+-msgstr ""
++msgstr "always"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1795
+ msgid ""
+ "Always do an online lookup, please note that pam_id_timeout still applies"
+ msgstr ""
++"Всегда выполнять поиск в сети (обратите внимание, что параметр "
++"pam_id_timeout всё равно применяется)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1799
+ msgid "no_session"
+-msgstr ""
++msgstr "no_session"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1800
+@@ -2472,11 +2794,13 @@ msgid ""
+ "Only do an online lookup if there is no active session of the user, i.e. if "
+ "the user is currently not logged in"
+ msgstr ""
++"Выполнять поиск в сети только при отсутствии активного сеанса пользователя, "
++"то есть тогда, когда пользователь не находится в системе"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1805
+ msgid "never"
+-msgstr ""
++msgstr "never"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1806
+@@ -2484,6 +2808,8 @@ msgid ""
+ "Never force an online lookup, use the data from the cache as long as they "
+ "are not expired"
+ msgstr ""
++"Никогда не выполнять поиск в сети принудительно, использовать данные из кэша "
++"до тех пор, пока они не устареют"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1789
+@@ -2493,16 +2819,20 @@ msgid ""
+ "should be done and the following values are allowed: <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Ответчик PAM может принудительно запустить поиск в сети для получения данных "
++"об участии в группах того пользователя, который пытается войти в систему. "
++"Этот параметр управляет тем, когда это следует делать, и имеет следующие "
++"допустимые значения: <placeholder type=\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1813
+ msgid "Default: no_session"
+-msgstr ""
++msgstr "По умолчанию: no_session"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:1818 sssd.conf.5.xml:4104
+ msgid "pam_gssapi_services"
+-msgstr ""
++msgstr "pam_gssapi_services"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1821
+@@ -2510,12 +2840,16 @@ msgid ""
+ "Comma separated list of PAM services that are allowed to try GSSAPI "
+ "authentication using pam_sss_gss.so module."
+ msgstr ""
++"Разделённый запятыми список служб PAM, которым разрешено пытаться выполнить "
++"проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1826
+ msgid ""
+ "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
+ msgstr ""
++"Чтобы отключить проверку подлинности с помощью GSSAPI, установите этот "
++"параметр в значение <quote>-</quote> (дефис)."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1830 sssd.conf.5.xml:1861 sssd.conf.5.xml:1899
+@@ -2524,6 +2858,10 @@ msgid ""
+ "[pam] section. It can also be set for trusted domain which overwrites the "
+ "value in the domain section."
+ msgstr ""
++"Примечание: этот параметр также возможно задать для каждого домена отдельно, "
++"что будет иметь приоритет над значением в разделе [pam]. Также этот параметр "
++"можно задать для доверенного домена, что будет иметь приоритет над значением "
++"в разделе домена."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1838
+@@ -2532,21 +2870,23 @@ msgid ""
+ "pam_gssapi_services = sudo, sudo-i\n"
+ " "
+ msgstr ""
++"pam_gssapi_services = sudo, sudo-i\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1836 sssd.conf.5.xml:3632 sssd-secrets.5.xml:448
+ msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+-msgstr ""
++msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1842
+ msgid "Default: - (GSSAPI authentication is disabled)"
+-msgstr ""
++msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:1847 sssd.conf.5.xml:4105
+ msgid "pam_gssapi_check_upn"
+-msgstr ""
++msgstr "pam_gssapi_check_upn"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1850
+@@ -2555,6 +2895,10 @@ msgid ""
+ "successfully authenticated through GSSAPI can be associated with the user "
+ "who is being authenticated. Authentication will fail if the check fails."
+ msgstr ""
++"Если значение «True», SSSD будет требоваться наличие привязки участника-"
++"пользователя Kerberos, который успешно прошёл проверку подлинности с помощью "
++"GSSAPI, к пользователю, проверка подлинности которого выполняется. Если "
++"такой привязки нет, проверка подлинности завершится ошибкой."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1857
+@@ -2562,17 +2906,19 @@ msgid ""
+ "If False, every user that is able to obtained required service ticket will "
+ "be authenticated."
+ msgstr ""
++"Если значение «False», проверка подлинности будет выполняться для всех "
++"пользователь, получивших необходимый билет службы."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1867 sssd-ad.5.xml:1243 sss_rpcidmapd.5.xml:76
+ #: sssd-files.5.xml:146
+ msgid "Default: True"
+-msgstr ""
++msgstr "По умолчанию: true"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1872
+ msgid "pam_gssapi_indicators_map"
+-msgstr ""
++msgstr "pam_gssapi_indicators_map"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1875
+@@ -2581,6 +2927,10 @@ msgid ""
+ "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
+ "authentication using pam_sss_gss.so module."
+ msgstr ""
++"Разделённый запятыми список индикаторов проверки подлинности, которые должны "
++"присутствовать в билете Kerberos для получения доступа к службе PAM, которой "
++"разрешено пытаться выполнить проверку подлинности по GSSAPI с помощью модуля "
++"pam_sss_gss.so."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1881
+@@ -2596,6 +2946,18 @@ msgid ""
+ "be denied. If the resulting list of indicators for the PAM service is empty, "
+ "the check will not prevent the access."
+ msgstr ""
++"Каждый элемент списка может быть либо именем индикатора проверки "
++"подлинности, либо парой <quote>service:indicator</quote>. Индикаторы, "
++"которые не предваряются именем службы PAM, будут требоваться для доступа к "
++"любой службе PAM, настроенной на использование с "
++"<option>pam_gssapi_services</option>. Итоговый список индикаторов для "
++"отдельной службы PAM затем проверяется на соответствие индикаторам в билете "
++"Kerberos во время проверки подлинности с помощью pam_sss_gss.so. Доступ "
++"будет предоставлен, если в билете будет найден индикатор, совпадающий с "
++"индикатором из итогового списка индикаторов для соответствующей службы PAM. "
++"Доступ будет запрещён, если в списке не обнаружатся совпадающие индикаторы. "
++"Если итоговый список индикаторов для службы PAM пуст, проверка не закроет "
++"доступ."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1894
+@@ -2604,6 +2966,10 @@ msgid ""
+ "</quote> (dash). To disable the check for a specific PAM service, add "
+ "<quote>service:-</quote>."
+ msgstr ""
++"Чтобы отключить проверку индикаторов для проверки подлинности с помощью "
++"GSSAPI, установите этот параметр в значение <quote>-</quote> (дефис). Чтобы "
++"отключить проверку индикаторов для определённой службы PAM, добавьте "
++"<quote>service:-</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1905
+@@ -2611,6 +2977,8 @@ msgid ""
+ "Following authentication indicators are supported by IPA Kerberos "
+ "deployments:"
+ msgstr ""
++"В развёрнутых системах IPA с Kerberos предусмотрена поддержка следующих "
++"индикаторов проверки подлинности:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1908
+@@ -2618,6 +2986,8 @@ msgid ""
+ "pkinit -- pre-authentication using X.509 certificates -- whether stored in "
+ "files or on smart cards."
+ msgstr ""
++"pkinit — предварительная проверка подлинности с помощью сертификатов X.509, "
++"которые хранятся в файлах или на смарт-картах."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1911
+@@ -2625,11 +2995,13 @@ msgid ""
+ "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
+ "FAST channel."
+ msgstr ""
++"hardened — предварительная проверка подлинности SPAKE или любая "
++"предварительная проверка подлинности, помещённая в канал FAST."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1914
+ msgid "radius -- pre-authentication with the help of a RADIUS server."
+-msgstr ""
++msgstr "radius — предварительная проверка подлинности с помощью сервера RADIUS."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:1917
+@@ -2637,6 +3009,8 @@ msgid ""
+ "otp -- pre-authentication using integrated two-factor authentication (2FA or "
+ "one-time password, OTP) in IPA."
+ msgstr ""
++"otp — предварительная проверка подлинности с помощью встроенной "
++"двухфакторной проверки подлинности (2FA или одноразовый пароль, OTP) в IPA."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:1927
+@@ -2645,6 +3019,8 @@ msgid ""
+ "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
+ " "
+ msgstr ""
++"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1922
+@@ -2653,16 +3029,22 @@ msgid ""
+ "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
+ "set <placeholder type=\"programlisting\" id=\"0\"/>"
+ msgstr ""
++"Пример: чтобы доступ к службам SUDO предоставлялся только пользователям, "
++"которые получили свои билеты Kerberos с предварительной проверкой "
++"подлинности сертификата X.509 (PKINIT), укажите <placeholder type="
++"\"programlisting\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:1931
+ msgid "Default: not set (use of authentication indicators is not required)"
+ msgstr ""
++"По умолчанию: не задано (использование индикаторов проверки подлинности не "
++"требуется)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:1939
+ msgid "SUDO configuration options"
+-msgstr ""
++msgstr "Параметры настройки SUDO"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:1941
+@@ -2674,6 +3056,12 @@ msgid ""
+ "</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
+ "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+ msgstr ""
++"Эти параметры можно использовать для настройки службы sudo. Подробные "
++"инструкции по настройке <citerefentry> <refentrytitle>sudo</refentrytitle> "
++"<manvolnum>8</manvolnum> </citerefentry> для работы с <citerefentry> "
++"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
++"доступны на справочной странице <citerefentry> <refentrytitle>sssd-sudo</"
++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1958
+@@ -2686,6 +3074,8 @@ msgid ""
+ "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
+ "that implement time-dependent sudoers entries."
+ msgstr ""
++"Следует ли обрабатывать атрибуты sudoNotBefore и sudoNotAfter, "
++"предназначенные для определения временных ограничений для записей sudoers."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:1973
+@@ -2701,16 +3091,22 @@ msgid ""
+ "<quote>full refresh</quote> of sudo rules is triggered instead. This "
+ "threshold number also applies to IPA sudo command and command group searches."
+ msgstr ""
++"Максимальное количество устаревших правил, которые можно обновить за один "
++"раз. Если количество устаревших правил меньше заданного порогового значения, "
++"эти правила обновляются с помощью механизма <quote>rules refresh</quote>. "
++"Если пороговое значение превышено, будет использоваться механизм <quote>full "
++"refresh</quote>. Это пороговое значение также применяется к поискам команд и "
++"групп команд sudo IPA."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:1995
+ msgid "AUTOFS configuration options"
+-msgstr ""
++msgstr "Параметры настройки AUTOFS"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:1997
+ msgid "These options can be used to configure the autofs service."
+-msgstr ""
++msgstr "Эти параметры можно использовать для настройки службы autofs."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2001
+@@ -2724,16 +3120,19 @@ msgid ""
+ "hits (that is, queries for invalid map entries, like nonexistent ones) "
+ "before asking the back end again."
+ msgstr ""
++"Означает количество секунд, в течение которого в кэше ответчика autofs будут "
++"храниться неудачные обращения к кэшу (запросы некорректных записей карты, "
++"например, несуществующих) перед повторным запросом к внутреннему серверу."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:2020
+ msgid "SSH configuration options"
+-msgstr ""
++msgstr "Параметры настройки SSH"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:2022
+ msgid "These options can be used to configure the SSH service."
+-msgstr ""
++msgstr "Эти параметры можно использовать для настройки службы SSH."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2026
+@@ -2746,6 +3145,7 @@ msgid ""
+ "Whether or not to hash host names and addresses in the managed known_hosts "
+ "file."
+ msgstr ""
++"Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2038
+@@ -2758,11 +3158,13 @@ msgid ""
+ "How many seconds to keep a host in the managed known_hosts file after its "
+ "host keys were requested."
+ msgstr ""
++"Разрешённое количество секунд, в течение которого узел хранится в "
++"управляемом файле known_hosts после запроса ключей этого узла."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2045
+ msgid "Default: 180"
+-msgstr ""
++msgstr "По умолчанию: 180"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2050
+@@ -2777,6 +3179,11 @@ msgid ""
+ "entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+ "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+ msgstr ""
++"Если задано значение «true», команда <command>sss_ssh_authorizedkeys</"
++"command> вернёт производные от открытого ключа ключи ssh сертификатов X.509, "
++"которые также хранятся в записи пользователя. Подробнее: <citerefentry> "
++"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>1</"
++"manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2068
+@@ -2792,6 +3199,12 @@ msgid ""
+ "comma separated list of mapping and matching rule names. All other rules "
+ "will be ignored."
+ msgstr ""
++"По умолчанию ответчик SSH использует все доступные правила сопоставления "
++"сертификатов для фильтрации сертификатов, поэтому ключи SSH будут "
++"создаваться на основе только тех сертификатов, для которых было установлено "
++"соответствие. Этот параметр позволяет ограничить используемые правила "
++"разделённым запятыми списком названий правил привязки и сопоставления. Все "
++"другие правила будут игнорироваться."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2080
+@@ -2800,6 +3213,10 @@ msgid ""
+ "all or no rules, respectively. The latter means that no certificates will be "
+ "filtered out and ssh keys will be generated from all valid certificates."
+ msgstr ""
++"Два особых ключевых слова «all_rules» и «no_rules» позволяют, "
++"соответственно, включить все правила или не включать их вообще. Последнее "
++"означает, что фильтрация сертификатов не будет выполняться; следовательно, "
++"ключи SSH будут создаваться на основе всех действительных сертификатов."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2087
+@@ -2809,6 +3226,11 @@ msgid ""
+ "the same behavior as for the PAM responder if certificate authentication is "
+ "enabled."
+ msgstr ""
++"Если не настроено никаких правил, использование «all_rules» приведёт к "
++"включению стандартного правила, которое разрешает использовать все "
++"сертификаты, подходящие для проверки подлинности клиента. Это поведение "
++"соответствует поведению ответчика PAM в том случае, когда включена проверка "
++"подлинности сертификатов."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2094
+@@ -2816,6 +3238,8 @@ msgid ""
+ "A non-existing rule name is considered an error. If as a result no rule is "
+ "selected all certificates will be ignored."
+ msgstr ""
++"Несуществующее имя правила считается ошибкой. Если в результате не будет "
++"выбрано ни одного правила, все сертификаты будут проигнорированы."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2099
+@@ -2837,11 +3261,14 @@ msgid ""
+ "Path to a storage of trusted CA certificates. The option is used to validate "
+ "user certificates before deriving public ssh keys from them."
+ msgstr ""
++"Путь к хранилищу доверенных сертификатов CA. Параметр используется для "
++"проверки сертификатов пользователей перед получением из них открытых ключей "
++"SSH."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:2128
+ msgid "PAC responder configuration options"
+-msgstr ""
++msgstr "Параметры настройки ответчика PAC"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:2130
+@@ -2853,6 +3280,13 @@ msgid ""
+ "joined to and of remote trusted domains from the local domain controller. If "
+ "the PAC is decoded and evaluated some of the following operations are done:"
+ msgstr ""
++"Ответчик PAC работает совместно с модулем данных проверки подлинности "
++"sssd_pac_plugin.so для MIT Kerberos и поставщиком данных поддоменов. Этот "
++"модуль отправляет данные PAC ответчику PAC во время проверки подлинности с "
++"помощью GSSAPI. Поставщик данных поддоменов собирает данные по диапазонам "
++"SID и ID домена, к которому подключился клиент, а также удалённых доверенных "
++"доменов с локального контроллера доменов. Если PAC расшифровывается и "
++"обрабатывается, выполнятся некоторые из следующих операций:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:2139
+@@ -2864,6 +3298,12 @@ msgid ""
+ "the system defaults are used, but can be overwritten with the default_shell "
+ "parameter."
+ msgstr ""
++"Если запись удалённого пользователя отсутствует в кэше, она будет создана. "
++"UID определяется с помощью SID, у доверенных доменов будут UPG, а GID будет "
++"иметь то же значение, что и UID. Домашний каталог устанавливается на основе "
++"значения параметра subdomain_homedir. По умолчанию значение оболочки будет "
++"пустым, то есть будут использованы стандартные параметры системы, но их "
++"можно переопределить с помощью параметра default_shell."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:2147
+@@ -2871,11 +3311,13 @@ msgid ""
+ "If there are SIDs of groups from domains sssd knows about, the user will be "
+ "added to those groups."
+ msgstr ""
++"Если имеются SID групп из известных SSSD доменов, пользователь будет "
++"добавлен в эти группы."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:2153
+ msgid "These options can be used to configure the PAC responder."
+-msgstr ""
++msgstr "Эти параметры можно использовать для настройки ответчика PAC."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2157 sssd-ifp.5.xml:50
+@@ -2889,11 +3331,15 @@ msgid ""
+ "allowed to access the PAC responder. User names are resolved to UIDs at "
+ "startup."
+ msgstr ""
++"Разделённый запятыми список значений UID или имён пользователей, которым "
++"разрешён доступ к ответчику PAC. Имена пользователей разрешаются в UID при "
++"запуске."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2166
+ msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
+ msgstr ""
++"По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root)"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2170
+@@ -2903,6 +3349,11 @@ msgid ""
+ "access the PAC responder, which would be the typical case, you have to add 0 "
+ "to the list of allowed UIDs as well."
+ msgstr ""
++"Обратите внимание: несмотря на то, что в качестве стандартного значения "
++"используется UID 0, оно будет перезаписано этим параметром. Если всё равно "
++"требуется разрешить пользователю root доступ к ответчику PAC (типичный "
++"случай), будет необходимо добавить запись «0» в список UID, которым разрешён "
++"доступ."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2179
+@@ -2915,11 +3366,13 @@ msgid ""
+ "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+ "data can be used to determine the group memberships of a user."
+ msgstr ""
++"Время жизни записи PAC (в секундах). Пока запись PAC действительна, данные "
++"PAC можно использовать для определения участия пользователя в группах."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:2195
+ msgid "Session recording configuration options"
+-msgstr ""
++msgstr "Параметры настройки записи сеансов"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:2197
+@@ -2930,11 +3383,17 @@ msgid ""
+ "they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
+ "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+ msgstr ""
++"Запись сеансов работает совместно с <citerefentry> <refentrytitle>tlog-rec-"
++"session</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, частью "
++"пакета tlog, обеспечивая ведение журнала данных, которые пользователи видят "
++"и вводят после входа в текстовый терминал. См. также <citerefentry> "
++"<refentrytitle>sssd-session-recording</refentrytitle> <manvolnum>5</"
++"manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:2210
+ msgid "These options can be used to configure session recording."
+-msgstr ""
++msgstr "Эти параметры можно использовать для настройки записи сеансов."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2214 sssd-session-recording.5.xml:64
+@@ -2944,17 +3403,17 @@ msgstr "scope (строка)"
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2221 sssd-session-recording.5.xml:71
+ msgid "\"none\""
+-msgstr ""
++msgstr "«none»"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2224 sssd-session-recording.5.xml:74
+ msgid "No users are recorded."
+-msgstr ""
++msgstr "Пользователи не записываются."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2229 sssd-session-recording.5.xml:79
+ msgid "\"some\""
+-msgstr ""
++msgstr "«some»"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2232 sssd-session-recording.5.xml:82
+@@ -2962,16 +3421,18 @@ msgid ""
+ "Users/groups specified by <replaceable>users</replaceable> and "
+ "<replaceable>groups</replaceable> options are recorded."
+ msgstr ""
++"Записываются пользователи и группы, указанные с помощью параметров "
++"<replaceable>users</replaceable> и <replaceable>groups</replaceable>."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2241 sssd-session-recording.5.xml:91
+ msgid "\"all\""
+-msgstr ""
++msgstr "«all»"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2244 sssd-session-recording.5.xml:94
+ msgid "All users are recorded."
+-msgstr ""
++msgstr "Записываются все пользователи."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2217 sssd-session-recording.5.xml:67
+@@ -2979,11 +3440,13 @@ msgid ""
+ "One of the following strings specifying the scope of session recording: "
+ "<placeholder type=\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Одна из следующих строк, которые определяют область записи сеанса: "
++"<placeholder type=\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2251 sssd-session-recording.5.xml:101
+ msgid "Default: \"none\""
+-msgstr ""
++msgstr "По умолчанию: «none»"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2256 sssd-session-recording.5.xml:106
+@@ -2997,11 +3460,15 @@ msgid ""
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+ msgstr ""
++"Разделённый запятыми список пользователей, для которых включена запись "
++"сеансов. Соответствие списку устанавливается по именам пользователей, "
++"возвращённым NSS, то есть после возможной замены пробелов, смены регистра и "
++"так далее."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2265 sssd-session-recording.5.xml:115
+ msgid "Default: Empty. Matches no users."
+-msgstr ""
++msgstr "По умолчанию: пусто. Не соответствует ни одному пользователю."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2270 sssd-session-recording.5.xml:120
+@@ -3015,6 +3482,9 @@ msgid ""
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+ msgstr ""
++"Разделённый запятыми список групп, для участников которых включена запись "
++"сеансов. Соответствие списку устанавливается по именам групп, возвращённым "
++"NSS, то есть после возможной замены пробелов, смены регистра и так далее."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2279 sssd.conf.5.xml:2311 sssd-session-recording.5.xml:129
+@@ -3024,11 +3494,15 @@ msgid ""
+ "performance cost, because each uncached request for a user requires "
+ "retrieving and matching the groups the user is member of."
+ msgstr ""
++"ПРИМЕЧАНИЕ: использование этого параметра (его установка в одно из значений) "
++"значительно сказывается на производительности, поскольку при каждом "
++"некэшированном запросе данных пользователя требуется выполнить получение и "
++"установление соответствия групп, участником которых он является."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2286 sssd-session-recording.5.xml:136
+ msgid "Default: Empty. Matches no groups."
+-msgstr ""
++msgstr "По умолчанию: пусто. Не соответствует ни одной группе."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2291 sssd-session-recording.5.xml:141
+@@ -3041,11 +3515,13 @@ msgid ""
+ "A comma-separated list of users to be excluded from recording, only "
+ "applicable with 'scope=all'."
+ msgstr ""
++"Разделённый запятыми список пользователей, которые исключаются из записи; "
++"применимо только при «scope=all»."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2298 sssd-session-recording.5.xml:148
+ msgid "Default: Empty. No users excluded."
+-msgstr ""
++msgstr "По умолчанию: пусто. Не исключается ни один пользователь."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2303 sssd-session-recording.5.xml:153
+@@ -3058,11 +3534,13 @@ msgid ""
+ "A comma-separated list of groups, members of which should be excluded from "
+ "recording. Only applicable with 'scope=all'."
+ msgstr ""
++"Разделённый запятыми список групп, участники которых исключаются из записи; "
++"применимо только при «scope=all»."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2318 sssd-session-recording.5.xml:168
+ msgid "Default: Empty. No groups excluded."
+-msgstr ""
++msgstr "По умолчанию: пусто. Не исключается ни одна группа."
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd.conf.5.xml:2328
+@@ -3072,7 +3550,7 @@ msgstr "РАЗДЕЛЫ ДОМЕНОВ"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2335
+ msgid "enabled"
+-msgstr ""
++msgstr "enabled"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2338
+@@ -3102,6 +3580,10 @@ msgid ""
+ "be present or generated. Only objects from POSIX domains are available to "
+ "the operating system interfaces and utilities."
+ msgstr ""
++"Указывает, предназначен ли домен для использования клиентами, "
++"поддерживающими POSIX (например, NSS), или приложениями, которым не "
++"требуется наличие или создание данных POSIX. Интерфейсам и утилитам "
++"операционной системы доступны только объекты из доменов POSIX."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2361
+@@ -3109,6 +3591,8 @@ msgid ""
+ "Allowed values for this option are <quote>posix</quote> and "
+ "<quote>application</quote>."
+ msgstr ""
++"Допустимые значение этого параметра: <quote>posix</quote> и "
++"<quote>application</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2365
+@@ -3118,6 +3602,9 @@ msgid ""
+ "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry>) and the PAM responder."
+ msgstr ""
++"Домены POSIX доступны для всех служб. Домены приложений доступны только для "
++"ответчика InfoPipe (см. <citerefentry> <refentrytitle>sssd-ifp</"
++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) и ответчика PAM."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2373
+@@ -3125,6 +3612,8 @@ msgid ""
+ "NOTE: The application domains are currently well tested with "
+ "<quote>id_provider=ldap</quote> only."
+ msgstr ""
++"ПРИМЕЧАНИЕ: в настоящее время тщательно тестируются только домены приложений "
++"с <quote>id_provider=ldap</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2377
+@@ -3132,11 +3621,13 @@ msgid ""
+ "For an easy way to configure a non-POSIX domains, please see the "
+ "<quote>Application domains</quote> section."
+ msgstr ""
++"Описание простого способа настройки доменов не-POSIX доступно в разделе "
++"<quote>Домены приложений</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2381
+ msgid "Default: posix"
+-msgstr ""
++msgstr "По умолчанию: posix"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2387
+@@ -3149,6 +3640,8 @@ msgid ""
+ "UID and GID limits for the domain. If a domain contains an entry that is "
+ "outside these limits, it is ignored."
+ msgstr ""
++"Пределы диапазона UID и GID для домена. Если домен содержит запись, "
++"находящуюся вне указанного диапазона, она будет проигнорирована."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2395
+@@ -3158,6 +3651,11 @@ msgid ""
+ "primary group memberships, those that are in range will be reported as "
+ "expected."
+ msgstr ""
++"Что касается записей пользователей, этот параметр ограничивает диапазон "
++"основного GID. Запись пользователя не будет возвращена в NSS, если UID или "
++"основной GID находится за пределами диапазона. Находящиеся в пределах "
++"диапазона записи пользователей, которые не являются участниками основной "
++"группы, будут выведены в обычном режиме."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2402
+@@ -3165,11 +3663,13 @@ msgid ""
+ "These ID limits affect even saving entries to cache, not only returning them "
+ "by name or ID."
+ msgstr ""
++"Эти пределы диапазона идентификаторов влияют даже на сохранение записей в "
++"кэш, а не только на их возврат по имени или идентификатору."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2406
+ msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+-msgstr ""
++msgstr "По умолчанию: 1 для min_id, 0 (без ограничений) для max_id"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2412
+@@ -3184,16 +3684,20 @@ msgid ""
+ "enable enumeration in order for secondary groups to be displayed. This "
+ "parameter can have one of the following values:"
+ msgstr ""
++"Определяет, можно ли выполнить перечисление для домена, то есть может ли "
++"домен вывести перечень всех содержащихся в нём пользователей и групп. "
++"Обратите внимание, что перечисление не требуется включать для просмотра "
++"вторичных групп. Этот параметр может иметь одно из следующих значений:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2423
+ msgid "TRUE = Users and groups are enumerated"
+-msgstr ""
++msgstr "TRUE = пользователи и группы перечисляются"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2426
+ msgid "FALSE = No enumerations for this domain"
+-msgstr ""
++msgstr "FALSE = для этого домена не выполняется перечисление"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2429 sssd.conf.5.xml:2699 sssd.conf.5.xml:2875
+@@ -3206,6 +3710,8 @@ msgid ""
+ "Enumerating a domain requires SSSD to download and store ALL user and group "
+ "entries from the remote server."
+ msgstr ""
++"Чтобы выполнить перечисление для домена, SSSD потребуется загрузить и "
++"сохранить ВСЕ записи пользователей и групп с удалённого сервера."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2437
+@@ -3220,6 +3726,16 @@ msgid ""
+ "quote> process becoming unresponsive or even restarted by the internal "
+ "watchdog."
+ msgstr ""
++"Примечание: если включить перечисление, во время его выполнения "
++"производительность SSSD умеренно снижается. Перечисление может занять до "
++"нескольких минут после запуска SSSD. В это время отдельные запросы "
++"информации отправляются непосредственно в LDAP, хотя это может выполняться "
++"медленно из-за ресурсоёмкой обработки перечисления. Сохранение большого "
++"количества записей в кэш после завершения перечисления также может давать "
++"интенсивную вычислительную нагрузку на центральный процессор, так как данные "
++"об участии в группах требуется вычислить заново. Это может привести к тому, "
++"что процесс <quote>sssd_be</quote> перестанет отвечать или даже будет "
++"перезапущен внутренним сторожевым таймером."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2452
+@@ -3227,6 +3743,8 @@ msgid ""
+ "While the first enumeration is running, requests for the complete user or "
+ "group lists may return no results until it completes."
+ msgstr ""
++"Когда выполняется первое перечисление, запросы полных списков пользователей "
++"или групп могут не вернуть результатов до момента завершения перечисления."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2457
+@@ -3236,6 +3754,11 @@ msgid ""
+ "enumeration lookups are completed successfully. For more information, refer "
+ "to the man pages for the specific id_provider in use."
+ msgstr ""
++"Более того, включение перечисления может увеличить время, необходимое для "
++"обнаружения отсутствия подключения к сети, так как для успешного выполнения "
++"поисков перечисления требуются более длительные тайм-ауты. Дополнительные "
++"сведения доступны на man-страницах конкретного используемого поставщика "
++"идентификаторов (id_provider)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2465
+@@ -3243,6 +3766,8 @@ msgid ""
+ "For the reasons cited above, enabling enumeration is not recommended, "
+ "especially in large environments."
+ msgstr ""
++"По вышеуказанным причинам не рекомендуется включать перечисление, особенно в "
++"средах большого размера."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2473
+@@ -3252,22 +3777,22 @@ msgstr "subdomain_enumerate (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2480
+ msgid "all"
+-msgstr ""
++msgstr "all"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2481
+ msgid "All discovered trusted domains will be enumerated"
+-msgstr ""
++msgstr "Выполнить перечисление для всех обнаруженных доверенных доменов"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2484
+ msgid "none"
+-msgstr ""
++msgstr "none"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2485
+ msgid "No discovered trusted domains will be enumerated"
+-msgstr ""
++msgstr "Не выполнять перечисление для обнаруженных доверенных доменов"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2476
+@@ -3277,6 +3802,11 @@ msgid ""
+ "Optionally, a list of one or more domain names can enable enumeration just "
+ "for these trusted domains."
+ msgstr ""
++"Следует ли выполнять перечисление для каких-либо автоматически обнаруженных "
++"доверенных доменов. Поддерживаемые значения: <placeholder type=\"variablelist"
++"\" id=\"0\"/> При необходимости можно указать список из одного или "
++"нескольких имён доверенных доменов, чтобы включить перечисление только для "
++"них."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2499
+@@ -3289,6 +3819,8 @@ msgid ""
+ "How many seconds should nss_sss consider entries valid before asking the "
+ "backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи "
++"действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2506
+@@ -3300,11 +3832,17 @@ msgid ""
+ "citerefentry> tool in order to force refresh of entries that have already "
+ "been cached."
+ msgstr ""
++"Отметки времени устаревания записей кэша хранятся как атрибуты отдельных "
++"объектов в кэше. Следовательно, изменение тайм-аута кэша повлияет только на "
++"новые добавленные или устаревшие записи. Следует запустить инструмент "
++"<citerefentry> <refentrytitle>sss_cache</refentrytitle> <manvolnum>8</"
++"manvolnum> </citerefentry> для принудительного обновления записей, которые "
++"уже были кэшированы."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2519
+ msgid "Default: 5400"
+-msgstr ""
++msgstr "По умолчанию: 5400"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2525
+@@ -3317,13 +3855,16 @@ msgid ""
+ "How many seconds should nss_sss consider user entries valid before asking "
+ "the backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи "
++"пользователей действительными, прежде чем снова обратиться к внутреннему "
++"серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2532 sssd.conf.5.xml:2545 sssd.conf.5.xml:2558
+ #: sssd.conf.5.xml:2571 sssd.conf.5.xml:2585 sssd.conf.5.xml:2598
+ #: sssd.conf.5.xml:2612 sssd.conf.5.xml:2626 sssd.conf.5.xml:2639
+ msgid "Default: entry_cache_timeout"
+-msgstr ""
++msgstr "По умолчанию: entry_cache_timeout"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2538
+@@ -3336,6 +3877,8 @@ msgid ""
+ "How many seconds should nss_sss consider group entries valid before asking "
+ "the backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи групп "
++"действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2551
+@@ -3348,6 +3891,8 @@ msgid ""
+ "How many seconds should nss_sss consider netgroup entries valid before "
+ "asking the backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи сетевых "
++"групп действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2564
+@@ -3360,6 +3905,8 @@ msgid ""
+ "How many seconds should nss_sss consider service entries valid before asking "
+ "the backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи служб "
++"действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2577
+@@ -3372,6 +3919,8 @@ msgid ""
+ "How many seconds should nss_sss consider hosts and networks entries valid "
+ "before asking the backend again"
+ msgstr ""
++"Количество секунд, в течение которого nss_sss следует считать записи узлов и "
++"сетей действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2591
+@@ -3384,6 +3933,8 @@ msgid ""
+ "How many seconds should sudo consider rules valid before asking the backend "
+ "again"
+ msgstr ""
++"Количество секунд, в течение которого sudo следует считать правила "
++"действительными, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2604
+@@ -3396,6 +3947,9 @@ msgid ""
+ "How many seconds should the autofs service consider automounter maps valid "
+ "before asking the backend again"
+ msgstr ""
++"Количество секунд, в течение которого службе autofs следует считать карты "
++"автоматического монтирования действительными, прежде чем снова обратиться к "
++"внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2618
+@@ -3408,6 +3962,9 @@ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+ msgstr ""
++"Количество секунд, в течение которого ключ SSH узла хранится после "
++"обновления. Иными словами, параметр определяет длительность хранения ключа "
++"узла в кэше."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2632
+@@ -3420,6 +3977,8 @@ msgid ""
+ "How many seconds to keep the local computer entry before asking the backend "
+ "again"
+ msgstr ""
++"Количество секунд, в течение которого следует хранить запись локального "
++"компьютера, прежде чем снова обратиться к внутреннему серверу"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2645
+@@ -3432,6 +3991,8 @@ msgid ""
+ "Specifies how many seconds SSSD has to wait before triggering a background "
+ "refresh task which will refresh all expired or nearly expired records."
+ msgstr ""
++"Указывает время ожидания SSSD (в секундах) перед активацией задания фонового "
++"обновления всех устаревших или почти устаревших записей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2653
+@@ -3441,16 +4002,21 @@ msgid ""
+ "user, typically ran at login) operation in the past, both the user entry "
+ "and the group membership are updated."
+ msgstr ""
++"При фоновом обновлении обрабатываются содержащиеся в кэше записи "
++"пользователей, групп и сетевых групп. Обновление как записи пользователя, "
++"так и участия в группах выполняется для тех пользователей, для которых ранее "
++"выполнялись действия по инициализации групп (получение данных об участии "
++"пользователя в группах, обычно выполняется при запуске)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2661
+ msgid "This option is automatically inherited for all trusted domains."
+-msgstr ""
++msgstr "Этот параметр автоматически наследуется для всех доверенных доменов."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2665
+ msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
+-msgstr ""
++msgstr "Рекомендуется установить это значение равным 3/4 * entry_cache_timeout."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2669
+@@ -3463,12 +4029,21 @@ msgid ""
+ "offline mode operation and reuse of existing valid cache entries. To make "
+ "this change instant the user may want to manually invalidate existing cache."
+ msgstr ""
++"Запись кэша будет обновлена фоновым заданием, если прошло 2/3 времени "
++"ожиданияустаревания кэша. Если в кэше уже есть записи, фоновое задание будет "
++"использовать значения времени ожидания устаревания исходных записей, а "
++"нетекущее значение конфигурации. Может возникнуть ситуация, в которой будет "
++"казаться, что фоновое задание по обновлению записей не работает. Это сделано "
++"специально для усовершенствования работы в автономном режиме иповторного "
++"использования имеющихся корректных записей в кэше. Чтобы мгновенно выполнить "
++"изменение, пользователю следует вручную объявить недействительность "
++"существующего кэша."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2682 sssd-ldap.5.xml:350 sssd-ldap.5.xml:1600
+ #: sssd-ipa.5.xml:269
+ msgid "Default: 0 (disabled)"
+-msgstr ""
++msgstr "По умолчанию: 0 (отключено)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2688
+@@ -3479,16 +4054,20 @@ msgstr "cache_credentials (логическое значение)"
+ #: sssd.conf.5.xml:2691
+ msgid "Determines if user credentials are also cached in the local LDB cache"
+ msgstr ""
++"Определяет, следует ли также кэшировать учётные данные пользователя в "
++"локальном кэше LDB"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2695
+ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
+ msgstr ""
++"Учётные данные пользователя хранятся в хэше SHA512, а не в виде простого "
++"текста"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2705
+ msgid "cache_credentials_minimal_first_factor_length (int)"
+-msgstr ""
++msgstr "cache_credentials_minimal_first_factor_length (целое число)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2708
+@@ -3497,6 +4076,10 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
++"Если используется двухфакторная проверка подлинности (2FA) и следует "
++"сохранить учётные данные, это значение определяет минимальную длину первого "
++"фактора проверки подлинности (долговременного пароля), который должен быть "
++"сохранён в формате контрольной суммы SHA512 в кэше."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2715
+@@ -3504,6 +4087,9 @@ msgid ""
+ "This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
+ "the cache which would make them easy targets for brute-force attacks."
+ msgstr ""
++"Таким образом удаётся предотвратить ситуацию, когда короткие PIN-"
++"кодыоснованной на PIN-кодах схемы 2FA хранятся в кэше и становятся "
++"лёгкоймишенью для атак методом подбора."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2726
+@@ -3518,11 +4104,15 @@ msgid ""
+ "value of this parameter must be greater than or equal to "
+ "offline_credentials_expiration."
+ msgstr ""
++"Количество дней, в течение которого записи хранятся в кэше после последнего "
++"успешного входа, прежде чем будут удалены при очистке кэша. Значение «0» "
++"означает, что записи будут храниться вечно. Значение этого параметра должно "
++"быть больше или равно значению offline_credentials_expiration."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2736
+ msgid "Default: 0 (unlimited)"
+-msgstr ""
++msgstr "По умолчанию: 0 (без ограничений)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2741
+@@ -3537,11 +4127,15 @@ msgid ""
+ "cannot display a warning. Also an auth provider has to be configured for the "
+ "backend."
+ msgstr ""
++"Обратите внимание, что внутренний сервер должен предоставить информацию о "
++"времени истечения срока действия пароля. Если она отсутствует, sssd не "
++"сможет показать предупреждение. Кроме того, для этого сервера следует "
++"настроить поставщика данных проверки подлинности."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2759
+ msgid "Default: 7 (Kerberos), 0 (LDAP)"
+-msgstr ""
++msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2765
+@@ -3553,17 +4147,21 @@ msgstr "id_provider (строка)"
+ msgid ""
+ "The identification provider used for the domain. Supported ID providers are:"
+ msgstr ""
++"Поставщик данных идентификации, который используется для домена. "
++"Поддерживаемые поставщики ID:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2772
+ msgid "<quote>proxy</quote>: Support a legacy NSS provider."
+-msgstr ""
++msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2775
+ msgid ""
+ "<quote>local</quote>: SSSD internal provider for local users (DEPRECATED)."
+ msgstr ""
++"<quote>local</quote>: внутренний поставщик SSSD для локальных пользователей ("
++"НЕ РЕКОМЕНДУЕТСЯ)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2779
+@@ -3572,6 +4170,10 @@ msgid ""
+ "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+ "information on how to mirror local users and groups into SSSD."
+ msgstr ""
++"<quote>files</quote>: поставщик данных ФАЙЛОВ. Дополнительные сведения о "
++"зеркалировании локальных пользователей и групп в SSSD: <citerefentry> "
++"<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> "
++"</citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2787
+@@ -3580,6 +4182,9 @@ msgid ""
+ "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+ "information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote>: поставщик данных LDAP. Дополнительные сведения о "
++"настройке LDAP: <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2795 sssd.conf.5.xml:2901 sssd.conf.5.xml:2956
+@@ -3590,6 +4195,10 @@ msgid ""
+ "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+ "FreeIPA."
+ msgstr ""
++"<quote>ipa</quote>: поставщик данных FreeIPA и Red Hat Enterprise Identity "
++"Management. Дополнительные сведения о настройке FreeIPA: <citerefentry> "
++"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
++"</citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2804 sssd.conf.5.xml:2910 sssd.conf.5.xml:2965
+@@ -3599,6 +4208,9 @@ msgid ""
+ "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring Active Directory."
+ msgstr ""
++"<quote>ad</quote>: поставщик данных Active Directory. Дополнительные "
++"сведения о настройке Active Directory: <citerefentry> <refentrytitle>sssd-"
++"ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2815
+@@ -3611,6 +4223,8 @@ msgid ""
+ "Use the full name and domain (as formatted by the domain's full_name_format) "
+ "as the user's login name reported to NSS."
+ msgstr ""
++"Использовать полные имя и домен (в формате, заданном full_name_format домена)"
++" в качестве имени учётной записи пользователя, которое сообщается NSS."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2823
+@@ -3620,6 +4234,11 @@ msgid ""
+ "<command>getent passwd test</command> wouldn't find the user while "
+ "<command>getent passwd test@LOCAL</command> would."
+ msgstr ""
++"Если задано значение «TRUE», во всех запросах к домену должны использоваться "
++"полные имена. Например, если этот параметр используется в домене LOCAL, "
++"содержащем пользователя «test», с помощью команды <command>getent passwd "
++"test</command> его не удастся найти, а с помощью команды <command>getent "
++"passwd test@LOCAL</command> получится это сделать."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2831
+@@ -3628,6 +4247,9 @@ msgid ""
+ "include nested netgroups without qualified names. For netgroups, all domains "
+ "will be searched when an unqualified name is requested."
+ msgstr ""
++"ПРИМЕЧАНИЕ: этот параметр не влияет на поиск сетевых групп, так как они "
++"зачастую включают вложенные сетевые группы без полных имён. Для сетевых "
++"групп выполняется поиск во всех доменах, когда запрашивается неполное имя."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2838
+@@ -3635,6 +4257,8 @@ msgid ""
+ "Default: FALSE (TRUE for trusted domain/sub-domains or if "
+ "default_domain_suffix is used)"
+ msgstr ""
++"По умолчанию: FALSE (TRUE для доверенных доменов/поддоменов или в случае "
++"использования default_domain_suffix)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2845
+@@ -3644,7 +4268,7 @@ msgstr "ignore_group_members (логическое значение)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2848
+ msgid "Do not return group members for group lookups."
+-msgstr ""
++msgstr "Не возвращать участников групп для поиска групп."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2851
+@@ -3657,6 +4281,13 @@ msgid ""
+ "citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
+ "return the requested group as if it was empty."
+ msgstr ""
++"Если установлено значение «TRUE», атрибут участия в группах не запрашивается "
++"с сервера LDAP, а списки участников групп не возвращаются при обработке "
++"вызовов поиска групп, таких как <citerefentry> <refentrytitle>getgrnam</"
++"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> или <citerefentry> "
++"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
++"citerefentry>. Как следствие, <quote>getent group $groupname</quote> вернёт "
++"запрошенную группу так, как будто она пуста."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2869
+@@ -3665,6 +4296,9 @@ msgid ""
+ "membership significantly faster, especially for groups containing many "
+ "members."
+ msgstr ""
++"Включение этого параметра также может значительно ускорить проверки участия "
++"в группах у поставщика доступа (особенно для групп, содержащих большое "
++"количество участников)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2880
+@@ -3677,6 +4311,8 @@ msgid ""
+ "The authentication provider used for the domain. Supported auth providers "
+ "are:"
+ msgstr ""
++"Поставщик данных для проверки подлинности, который используется для домена. "
++"Поддерживаемые поставщики данных для проверки подлинности:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2887 sssd.conf.5.xml:2949
+@@ -3685,6 +4321,9 @@ msgid ""
+ "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote> — использовать встроенную проверку подлинности LDAP. "
++"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-"
++"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2894
+@@ -3693,22 +4332,28 @@ msgid ""
+ "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring Kerberos."
+ msgstr ""
++"<quote>krb5</quote> — использовать проверку подлинности Kerberos. "
++"Дополнительные сведения о настройке Kerberos: <citerefentry> <refentrytitle"
++">sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2918
+ msgid ""
+ "<quote>proxy</quote> for relaying authentication to some other PAM target."
+ msgstr ""
++"<quote>proxy</quote> — передать проверку подлинности какой-либо другой цели "
++"PAM."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2921
+ msgid "<quote>local</quote>: SSSD internal provider for local users"
+ msgstr ""
++"<quote>local</quote> — внутренний поставщик SSSD для локальных пользователей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2925
+ msgid "<quote>none</quote> disables authentication explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключить проверку подлинности."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2928
+@@ -3716,6 +4361,8 @@ msgid ""
+ "Default: <quote>id_provider</quote> is used if it is set and can handle "
+ "authentication requests."
+ msgstr ""
++"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр "
++"задан и поддерживает обработку запросов проверки подлинности."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2934
+@@ -3729,6 +4376,9 @@ msgid ""
+ "access providers (in addition to any included in installed backends) "
+ "Internal special providers are:"
+ msgstr ""
++"Поставщик управления доступом, который используется для домена. Существуют "
++"два встроенных поставщика доступа (в дополнение к тем поставщикам, которые "
++"включены в установленные внутренние серверы). Внутренние особые поставщики:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2943
+@@ -3736,11 +4386,13 @@ msgid ""
+ "<quote>permit</quote> always allow access. It's the only permitted access "
+ "provider for a local domain."
+ msgstr ""
++"<quote>permit</quote> — всегда разрешать доступ. Это единственный поставщик "
++"разрешённого доступа для локального домена."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2946
+ msgid "<quote>deny</quote> always deny access."
+-msgstr ""
++msgstr "<quote>deny</quote> — всегда отказывать в доступе."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2973
+@@ -3750,6 +4402,10 @@ msgid ""
+ "manvolnum></citerefentry> for more information on configuring the simple "
+ "access module."
+ msgstr ""
++"<quote>simple</quote> — управление доступом на основе разрешающего или "
++"запрещающего списка. Дополнительные сведения о настройке модуля доступа "
++"simple: <citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
++"<manvolnum>5</manvolnum></citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2980
+@@ -3758,16 +4414,19 @@ msgid ""
+ "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+ "citerefentry> for more information on configuring Kerberos."
+ msgstr ""
++"<quote>krb5</quote> — управление доступом на основе .k5login. Дополнительные "
++"сведения о настройке Kerberos: <citerefentry> <refentrytitle>sssd-krb5</"
++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2987
+ msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+-msgstr ""
++msgstr "<quote>proxy</quote> — передать управление доступом другому модулю PAM."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:2990
+ msgid "Default: <quote>permit</quote>"
+-msgstr ""
++msgstr "По умолчанию: <quote>permit</quote>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:2995
+@@ -3780,6 +4439,8 @@ msgid ""
+ "The provider which should handle change password operations for the domain. "
+ "Supported change password providers are:"
+ msgstr ""
++"Поставщик данных, который должен обрабатывать операции смены пароля для "
++"домена. Поддерживаемые поставщики данных смены пароля:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3003
+@@ -3788,6 +4449,9 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for more information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote> — сменить пароль, который хранится на сервере LDAP. "
++"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-"
++"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3011
+@@ -3796,17 +4460,21 @@ msgid ""
+ "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring Kerberos."
+ msgstr ""
++"<quote>krb5</quote> — сменить пароль Kerberos. Дополнительные сведения о "
++"настройке Kerberos: <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3036
+ msgid ""
+ "<quote>proxy</quote> for relaying password changes to some other PAM target."
+ msgstr ""
++"<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3040
+ msgid "<quote>none</quote> disallows password changes explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно запретить смену пароля."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3043
+@@ -3814,6 +4482,8 @@ msgid ""
+ "Default: <quote>auth_provider</quote> is used if it is set and can handle "
+ "change password requests."
+ msgstr ""
++"По умолчанию: использовать <quote>auth_provider</quote>, если этот параметр "
++"задан и поддерживает обработку запросов смены пароля."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3050
+@@ -3824,6 +4494,8 @@ msgstr "sudo_provider (строка)"
+ #: sssd.conf.5.xml:3053
+ msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
+ msgstr ""
++"Поставщик данных SUDO, который используется для домена. Поддерживаемые "
++"поставщики данных SUDO:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3057
+@@ -3832,6 +4504,9 @@ msgid ""
+ "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote> — для правил, которые хранятся в LDAP. Дополнительные "
++"сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-ldap</"
++"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3065
+@@ -3839,6 +4514,8 @@ msgid ""
+ "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+ "settings."
+ msgstr ""
++"<quote>ipa</quote> — то же, что и <quote>ldap</quote>, но со стандартными "
++"параметрами IPA."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3069
+@@ -3846,17 +4523,21 @@ msgid ""
+ "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+ "settings."
+ msgstr ""
++"<quote>ad</quote> — то же, что и <quote>ldap</quote>, но со стандартными "
++"параметрами AD."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3073
+ msgid "<quote>none</quote> disables SUDO explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключить SUDO."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3076 sssd.conf.5.xml:3162 sssd.conf.5.xml:3232
+ #: sssd.conf.5.xml:3257 sssd.conf.5.xml:3293
+ msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
+ msgstr ""
++"По умолчанию: использовать значение <quote>id_provider</quote>, если этот "
++"параметр задан."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3080
+@@ -3868,6 +4549,12 @@ msgid ""
+ "\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+ "<manvolnum>5</manvolnum> </citerefentry>."
+ msgstr ""
++"Подробные инструкции по настройке sudo_provider доступны на справочной "
++"странице <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry>. Предусмотрено много параметров, "
++"которыми можно воспользоваться для настройки поведения программы. Подробное "
++"описание доступно в разделах «ldap_sudo_*» <citerefentry> <refentrytitle"
++">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3095
+@@ -3877,6 +4564,11 @@ msgid ""
+ "<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
+ "activity in SSSD if you do not want to use sudo with SSSD at all."
+ msgstr ""
++"<emphasis>ПРИМЕЧАНИЕ:</emphasis> загрузка правил SUDO периодически "
++"выполняется в фоновом режиме (при условии, что поставщик данных SUDO не был "
++"явно отключён). Укажите <emphasis>sudo_provider = None</emphasis> для "
++"отключения в SSSD всей связанной с SUDO активности, если в SSSD вообще не "
++"планируется использовать SUDO."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3105
+@@ -3890,6 +4582,9 @@ msgid ""
+ "provider will be called right after access provider ends. Supported selinux "
+ "providers are:"
+ msgstr ""
++"Поставщик данных, который должен обрабатывать загрузку параметров SELinux. "
++"Обратите внимание, что этот поставщик будет вызываться сразу после окончания "
++"работы поставщика доступа. Поддерживаемые поставщики данных SELinux:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3114
+@@ -3898,11 +4593,14 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for more information on configuring IPA."
+ msgstr ""
++"<quote>ipa</quote> — загрузить параметры SELinux с сервера IPA. "
++"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-"
++"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3122
+ msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключает получение параметров SELinux."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3125
+@@ -3910,6 +4608,8 @@ msgid ""
+ "Default: <quote>id_provider</quote> is used if it is set and can handle "
+ "selinux loading requests."
+ msgstr ""
++"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр "
++"задан и поддерживает обработку запросов загрузки параметров SELinux."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3131
+@@ -3922,6 +4622,9 @@ msgid ""
+ "The provider which should handle fetching of subdomains. This value should "
+ "be always the same as id_provider. Supported subdomain providers are:"
+ msgstr ""
++"Поставщик данных, который должен обрабатывать получение данных поддоменов. "
++"Это значение всегда должно совпадать со значением id_provider. "
++"Поддерживаемые поставщики данных поддоменов:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3140
+@@ -3930,6 +4633,9 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for more information on configuring IPA."
+ msgstr ""
++"<quote>ipa</quote> — загрузить список поддоменов с сервера IPA. "
++"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-"
++"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3149
+@@ -3939,11 +4645,15 @@ msgid ""
+ "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+ "the AD provider."
+ msgstr ""
++"<quote>ad</quote> — загрузить список поддоменов с сервера Active Directory. "
++"Дополнительные сведения о настройке поставщика данных AD: <citerefentry> "
++"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
++"</citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3158
+ msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключает получение данных поддоменов."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3168
+@@ -3957,17 +4667,25 @@ msgid ""
+ "only user session task currently provided is the integration with Fleet "
+ "Commander, which works only with IPA. Supported session providers are:"
+ msgstr ""
++"Поставщик данных, который настраивает задания, связанные с сеансами "
++"пользователей, и управляет ими. В настоящее время предоставляется только "
++"одно задание, связанное с сеансами пользователей: интеграция с Fleet "
++"Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3178
+ msgid "<quote>ipa</quote> to allow performing user session related tasks."
+ msgstr ""
++"<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами "
++"пользователей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3182
+ msgid ""
+ "<quote>none</quote> does not perform any kind of user session related tasks."
+ msgstr ""
++"<quote>none</quote> — не выполнять никакие задания, связанные с сеансами "
++"пользователей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3186
+@@ -3975,6 +4693,8 @@ msgid ""
+ "Default: <quote>id_provider</quote> is used if it is set and can perform "
+ "session related tasks."
+ msgstr ""
++"По умолчанию: использовать <quote>id_provider</quote>, если этот параметр "
++"задан и поддерживает выполнение заданий, связанных с сеансами."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3190
+@@ -3982,6 +4702,9 @@ msgid ""
+ "<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
+ "SSSD must be running as \"root\" and not as the unprivileged user."
+ msgstr ""
++"<emphasis>ПРИМЕЧАНИЕ:</emphasis> чтобы эта возможность работала должным "
++"образом, SSSD необходимо запускать от имени пользователя root, а не от имени "
++"пользователя без привилегий."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3198
+@@ -3993,6 +4716,8 @@ msgstr "autofs_provider (строка)"
+ msgid ""
+ "The autofs provider used for the domain. Supported autofs providers are:"
+ msgstr ""
++"Поставщик данных autofs, который используется для домена. Поддерживаемые "
++"поставщики данных autofs:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3205
+@@ -4001,6 +4726,9 @@ msgid ""
+ "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote> — загрузить карты, которые хранятся в LDAP. "
++"Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle>sssd-"
++"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3212
+@@ -4009,6 +4737,9 @@ msgid ""
+ "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring IPA."
+ msgstr ""
++"<quote>ipa</quote> — загрузить карты, которые хранятся на сервере IPA. "
++"Дополнительные сведения о настройке IPA: <citerefentry> <refentrytitle>sssd-"
++"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3220
+@@ -4017,11 +4748,15 @@ msgid ""
+ "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> for more information on configuring the AD provider."
+ msgstr ""
++"<quote>ad</quote> — загрузить карты, которые хранятся на сервере AD. "
++"Дополнительные сведения о настройке поставщика данных AD: <citerefentry> "
++"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
++"</citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3229
+ msgid "<quote>none</quote> disables autofs explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключить autofs."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3239
+@@ -4034,6 +4769,8 @@ msgid ""
+ "The provider used for retrieving host identity information. Supported "
+ "hostid providers are:"
+ msgstr ""
++"Поставщик данных, который используется для получения данных идентификации "
++"узла. Поддерживаемые поставщики hostid:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3246
+@@ -4042,11 +4779,15 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for more information on configuring IPA."
+ msgstr ""
++"<quote>ipa</quote> — загрузить данные идентификации узла, которые хранятся "
++"на сервере IPA. Дополнительные сведения о настройке IPA: <citerefentry> "
++"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
++"</citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3254
+ msgid "<quote>none</quote> disables hostid explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключить hostid."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3264
+@@ -4059,6 +4800,8 @@ msgid ""
+ "The provider which should handle hosts and networks lookups. Supported "
+ "resolver providers are:"
+ msgstr ""
++"Поставщик данных, который должен обрабатывать поиск узлов и сетей. "
++"Поддерживаемые поставщики данных сопоставления:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3271
+@@ -4066,6 +4809,8 @@ msgid ""
+ "<quote>proxy</quote> to forward lookups to another NSS library. See "
+ "<quote>proxy_resolver_lib_name</quote>"
+ msgstr ""
++"<quote>proxy</quote> — перенаправлять поисковые запросы другой библиотеке "
++"NSS. См. <quote>proxy_resolver_lib_name</quote>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3275
+@@ -4074,6 +4819,9 @@ msgid ""
+ "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+ "manvolnum> </citerefentry> for more information on configuring LDAP."
+ msgstr ""
++"<quote>ldap</quote> — получить записи узлов и сетей, которые хранятся в "
++"LDAP. Дополнительные сведения о настройке LDAP: <citerefentry> <refentrytitle"
++">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3282
+@@ -4083,11 +4831,15 @@ msgid ""
+ "manvolnum> </citerefentry> for more information on configuring the AD "
+ "provider."
+ msgstr ""
++"<quote>ad</quote> — получить записи узлов и сетей, которые хранятся на "
++"сервере AD. Дополнительные сведения о настройке поставщика данных AD: "
++"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
++"manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3290
+ msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
+-msgstr ""
++msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3303
+@@ -4098,6 +4850,11 @@ msgid ""
+ "trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
+ "the domain."
+ msgstr ""
++"Регулярное выражение для этого домена, которое описывает, как получить из "
++"строки, содержащей имя пользователя и домен, эти компоненты. «Домен» может "
++"соответствовать либо имени домена в конфигурации SSSD, либо (в случае "
++"поддоменов доверия IPA и доменов Active Directory) плоскому (NetBIOS) имени "
++"домена."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3312
+@@ -4107,21 +4864,25 @@ msgid ""
+ "P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
+ "user names:"
+ msgstr ""
++"Значение по умолчанию для поставщиков данных AD и IPA: "
++"<quote>(((?P<domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>["
++"^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> — оно "
++"позволяет назначать три разных стиля записи имён пользователей:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:3317
+ msgid "username"
+-msgstr ""
++msgstr "username"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:3320
+ msgid "username@domain.name"
+-msgstr ""
++msgstr "username@domain.name"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:3323
+ msgid "domain\\username"
+-msgstr ""
++msgstr "domain\\username"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3326
+@@ -4129,6 +4890,8 @@ msgid ""
+ "While the first two correspond to the general default the third one is "
+ "introduced to allow easy integration of users from Windows domains."
+ msgstr ""
++"Первые два стиля соответствуют общим стандартным стилям, а третий введён для "
++"обеспечения простой интеграции пользователей из доменов Windows."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3331
+@@ -4137,6 +4900,9 @@ msgid ""
+ "which translates to \"the name is everything up to the <quote>@</quote> "
+ "sign, the domain everything after that\""
+ msgstr ""
++"По умолчанию: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</"
++"quote>, что означает «имя — это всё, что предшествует знаку <quote>@</"
++"quote>, домен — всё, что идёт после этого знака»."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3337
+@@ -4147,6 +4913,12 @@ msgid ""
+ "consider changing the re_expression value to: <quote>((?P<name>.+)@(?"
+ "P<domain>[^@]+$))</quote>."
+ msgstr ""
++"ПРИМЕЧАНИЕ: имена некоторых групп Active Directory (как правило, тех, "
++"которые используются для MS Exchange) содержат символ <quote>@</quote>, что "
++"конфликтует со стандартным значением re_expression для поставщиков данных AD "
++"и IPA. Чтобы обеспечить поддержку этих групп, рекомендуется изменить "
++"значение re_expression на "
++"<quote>((?P<name>.+)@(?P<domain>[^@]+$))</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3388
+@@ -4164,6 +4936,8 @@ msgid ""
+ "Provides the ability to select preferred address family to use when "
+ "performing DNS lookups."
+ msgstr ""
++"Предоставляет возможность выбрать предпочитаемое семейство адресов, которое "
++"следует использовать при выполнении запросов DNS."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3401
+@@ -4174,26 +4948,30 @@ msgstr "Поддерживаемые значения:"
+ #: sssd.conf.5.xml:3404
+ msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+ msgstr ""
++"ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти "
++"адрес IPv6"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3407
+ msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+-msgstr ""
++msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3410
+ msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+ msgstr ""
++"ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти "
++"адрес IPv4"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3413
+ msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+-msgstr ""
++msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3416
+ msgid "Default: ipv4_first"
+-msgstr ""
++msgstr "По умолчанию: ipv4_first"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3422 sssd.conf.5.xml:3461
+@@ -4206,6 +4984,9 @@ msgid ""
+ "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS "
+ "server before trying next DNS server."
+ msgstr ""
++"Определяет количество времени (в миллисекундах), в течение которого SSSD "
++"будет пытаться обменяться данными с сервером DNS перед переходом к "
++"следующему."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3430 sssd.conf.5.xml:3450 sssd.conf.5.xml:3469
+@@ -4214,12 +4995,14 @@ msgid ""
+ "Please see the section <quote>FAILOVER</quote> for more information about "
+ "the service resolution."
+ msgstr ""
++"Более подробные сведения о разрешении служб доступны в разделе "
++"<quote>ОБРАБОТКА ОТКАЗА</quote>."
+
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3435 sssd.conf.5.xml:3474 sssd-ldap.5.xml:563
+ #: include/failover.xml:84
+ msgid "Default: 1000"
+-msgstr ""
++msgstr "По умолчанию: 1000"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3441 sssd.conf.5.xml:3480
+@@ -4233,6 +5016,10 @@ msgid ""
+ "(e.g. resolution of a hostname or an SRV record) before try next hostname "
+ "or DNS discovery."
+ msgstr ""
++"Определяет количество времени (в секундах), в течение которого будет "
++"ожидаться разрешение одного запроса DNS (например, разрешение имени узла или "
++"записи SRV) перед переходом к следующему имени узла или поиску следующего "
++"DNS."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3500
+@@ -4247,6 +5034,10 @@ msgid ""
+ "If this timeout is reached, the domain will continue to operate in offline "
+ "mode."
+ msgstr ""
++"Определяет количество времени (в секундах), в течение которого будет "
++"ожидаться ответ от внутренней службы отказоустойчивости, прежде служба будет "
++"считаться недоступной. Если это время ожидания истекло, домен продолжит "
++"работу в автономном режиме."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3521
+@@ -4259,11 +5050,13 @@ msgid ""
+ "If service discovery is used in the back end, specifies the domain part of "
+ "the service discovery DNS query."
+ msgstr ""
++"Если на внутреннем сервере используется обнаружение служб, указывает "
++"доменную часть запроса обнаружения служб DNS."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3528
+ msgid "Default: Use the domain part of machine's hostname"
+-msgstr "По умолчанию: использовать имя домена из имени узла компьютера"
++msgstr "По умолчанию: использовать доменную часть имени узла компьютера"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3534
+@@ -4273,7 +5066,7 @@ msgstr "override_gid (целое число)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3537
+ msgid "Override the primary GID value with the one specified."
+-msgstr ""
++msgstr "Переопределить значение основного GID указанным значением."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3543
+@@ -4283,27 +5076,29 @@ msgstr "case_sensitive (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3554
+ msgid "True"
+-msgstr ""
++msgstr "True"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3557
+ msgid "Case sensitive. This value is invalid for AD provider."
+ msgstr ""
++"С учётом регистра. Это значение не является корректным для поставщика данных "
++"AD."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3563
+ msgid "False"
+-msgstr ""
++msgstr "False"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3565
+ msgid "Case insensitive."
+-msgstr ""
++msgstr "Без учёта регистра."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3569
+ msgid "Preserving"
+-msgstr ""
++msgstr "Preserving"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3572
+@@ -4312,6 +5107,10 @@ msgid ""
+ "of NSS operations. Note that name aliases (and in case of services also "
+ "protocol names) are still lowercased in the output."
+ msgstr ""
++"То же, что «False» (без учёта регистра), но не переводит в нижний регистр "
++"имена в результатах операций NSS. Обратите внимание, что псевдонимы (а в "
++"случае служб также и имена протоколов) всё равно будут переведены в нижний "
++"регистр в выведенных данных."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3580
+@@ -4319,6 +5118,9 @@ msgid ""
+ "If you want to set this value for trusted domain with IPA provider, you need "
+ "to set it on both the client and SSSD on the server."
+ msgstr ""
++"Если требуется установить это значение для доверенного домена с поставщиком "
++"данных IPA, необходимо установить его как на стороне клиента, так и для SSSD "
++"на сервере."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3546
+@@ -4328,6 +5130,10 @@ msgid ""
+ "the local provider. </phrase> Possible option values are: <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Обрабатывать имена пользователей и групп с учётом регистра. <phrase "
++"condition=\"enable_local_provider\"> В настоящее время этот параметр не "
++"поддерживается локальным поставщиком. </phrase> Возможные значения параметра:"
++" <placeholder type=\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3590
+@@ -4335,11 +5141,13 @@ msgid ""
+ "This option can be also set per subdomain or inherited via "
+ "<emphasis>subdomain_inherit</emphasis>."
+ msgstr ""
++"Этот параметр также может быть задан для каждого поддомена отдельно или "
++"унаследован с помощью <emphasis>subdomain_inherit</emphasis>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3595
+ msgid "Default: True (False for AD provider)"
+-msgstr ""
++msgstr "По умолчанию: True (False для поставщика данных AD)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3601
+@@ -4357,22 +5165,22 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3610
+ msgid "ignore_group_members"
+-msgstr ""
++msgstr "ignore_group_members"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3613
+ msgid "ldap_purge_cache_timeout"
+-msgstr ""
++msgstr "ldap_purge_cache_timeout"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3616 sssd-ldap.5.xml:390
+ msgid "ldap_use_tokengroups"
+-msgstr ""
++msgstr "ldap_use_tokengroups"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3619
+ msgid "ldap_user_principal"
+-msgstr ""
++msgstr "ldap_user_principal"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3622
+@@ -4380,16 +5188,18 @@ msgid ""
+ "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+ "is not set explicitly)"
+ msgstr ""
++"ldap_krb5_keytab (будет использоваться значение krb5_keytab, если параметр "
++"ldap_krb5_keytab не задан явно)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3626
+ msgid "auto_private_groups"
+-msgstr ""
++msgstr "auto_private_groups"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3629
+ msgid "case_sensitive"
+-msgstr ""
++msgstr "case_sensitive"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+ #: sssd.conf.5.xml:3634
+@@ -4398,11 +5208,14 @@ msgid ""
+ "subdomain_inherit = ldap_purge_cache_timeout\n"
+ " "
+ msgstr ""
++"subdomain_inherit = ldap_purge_cache_timeout\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3641
+ msgid "Note: This option only works with the IPA and AD provider."
+ msgstr ""
++"Примечание: этот параметр работает только для поставщиков данных IPA и AD."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3648
+@@ -4412,12 +5225,12 @@ msgstr "subdomain_homedir (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3659
+ msgid "%F"
+-msgstr ""
++msgstr "%F"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3660
+ msgid "flat (NetBIOS) name of a subdomain."
+-msgstr ""
++msgstr "плоское (NetBIOS) имя поддомена."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3651
+@@ -4428,17 +5241,25 @@ msgid ""
+ "with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Использовать этот домашний каталог как значение по умолчанию для всех "
++"поддоменов в пределах доверия AD IPA. Сведения о возможных значениях "
++"доступны в описании параметра <emphasis>override_homedir</emphasis>. В "
++"дополнение к этому, приведённое ниже расширение можно использовать только с "
++"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
++"id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3665
+ msgid ""
+ "The value can be overridden by <emphasis>override_homedir</emphasis> option."
+ msgstr ""
++"Это значение может быть переопределено параметром "
++"<emphasis>override_homedir</emphasis>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3669
+ msgid "Default: <filename>/home/%d/%u</filename>"
+-msgstr ""
++msgstr "По умолчанию: <filename>/home/%d/%u</filename>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3674
+@@ -4449,12 +5270,12 @@ msgstr "realmd_tags (строка)"
+ #: sssd.conf.5.xml:3677
+ msgid ""
+ "Various tags stored by the realmd configuration service for this domain."
+-msgstr ""
++msgstr "Различные метки, сохранённые службой настройки realmd для этого домена."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3683
+ msgid "cached_auth_timeout (int)"
+-msgstr ""
++msgstr "cached_auth_timeout (целое число)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3686
+@@ -4493,7 +5314,7 @@ msgstr "auto_private_groups (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3720
+ msgid "true"
+-msgstr ""
++msgstr "true"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3723
+@@ -4514,7 +5335,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3736
+ msgid "false"
+-msgstr ""
++msgstr "false"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3739
+@@ -4526,7 +5347,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3745
+ msgid "hybrid"
+-msgstr ""
++msgstr "hybrid"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3748
+@@ -4537,6 +5358,11 @@ msgid ""
+ "GID in the user entry is also used by a group object, the primary GID of the "
+ "user resolves to that group object."
+ msgstr ""
++"Основная группа автоматически генерируется для записей пользователей, номера "
++"UID и GID которых имеют одно и то же значение, и при этом номер GID не "
++"соответствует реальному объекту группы в LDAP. Если значения совпадают, но "
++"основной GID в записи пользователя также используется объектом группы, "
++"основной GID этого пользователя разрешается в этот объект группы."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3761
+@@ -4559,6 +5385,8 @@ msgid ""
+ "This option takes any of three available values: <placeholder type="
+ "\"variablelist\" id=\"0\"/>"
+ msgstr ""
++"Этот параметр принимает одно из трёх допустимых значений: <placeholder type="
++"\"variablelist\" id=\"0\"/>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:3780
+@@ -4617,6 +5445,8 @@ msgid ""
+ "Default: not set by default, you have to take an existing pam configuration "
+ "or create a new one and add the service name here."
+ msgstr ""
++"По умолчанию: не задано по умолчанию; следует воспользоваться существующей "
++"конфигурацией PAM или создать новую и добавить здесь имя службы."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:3823
+@@ -4681,7 +5511,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd.conf.5.xml:3886
+ msgid "Application domains"
+-msgstr ""
++msgstr "Домены приложений"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd.conf.5.xml:3888
+@@ -4736,6 +5566,11 @@ msgid ""
+ "the telephoneNumber attribute, stores it as the phone attribute in the cache "
+ "and makes the phone attribute reachable through the D-Bus interface."
+ msgstr ""
++"В следующем примере показано использование домена приложений. В этой "
++"конфигурации домен POSIX подключён к серверу LDAP и используется ОС с "
++"помощью ответчика NSS. Кроме того, домен приложений также запрашивает "
++"атрибут telephoneNumber, сохраняет его как атрибут phone в кэше и делает "
++"атрибут phone доступным через интерфейс D-Bus."
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
+ #: sssd.conf.5.xml:3941
+@@ -4902,12 +5737,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:4075
+ msgid "Default: None, no command is run"
+-msgstr ""
++msgstr "По умолчанию: none, команда не выполняется"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd.conf.5.xml:4085
+ msgid "TRUSTED DOMAIN SECTION"
+-msgstr ""
++msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4087
+@@ -4923,52 +5758,52 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4094
+ msgid "ldap_search_base,"
+-msgstr ""
++msgstr "ldap_search_base,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4095
+ msgid "ldap_user_search_base,"
+-msgstr ""
++msgstr "ldap_user_search_base,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4096
+ msgid "ldap_group_search_base,"
+-msgstr ""
++msgstr "ldap_group_search_base,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4097
+ msgid "ldap_netgroup_search_base,"
+-msgstr ""
++msgstr "ldap_netgroup_search_base,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4098
+ msgid "ldap_service_search_base,"
+-msgstr ""
++msgstr "ldap_service_search_base,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4099
+ msgid "ldap_sasl_mech,"
+-msgstr ""
++msgstr "ldap_sasl_mech,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4100
+ msgid "ad_server,"
+-msgstr ""
++msgstr "ad_server,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4101
+ msgid "ad_backup_server,"
+-msgstr ""
++msgstr "ad_backup_server,"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4102
+ msgid "ad_site,"
+-msgstr ""
++msgstr "ad_site,"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd.conf.5.xml:4103 sssd-ipa.5.xml:811
+ msgid "use_fully_qualified_names"
+-msgstr ""
++msgstr "use_fully_qualified_names"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4107
+@@ -5072,7 +5907,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:4193
+ msgid "Default: the configured domain in sssd.conf"
+-msgstr ""
++msgstr "По умолчанию: настроенный домен в sssd.conf"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.conf.5.xml:4198
+@@ -5090,7 +5925,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.conf.5.xml:4207
+ msgid "Default: the lowest priority"
+-msgstr ""
++msgstr "По умолчанию: самый низкий приоритет"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.conf.5.xml:4213
+@@ -5377,6 +6212,12 @@ msgid ""
+ "neither option is specified, service discovery is enabled. For more "
+ "information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+ msgstr ""
++"Разделённый запятыми список URI серверов LDAP, к которым SSSD следует "
++"подключаться в порядке приоритета. Дополнительные сведения об отработке "
++"отказа и избыточности сервера доступны в разделе <quote>ОТРАБОТКА ОТКАЗА</"
++"quote>. Если не указан ни один из параметров, будет включено обнаружение "
++"служб. Дополнительные сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ "
++"СЛУЖБ</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:76 sssd-secrets.5.xml:264
+@@ -5412,6 +6253,10 @@ msgid ""
+ "Refer to the <quote>FAILOVER</quote> section for more information on "
+ "failover and server redundancy."
+ msgstr ""
++"Разделённый запятыми список URI серверов LDAP, к которым SSSD следует "
++"подключаться в порядке приоритета для смены пароля пользователя. "
++"Дополнительные сведения об отработке отказа и избыточности сервера доступны "
++"в разделе <quote>ОТРАБОТКА ОТКАЗА</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:101
+@@ -5421,7 +6266,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:105
+ msgid "Default: empty, i.e. ldap_uri is used."
+-msgstr ""
++msgstr "По умолчанию: пусто, то есть используется ldap_uri."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:111
+@@ -5594,7 +6439,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:247
+ msgid "Default: exop"
+-msgstr ""
++msgstr "По умолчанию: exop"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:253
+@@ -5614,27 +6459,27 @@ msgstr "ldap_default_authtok_type (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:266
+ msgid "The type of the authentication token of the default bind DN."
+-msgstr ""
++msgstr "Тип маркера проверки подлинности для bind DN по умолчанию."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:270
+ msgid "The two mechanisms currently supported are:"
+-msgstr ""
++msgstr "В настоящее время поддерживаются два механизма:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:273
+ msgid "password"
+-msgstr "пароль"
++msgstr "password"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:276
+ msgid "obfuscated_password"
+-msgstr ""
++msgstr "obfuscated_password"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:279
+ msgid "Default: password"
+-msgstr ""
++msgstr "По умолчанию: password"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:282
+@@ -5678,6 +6523,8 @@ msgid ""
+ "Specifies how many seconds SSSD has to wait before refreshing its cache of "
+ "enumerated records."
+ msgstr ""
++"Указывает время ожидания SSSD (в секундах) перед обновлением своего кэша "
++"перечисленных записей."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:332
+@@ -5737,7 +6584,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:384
+ msgid "Default: 2"
+-msgstr ""
++msgstr "По умолчанию: 2"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:393
+@@ -5749,7 +6596,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:398
+ msgid "Default: True for AD and IPA otherwise False."
+-msgstr ""
++msgstr "По умолчанию: True для AD и IPA, в ином случае — False."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:404
+@@ -5774,7 +6621,7 @@ msgstr ""
+ #. type: Content of: <listitem><para>
+ #: sssd-ldap.5.xml:416 sssd-ipa.5.xml:394 include/ldap_search_bases.xml:27
+ msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+-msgstr ""
++msgstr "По умолчанию: значение <emphasis>ldap_search_base</emphasis>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:423
+@@ -5879,7 +6726,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:535 sssd-ldap.5.xml:1575
+ msgid "Default: 900 (15 minutes)"
+-msgstr ""
++msgstr "По умолчанию: 900 (15 минут)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:541
+@@ -6076,7 +6923,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:726
+ msgid "Default: hard"
+-msgstr ""
++msgstr "По умолчанию: hard"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:732
+@@ -6193,7 +7040,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:853
+ msgid "Default: not set (both options are set to 0)"
+-msgstr ""
++msgstr "По умолчанию: не задано (оба параметра установлены в значение 0)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:859
+@@ -6235,6 +7082,13 @@ msgid ""
+ "host/*\n"
+ " "
+ msgstr ""
++"hostname@REALM\n"
++"netbiosname$@REALM\n"
++"host/hostname@REALM\n"
++"*$@REALM\n"
++"host/*@REALM\n"
++"host/*\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:885
+@@ -6251,7 +7105,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:905
+ msgid "Default: host/hostname@REALM"
+-msgstr ""
++msgstr "По умолчанию: host/hostname@REALM"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:911
+@@ -6269,7 +7123,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:920
+ msgid "Default: the value of krb5_realm."
+-msgstr ""
++msgstr "По умолчанию: значение krb5_realm."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:926
+@@ -6286,7 +7140,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:934
+ msgid "Default: false;"
+-msgstr ""
++msgstr "По умолчанию: false;"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:940
+@@ -6302,6 +7156,8 @@ msgstr ""
+ #: sssd-ldap.5.xml:947 sssd-krb5.5.xml:247
+ msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+ msgstr ""
++"По умолчанию: системная таблица ключей, обычно <filename>/etc/krb5."
++"keytab</filename>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:953
+@@ -6330,7 +7186,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:975 sssd-ad.5.xml:1229
+ msgid "Default: 86400 (24 hours)"
+-msgstr ""
++msgstr "По умолчанию: 86400 (24 часа)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:981 sssd-krb5.5.xml:74
+@@ -6348,6 +7204,13 @@ msgid ""
+ "discovery is enabled - for more information, refer to the <quote>SERVICE "
+ "DISCOVERY</quote> section."
+ msgstr ""
++"Разделённый запятыми список IP-адресов или названий узлов серверов Kerberos, "
++"к которым SSSD следует подключаться в порядке приоритета. Дополнительные "
++"сведения об отработке отказа и избыточности сервера доступны в разделе "
++"<quote>ОТРАБОТКА ОТКАЗА</quote>. После адресов или имён узлов можно "
++"(необязательно) добавить номер порта (предварив его двоеточием). Если у "
++"параметра пустое значение, будет включено обнаружение служб — дополнительные "
++"сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:996 sssd-krb5.5.xml:89
+@@ -6449,6 +7312,10 @@ msgid ""
+ "to determine if the password has expired. Use chpass_provider=krb5 to update "
+ "these attributes when the password is changed."
+ msgstr ""
++"<emphasis>mit_kerberos</emphasis> — использовать атрибуты, которые "
++"используются MIT Kerberos, для определения того, не истёк ли срок действия "
++"пароля. Чтобы обновить эти атрибуты в случае пароля, воспользуйтесь "
++"chpass_provider=krb5."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1094
+@@ -6456,6 +7323,9 @@ msgid ""
+ "<emphasis>Note</emphasis>: if a password policy is configured on server "
+ "side, it always takes precedence over policy set with this option."
+ msgstr ""
++"<emphasis>Примечание</emphasis>: если на стороне сервера настроена политика "
++"паролей, она всегда будет иметь приоритет над политикой, заданной с помощью "
++"этого параметра."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1102
+@@ -6500,7 +7370,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1140
+ msgid "Default: ldap"
+-msgstr ""
++msgstr "По умолчанию: ldap"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1146
+@@ -6662,6 +7532,8 @@ msgstr "ldap_access_order (строка)"
+ #: sssd-ldap.5.xml:1284
+ msgid "Comma separated list of access control options. Allowed values are:"
+ msgstr ""
++"Разделённый запятыми список параметров управления доступом. Допустимые "
++"значения:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1288
+@@ -6728,6 +7600,8 @@ msgstr ""
+ msgid ""
+ "Note If user password is expired no explicit message is prompted by SSSD."
+ msgstr ""
++"Обратите внимание, что при истечении срока действия пароля от SSSD не "
++"поступит запрос с явным уведомлением."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1351
+@@ -6761,6 +7635,9 @@ msgid ""
+ "Please note, rhost field in pam is set by application, it is better to check "
+ "what the application sends to pam, before enabling this access control option"
+ msgstr ""
++"Обратите внимание, что значение поля rhost в pam устанавливается приложением;"
++" рекомендуется проверить, что приложение отправляет в pam, прежде чем "
++"включать этот параметр управления доступом"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1374
+@@ -6796,7 +7673,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1398
+ msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
+-msgstr ""
++msgstr "По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1404
+@@ -6894,7 +7771,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1480
+ msgid "Default: 1000 (often the size of one page)"
+-msgstr ""
++msgstr "По умолчанию: 1000 (часто размер одной страницы)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1486
+@@ -6918,7 +7795,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1499
+ msgid "Default: 0 (libldap debugging disabled)"
+-msgstr ""
++msgstr "По умолчанию: 0 (отладка libldap отключена)"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ldap.5.xml:51
+@@ -6935,7 +7812,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap.5.xml:1509
+ msgid "SUDO OPTIONS"
+-msgstr ""
++msgstr "ПАРАМЕТРЫ SUDO"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ldap.5.xml:1511
+@@ -6974,7 +7851,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1540
+ msgid "Default: 21600 (6 hours)"
+-msgstr ""
++msgstr "По умолчанию: 21600 (6 часов)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1546
+@@ -7081,7 +7958,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1638 sssd-ldap.5.xml:1661
+ msgid "Default: not specified"
+-msgstr ""
++msgstr "По умолчанию: не указано"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1644
+@@ -7145,7 +8022,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap.5.xml:1720
+ msgid "AUTOFS OPTIONS"
+-msgstr ""
++msgstr "ПАРАМЕТРЫ AUTOFS"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ldap.5.xml:1722
+@@ -7167,12 +8044,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap.5.xml:1734
+ msgid "Default: auto.master"
+-msgstr ""
++msgstr "По умолчанию: auto.master"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap.5.xml:1745
+ msgid "ADVANCED OPTIONS"
+-msgstr ""
++msgstr "ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap.5.xml:1752
+@@ -7290,6 +8167,16 @@ msgid ""
+ "ldap_tls_reqcert = demand\n"
+ "cache_credentials = true\n"
+ msgstr ""
++"[domain/LDAP]\n"
++"id_provider = ldap\n"
++"auth_provider = ldap\n"
++"access_provider = ldap\n"
++"ldap_access_order = lockout\n"
++"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
++"ldap_uri = ldap://ldap.mydomain.org\n"
++"ldap_search_base = dc=mydomain,dc=org\n"
++"ldap_tls_reqcert = demand\n"
++"cache_credentials = true\n"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap.5.xml:1839 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+@@ -7340,6 +8227,9 @@ msgid ""
+ "Services daemon (SSSD). Errors and results are logged through "
+ "<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+ msgstr ""
++"<command>pam_sss.so</command> — это интерфейс PAM к сервису SSSD. Ошибки и "
++"результаты записываются в журнал посредством <command>syslog(3)</command> с "
++"LOG_AUTHPRIV."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: pam_sss.8.xml:74
+@@ -7801,27 +8691,29 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: pam_sss.8.xml:446
+ msgid "PAM_MODULE_UNKNOWN"
+-msgstr ""
++msgstr "PAM_MODULE_UNKNOWN"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: pam_sss.8.xml:449
+ msgid "Unsupported PAM task or command."
+-msgstr ""
++msgstr "Неподдерживаемое задание или команда PAM."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: pam_sss.8.xml:454
+ msgid "PAM_BAD_ITEM"
+-msgstr ""
++msgstr "PAM_BAD_ITEM"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: pam_sss.8.xml:457
+ msgid "The authentication module cannot handle Smartcard credentials."
+ msgstr ""
++"Модулю проверки подлинности не удалось обработать учётные данные со "
++"смарт-карты."
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: pam_sss.8.xml:465
+ msgid "FILES"
+-msgstr ""
++msgstr "ФАЙЛЫ"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: pam_sss.8.xml:466
+@@ -7854,12 +8746,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16
+ msgid "pam_sss_gss"
+-msgstr ""
++msgstr "pam_sss_gss"
+
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: pam_sss_gss.8.xml:17
+ msgid "PAM module for SSSD GSSAPI authentication"
+-msgstr ""
++msgstr "Модуль PAM для проверки подлинности с помощью GSSAPI в SSSD"
+
+ #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+ #: pam_sss_gss.8.xml:22
+@@ -7867,6 +8759,8 @@ msgid ""
+ "<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</"
+ "replaceable> </arg>"
+ msgstr ""
++"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</"
++"replaceable> </arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: pam_sss_gss.8.xml:32
+@@ -7874,6 +8768,8 @@ msgid ""
+ "<command>pam_sss_gss.so</command> authenticates user over GSSAPI in "
+ "cooperation with SSSD."
+ msgstr ""
++"<command>pam_sss_gss.so</command> выполняет проверку подлинности "
++"пользователя с помощью GSSAPI совместно с SSSD."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: pam_sss_gss.8.xml:36
+@@ -7995,6 +8891,10 @@ msgid ""
+ "...\n"
+ " "
+ msgstr ""
++"...\n"
++"auth sufficient pam_sss_gss.so\n"
++"...\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: pam_sss_gss.8.xml:180
+@@ -8208,6 +9108,12 @@ msgid ""
+ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+ "citerefentry> manual page."
+ msgstr ""
++"На этой справочной странице представлено описание настройки простого "
++"поставщика управления доступом для <citerefentry> <refentrytitle>sssd</"
++"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Подробные сведения "
++"о синтаксисе доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной "
++"страницы <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-simple.5.xml:38
+@@ -8215,11 +9121,14 @@ msgid ""
+ "The simple access provider grants or denies access based on an access or "
+ "deny list of user or group names. The following rules apply:"
+ msgstr ""
++"Простой поставщик доступа предоставляет или запрещает доступ на основании "
++"разрешающего или запрещающего списка имён пользователей или групп. "
++"Применяются следующие правила:"
+
+ #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+ #: sssd-simple.5.xml:43
+ msgid "If all lists are empty, access is granted"
+-msgstr ""
++msgstr "Если все списки пусты, доступ предоставляется"
+
+ #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+ #: sssd-simple.5.xml:47
+@@ -8227,6 +9136,9 @@ msgid ""
+ "If any list is provided, the order of evaluation is allow,deny. This means "
+ "that any matching deny rule will supersede any matched allow rule."
+ msgstr ""
++"Если предоставлен список, используется порядок вычисления «allow,deny». Это "
++"означает, что любое соответствующее заданным условиям правило запрета будет "
++"превалировать над любым соответствующим заданным условиям правилом допуска."
+
+ #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+ #: sssd-simple.5.xml:54
+@@ -8500,47 +9412,47 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:135
+ msgid "digitalSignature"
+-msgstr ""
++msgstr "digitalSignature"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:136
+ msgid "nonRepudiation"
+-msgstr ""
++msgstr "nonRepudiation"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:137
+ msgid "keyEncipherment"
+-msgstr ""
++msgstr "keyEncipherment"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:138
+ msgid "dataEncipherment"
+-msgstr ""
++msgstr "dataEncipherment"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:139
+ msgid "keyAgreement"
+-msgstr ""
++msgstr "keyAgreement"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:140
+ msgid "keyCertSign"
+-msgstr ""
++msgstr "keyCertSign"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:141
+ msgid "cRLSign"
+-msgstr ""
++msgstr "cRLSign"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:142
+ msgid "encipherOnly"
+-msgstr ""
++msgstr "encipherOnly"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:143
+ msgid "decipherOnly"
+-msgstr ""
++msgstr "decipherOnly"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:147
+@@ -8569,47 +9481,47 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:163
+ msgid "serverAuth"
+-msgstr ""
++msgstr "serverAuth"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:164
+ msgid "clientAuth"
+-msgstr ""
++msgstr "clientAuth"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:165
+ msgid "codeSigning"
+-msgstr ""
++msgstr "codeSigning"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:166
+ msgid "emailProtection"
+-msgstr ""
++msgstr "emailProtection"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:167
+ msgid "timeStamping"
+-msgstr ""
++msgstr "timeStamping"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:168
+ msgid "OCSPSigning"
+-msgstr ""
++msgstr "OCSPSigning"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:169
+ msgid "KPClientAuth"
+-msgstr ""
++msgstr "KPClientAuth"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:170
+ msgid "pkinit"
+-msgstr ""
++msgstr "pkinit"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sss-certmap.5.xml:171
+ msgid "msScLogin"
+-msgstr ""
++msgstr "msScLogin"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:175
+@@ -8898,7 +9810,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:393
+ msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+-msgstr ""
++msgstr "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:396
+@@ -8939,7 +9851,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:419
+ msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+-msgstr ""
++msgstr "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:422
+@@ -8959,7 +9871,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:445
+ msgid "{cert[!(bin|base64)]}"
+-msgstr ""
++msgstr "{cert[!(bin|base64)]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:448
+@@ -8979,7 +9891,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:461
+ msgid "{subject_principal[.short_name]}"
+-msgstr ""
++msgstr "{subject_principal[.short_name]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:464
+@@ -8999,7 +9911,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:475
+ msgid "{subject_pkinit_principal[.short_name]}"
+-msgstr ""
++msgstr "{subject_pkinit_principal[.short_name]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:478
+@@ -9019,7 +9931,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:489
+ msgid "{subject_nt_principal[.short_name]}"
+-msgstr ""
++msgstr "{subject_nt_principal[.short_name]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:492
+@@ -9039,7 +9951,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:503
+ msgid "{subject_rfc822_name[.short_name]}"
+-msgstr ""
++msgstr "{subject_rfc822_name[.short_name]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:506
+@@ -9059,7 +9971,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:517
+ msgid "{subject_dns_name[.short_name]}"
+-msgstr ""
++msgstr "{subject_dns_name[.short_name]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:520
+@@ -9078,7 +9990,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:531
+ msgid "{subject_uri}"
+-msgstr ""
++msgstr "{subject_uri}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:534
+@@ -9095,7 +10007,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:543
+ msgid "{subject_ip_address}"
+-msgstr ""
++msgstr "{subject_ip_address}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:546
+@@ -9112,7 +10024,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:555
+ msgid "{subject_x400_address}"
+-msgstr ""
++msgstr "{subject_x400_address}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:558
+@@ -9131,6 +10043,7 @@ msgstr ""
+ msgid ""
+ "{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+ msgstr ""
++"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:571
+@@ -9147,7 +10060,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:580
+ msgid "{subject_ediparty_name}"
+-msgstr ""
++msgstr "{subject_ediparty_name}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:583
+@@ -9164,7 +10077,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sss-certmap.5.xml:593
+ msgid "{subject_registered_id}"
+-msgstr ""
++msgstr "{subject_registered_id}"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sss-certmap.5.xml:596
+@@ -9191,7 +10104,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sss-certmap.5.xml:609
+ msgid "DOMAIN LIST"
+-msgstr ""
++msgstr "СПИСОК ДОМЕНОВ"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sss-certmap.5.xml:611
+@@ -9204,12 +10117,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+ msgid "sssd-ipa"
+-msgstr ""
++msgstr "sssd-ipa"
+
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: sssd-ipa.5.xml:17
+ msgid "SSSD IPA provider"
+-msgstr ""
++msgstr "Поставщик данных IPA SSSD"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:23
+@@ -9220,6 +10133,12 @@ msgid ""
+ "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+ "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+ msgstr ""
++"На этой справочной странице представлено описание настройки поставщика "
++"данных IPA для <citerefentry> <refentrytitle>sssd</refentrytitle> "
++"<manvolnum>8</manvolnum> </citerefentry>. Подробные сведения о синтаксисе "
++"доступны в разделе <quote>ФОРМАТ ФАЙЛА</quote> справочной страницы "
++"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
++"manvolnum> </citerefentry>."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:36
+@@ -9229,6 +10148,11 @@ msgid ""
+ "requires that the machine be joined to the IPA domain; configuration is "
+ "almost entirely self-discovered and obtained directly from the server."
+ msgstr ""
++"Поставщик данных IPA — это внутренний сервер, который используется для "
++"подключения к серверу IPA. (Сведения о серверах IPA доступны на веб-сайте "
++"freeipa.org.) Для работы этого поставщика требуется, чтобы компьютер был "
++"подключён к домену IPA; настройка почти полностью автоматизирована, "
++"получение её данных выполняется непосредственно с сервера."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:43
+@@ -9241,6 +10165,14 @@ msgid ""
+ "options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
+ "However, it is neither necessary nor recommended to set these options."
+ msgstr ""
++"Поставщик данных IPA позволяет SSSD использовать поставщика данных "
++"идентификации <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry> и поставщика данных проверки "
++"подлинности <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry> с оптимизацией для сред IPA. "
++"Поставщик данных IPA принимает те же параметры, которые используются "
++"поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми исключениями. Но "
++"установка этих параметров не является ни необходимой, ни рекомендуемой."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:57
+@@ -9249,6 +10181,9 @@ msgid ""
+ "default options with some exceptions, the differences are listed in the "
+ "<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+ msgstr ""
++"Поставщик данных IPA в основном копирует стандартные параметры традиционных "
++"поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий "
++"доступен в разделе <quote>ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:62
+@@ -9257,6 +10192,10 @@ msgid ""
+ "control) rules. Please refer to freeipa.org for more information about "
+ "HBAC. No configuration of access provider is required on the client side."
+ msgstr ""
++"Как поставщик доступа, поставщик данных IPA использует правила HBAC ("
++"управление доступом на основе узлов). Более подробные сведения о HBAC "
++"доступны на веб-сайте freeipa.org. Настройка поставщика доступа на стороне "
++"клиента не требуется."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ipa.5.xml:67
+@@ -9273,6 +10212,10 @@ msgid ""
+ "from trusted realms contain a PAC. To make configuration easier the PAC "
+ "responder is started automatically if the IPA ID provider is configured."
+ msgstr ""
++"Поставщик данных IPA будет использовать ответчик PAC, если билеты Kerberos "
++"пользователей из доверенных областей содержат PAC. Для упрощения настройки "
++"запуск ответчика PAC выполняется автоматически, если настроен поставщик "
++"идентификаторов IPA."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:89
+@@ -9368,7 +10311,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:171
+ msgid "Default: 1200 (seconds)"
+-msgstr ""
++msgstr "По умолчанию: 1200 (секунд)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:177 sssd-ad.5.xml:1197
+@@ -9420,7 +10363,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:212 sssd-ad.5.xml:1271
+ msgid "Default: GSS-TSIG"
+-msgstr ""
++msgstr "По умолчанию: GSS-TSIG"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:218 sssd-ad.5.xml:1277
+@@ -9438,7 +10381,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:227 sssd-ad.5.xml:1286
+ msgid "Default: Same as dyndns_auth"
+-msgstr ""
++msgstr "По умолчанию: то же, что и dyndns_auth"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:233
+@@ -9497,7 +10440,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:289
+ msgid "Default: False (disabled)"
+-msgstr ""
++msgstr "По умолчанию: false (отключено)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:295 sssd-ad.5.xml:1249
+@@ -9514,7 +10457,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:302 sssd-ad.5.xml:1256
+ msgid "Default: False (let nsupdate choose the protocol)"
+-msgstr ""
++msgstr "По умолчанию: false (разрешить nsupdate выбрать протокол)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:308 sssd-ad.5.xml:1292
+@@ -9545,7 +10488,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:326 sssd-ad.5.xml:1310
+ msgid "Default: None (let nsupdate choose the server)"
+-msgstr ""
++msgstr "По умолчанию: none (разрешить nsupdate выбрать сервер)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:332 sssd-ad.5.xml:1316
+@@ -9577,7 +10520,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:354 sssd-ipa.5.xml:367
+ msgid "Default: Use base DN"
+-msgstr ""
++msgstr "По умолчанию: использовать base DN"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:360
+@@ -9599,7 +10542,7 @@ msgstr "ipa_host_search_base (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:376
+ msgid "Deprecated. Use ldap_host_search_base instead."
+-msgstr ""
++msgstr "Не рекомендуется. Используйте ldap_host_search_base."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:382
+@@ -9628,7 +10571,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:413
+ msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+-msgstr ""
++msgstr "По умолчанию: значение <emphasis>cn=trusts,%basedn</emphasis>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:420
+@@ -9645,7 +10588,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:432
+ msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+-msgstr ""
++msgstr "По умолчанию: значение <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:439
+@@ -9663,6 +10606,7 @@ msgstr ""
+ #: sssd-ipa.5.xml:451
+ msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+ msgstr ""
++"По умолчанию: значение <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:461
+@@ -9702,6 +10646,7 @@ msgstr ""
+ msgid ""
+ "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
+ msgstr ""
++"По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:491
+@@ -9719,7 +10664,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:501 sssd-ipa.5.xml:531 sssd-ipa.5.xml:547 sssd-ad.5.xml:576
+ msgid "Default: 5 (seconds)"
+-msgstr ""
++msgstr "По умолчанию: 5 (секунд)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:507
+@@ -9736,7 +10681,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:515
+ msgid "Default: 60 (minutes)"
+-msgstr ""
++msgstr "По умолчанию: 60 (минут)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:521
+@@ -9818,7 +10763,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:601
+ msgid "Default: The location named \"default\""
+-msgstr ""
++msgstr "По умолчанию: расположение с именем «default»"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd-ipa.5.xml:609
+@@ -9838,7 +10783,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:624
+ msgid "Default: nsContainer"
+-msgstr ""
++msgstr "По умолчанию: nsContainer"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:630
+@@ -9856,7 +10801,7 @@ msgstr ""
+ #: sssd-ldap-attributes.5.xml:991 sssd-ldap-attributes.5.xml:1049
+ #: sssd-ldap-attributes.5.xml:1207 sssd-ldap-attributes.5.xml:1252
+ msgid "Default: cn"
+-msgstr ""
++msgstr "По умолчанию: cn"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:643
+@@ -9871,7 +10816,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:649
+ msgid "Default: ipaOverrideAnchor"
+-msgstr ""
++msgstr "По умолчанию: ipaOverrideAnchor"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:655
+@@ -9888,7 +10833,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:662
+ msgid "Default: ipaAnchorUUID"
+-msgstr ""
++msgstr "По умолчанию: ipaAnchorUUID"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:668
+@@ -9910,42 +10855,42 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:679
+ msgid "ldap_user_name"
+-msgstr ""
++msgstr "ldap_user_name"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:682
+ msgid "ldap_user_uid_number"
+-msgstr ""
++msgstr "ldap_user_uid_number"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:685
+ msgid "ldap_user_gid_number"
+-msgstr ""
++msgstr "ldap_user_gid_number"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:688
+ msgid "ldap_user_gecos"
+-msgstr ""
++msgstr "ldap_user_gecos"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:691
+ msgid "ldap_user_home_directory"
+-msgstr ""
++msgstr "ldap_user_home_directory"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:694
+ msgid "ldap_user_shell"
+-msgstr ""
++msgstr "ldap_user_shell"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:697
+ msgid "ldap_user_ssh_public_key"
+-msgstr ""
++msgstr "ldap_user_ssh_public_key"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:702
+ msgid "Default: ipaUserOverride"
+-msgstr ""
++msgstr "По умолчанию: ipaUserOverride"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: sssd-ipa.5.xml:708
+@@ -9967,17 +10912,17 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:719
+ msgid "ldap_group_name"
+-msgstr ""
++msgstr "ldap_group_name"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:722
+ msgid "ldap_group_gid_number"
+-msgstr ""
++msgstr "ldap_group_gid_number"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ipa.5.xml:727
+ msgid "Default: ipaGroupOverride"
+-msgstr ""
++msgstr "По умолчанию: ipaGroupOverride"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd-ipa.5.xml:611
+@@ -10061,54 +11006,56 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd-ipa.5.xml:787
+ msgid "OPTIONS TUNABLE ON IPA MASTERS"
+-msgstr ""
++msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА ОСНОВНЫХ СЕРВЕРАХ IPA"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd-ipa.5.xml:789
+ msgid ""
+ "The following options can be set in a subdomain section on an IPA master:"
+ msgstr ""
++"В разделе поддомена на основном сервере IPA можно настроить следующие "
++"параметры:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:793 sssd-ipa.5.xml:823
+ msgid "ad_server"
+-msgstr ""
++msgstr "ad_server"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:796
+ msgid "ad_backup_server"
+-msgstr ""
++msgstr "ad_backup_server"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:799 sssd-ipa.5.xml:826
+ msgid "ad_site"
+-msgstr ""
++msgstr "ad_site"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:802
+ msgid "ldap_search_base"
+-msgstr ""
++msgstr "ldap_search_base"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:805
+ msgid "ldap_user_search_base"
+-msgstr ""
++msgstr "ldap_user_search_base"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+ #: sssd-ipa.5.xml:808
+ msgid "ldap_group_search_base"
+-msgstr ""
++msgstr "ldap_group_search_base"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sssd-ipa.5.xml:817
+ msgid "OPTIONS TUNABLE ON IPA CLIENTS"
+-msgstr ""
++msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА КЛИЕНТАХ IPA"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd-ipa.5.xml:819
+ msgid ""
+ "The following options can be set in a subdomain section on an IPA client:"
+-msgstr ""
++msgstr "В разделе поддомена на клиенте IPA можно настроить следующие параметры:"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sssd-ipa.5.xml:831
+@@ -10152,12 +11099,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sssd-ad.5.xml:10 sssd-ad.5.xml:16
+ msgid "sssd-ad"
+-msgstr ""
++msgstr "sssd-ad"
+
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: sssd-ad.5.xml:17
+ msgid "SSSD Active Directory provider"
+-msgstr ""
++msgstr "Поставщик Active Directory SSSD"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ad.5.xml:23
+@@ -10207,6 +11154,15 @@ msgid ""
+ "exceptions. However, it is neither necessary nor recommended to set these "
+ "options."
+ msgstr ""
++"Поставщик данных AD позволяет SSSD использовать поставщика данных "
++"идентификации <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry> и поставщика данных проверки "
++"подлинности <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
++"<manvolnum>5</manvolnum> </citerefentry> с оптимизацией для сред Active "
++"Directory. Поставщик данных AD принимает те же параметры, которые "
++"используются поставщиками sssd-ldap и sssd-krb5 providers, за некоторыми "
++"исключениями. Но установка этих параметров не является ни необходимой, ни "
++"рекомендуемой."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ad.5.xml:69
+@@ -10215,6 +11171,9 @@ msgid ""
+ "default options with some exceptions, the differences are listed in the "
+ "<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+ msgstr ""
++"Поставщик данных AD в основном копирует стандартные параметры традиционных "
++"поставщиков данных ldap и krb5, за некоторыми исключениями. Список различий "
++"доступен в разделе <quote>ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ad.5.xml:74
+@@ -10618,12 +11577,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:458
+ msgid "Default: permissive"
+-msgstr ""
++msgstr "По умолчанию: permissive"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:461
+ msgid "Default: enforcing"
+-msgstr ""
++msgstr "По умолчанию: enforcing"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:467
+@@ -10657,59 +11616,62 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+ #: sssd-ad.5.xml:499 sssd-ad.5.xml:525
+ msgid "allow-rules"
+-msgstr ""
++msgstr "правила разрешения"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+ #: sssd-ad.5.xml:499 sssd-ad.5.xml:525
+ msgid "deny-rules"
+-msgstr ""
++msgstr "правила запрета"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+ #: sssd-ad.5.xml:500 sssd-ad.5.xml:526
+ msgid "results"
+-msgstr ""
++msgstr "результат"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
+ #: sssd-ad.5.xml:503 sssd-ad.5.xml:506 sssd-ad.5.xml:509 sssd-ad.5.xml:529
+ #: sssd-ad.5.xml:532 sssd-ad.5.xml:535
+ msgid "missing"
+-msgstr ""
++msgstr "отсутствуют"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+ #: sssd-ad.5.xml:504
+ msgid "all users are allowed"
+-msgstr ""
++msgstr "доступ разрешён всем пользователям"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
+ #: sssd-ad.5.xml:506 sssd-ad.5.xml:509 sssd-ad.5.xml:512 sssd-ad.5.xml:532
+ #: sssd-ad.5.xml:535 sssd-ad.5.xml:538
+ msgid "present"
+-msgstr ""
++msgstr "присутствуют"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+ #: sssd-ad.5.xml:507
+ msgid "only users not in deny-rules are allowed"
+-msgstr ""
++msgstr "доступ разрешён только пользователям, отсутствующим в правилах запрета"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+ #: sssd-ad.5.xml:510 sssd-ad.5.xml:536
+ msgid "only users in allow-rules are allowed"
+ msgstr ""
++"доступ разрешён только пользователям, присутствующим в правилах разрешения"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+ #: sssd-ad.5.xml:513 sssd-ad.5.xml:539
+ msgid "only users in allow-rules and not in deny-rules are allowed"
+ msgstr ""
++"доступ разрешён только пользователям, присутствующим в правилах разрешения и "
++"отсутствующим в правилах запрета"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+ #: sssd-ad.5.xml:524
+ msgid "ad_gpo_implicit_deny = True"
+-msgstr ""
++msgstr "ad_gpo_implicit_deny = True"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+ #: sssd-ad.5.xml:530 sssd-ad.5.xml:533
+ msgid "no users are allowed"
+-msgstr ""
++msgstr "доступ запрещён всем пользователям"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:546
+@@ -10790,32 +11752,32 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:640
+ msgid "gdm-fingerprint"
+-msgstr ""
++msgstr "gdm-fingerprint"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:660
+ msgid "lightdm"
+-msgstr ""
++msgstr "lightdm"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:665
+ msgid "lxdm"
+-msgstr ""
++msgstr "lxdm"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:670
+ msgid "sddm"
+-msgstr ""
++msgstr "sddm"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:675
+ msgid "unity"
+-msgstr ""
++msgstr "unity"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:680
+ msgid "xdm"
+-msgstr ""
++msgstr "xdm"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:689
+@@ -11128,12 +12090,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:998
+ msgid "interactive"
+-msgstr ""
++msgstr "interactive"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:1003
+ msgid "remote_interactive"
+-msgstr ""
++msgstr "remote_interactive"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:1008
+@@ -11153,7 +12115,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:1023
+ msgid "permit"
+-msgstr ""
++msgstr "permit"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+ #: sssd-ad.5.xml:1028
+@@ -11163,7 +12125,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:1034
+ msgid "Default: deny"
+-msgstr ""
++msgstr "По умолчанию: deny"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:1040
+@@ -11181,7 +12143,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:1049
+ msgid "Default: 30 days"
+-msgstr ""
++msgstr "По умолчанию: 30 дней"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:1055
+@@ -11201,7 +12163,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:1067
+ msgid "Default: 86400:750 (24h and 15m)"
+-msgstr ""
++msgstr "По умолчанию: 86400:750 (24 часа и 15 минут)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ad.5.xml:1073
+@@ -11290,7 +12252,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:1191
+ msgid "Default: 3600 (seconds)"
+-msgstr ""
++msgstr "По умолчанию: 3600 (секунд)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ad.5.xml:1207
+@@ -11655,6 +12617,8 @@ msgid ""
+ "<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+ "replaceable> </arg>"
+ msgstr ""
++"<command>sssd</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd.8.xml:31
+@@ -11742,6 +12706,8 @@ msgstr ""
+ msgid ""
+ "Default: not set (fall back to journald if available, otherwise to stderr)"
+ msgstr ""
++"По умолчанию: не задано (использовать journald, если это возможно, в ином "
++"случае — stderr)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.8.xml:113
+@@ -11821,7 +12787,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd.8.xml:193
+ msgid "SIGTERM/SIGINT"
+-msgstr ""
++msgstr "SIGTERM/SIGINT"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd.8.xml:196
+@@ -11894,6 +12860,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+ "replaceable></arg>"
+ msgstr ""
++"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>[ПАРОЛЬ]</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_obfuscate.8.xml:32
+@@ -11964,7 +12933,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sss_obfuscate.8.xml:95
+ msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+-msgstr ""
++msgstr "По умолчанию: <filename>/etc/sssd/sssd.conf</filename>"
+
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sss_override.8.xml:10 sss_override.8.xml:15
+@@ -11983,6 +12952,9 @@ msgid ""
+ "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+ "arg>"
+ msgstr ""
++"<command>sss_override</command> <arg "
++"choice='plain'><replaceable>КОМАНДА</replaceable></arg> <arg choice='opt'> "
++"<replaceable>параметры</replaceable> </arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_override.8.xml:32
+@@ -12230,7 +13202,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sss_override.8.xml:267 sssctl.8.xml:50
+ msgid "COMMON OPTIONS"
+-msgstr ""
++msgstr "ОБЩИЕ ПАРАМЕТРЫ"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_override.8.xml:269 sssctl.8.xml:52
+@@ -12259,6 +13231,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_useradd</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ИМЯ_УЧЁТНОЙ_ЗАПИСИ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_useradd.8.xml:32
+@@ -12469,6 +13444,13 @@ msgid ""
+ "discovery is enabled; for more information, refer to the <quote>SERVICE "
+ "DISCOVERY</quote> section."
+ msgstr ""
++"Разделённый запятыми список IP-адресов или названий узлов серверов Kerberos, "
++"к которым SSSD следует подключаться в порядке приоритета. Дополнительные "
++"сведения об отработке отказа и избыточности сервера доступны в разделе "
++"<quote>ОТРАБОТКА ОТКАЗА</quote>. После адресов или имён узлов можно "
++"(необязательно) добавить номер порта (предварив его двоеточием). Если у "
++"параметра пустое значение, будет включено обнаружение служб — дополнительные "
++"сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:106
+@@ -12502,7 +13484,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:129
+ msgid "Default: Use the KDC"
+-msgstr ""
++msgstr "По умолчанию: использовать KDC"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:135
+@@ -12520,7 +13502,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:145
+ msgid "Default: /tmp"
+-msgstr ""
++msgstr "По умолчанию: /tmp"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:151
+@@ -12530,7 +13512,7 @@ msgstr "krb5_ccname_template (строка)"
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:165 include/override_homedir.xml:11
+ msgid "%u"
+-msgstr ""
++msgstr "%u"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:166 include/override_homedir.xml:12
+@@ -12540,7 +13522,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:169 include/override_homedir.xml:15
+ msgid "%U"
+-msgstr ""
++msgstr "%U"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:170
+@@ -12550,7 +13532,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:173
+ msgid "%p"
+-msgstr ""
++msgstr "%p"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:174
+@@ -12560,7 +13542,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:178
+ msgid "%r"
+-msgstr ""
++msgstr "%r"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:179
+@@ -12570,7 +13552,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:182
+ msgid "%h"
+-msgstr ""
++msgstr "%h"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
+@@ -12580,7 +13562,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:187 include/override_homedir.xml:19
+ msgid "%d"
+-msgstr ""
++msgstr "%d"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:188
+@@ -12590,7 +13572,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:193 include/override_homedir.xml:31
+ msgid "%P"
+-msgstr ""
++msgstr "%P"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:194
+@@ -12600,12 +13582,12 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:199 include/override_homedir.xml:49
+ msgid "%%"
+-msgstr ""
++msgstr "%%"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:200 include/override_homedir.xml:50
+ msgid "a literal '%'"
+-msgstr ""
++msgstr "литерал «%»"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:154
+@@ -12619,6 +13601,14 @@ msgid ""
+ "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
+ "filename in a safe way."
+ msgstr ""
++"Расположение кэша учётных данных пользователя. В настоящее время "
++"поддерживаются три типа кэша учётных данных: <quote>FILE</quote>, "
++"<quote>DIR</quote> и <quote>KEYRING:persistent</quote>. Кэш можно указать "
++"либо как <replaceable>TYPE:RESIDUAL</replaceable>, либо как абсолютный путь, "
++"что предполагает тип <quote>FILE</quote>. В шаблоне заменяются следующие "
++"последовательности: <placeholder type=\"variablelist\" id=\"0\"/> Если "
++"шаблон заканчивается на «XXXXXX», для безопасного создания уникального имени "
++"файла используется mkstemp(3)."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:208
+@@ -12650,7 +13640,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:234
+ msgid "Default: (from libkrb5)"
+-msgstr ""
++msgstr "По умолчанию: (из libkrb5)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:240
+@@ -12779,7 +13769,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:376
+ msgid "Default: 3:1"
+-msgstr ""
++msgstr "По умолчанию: 3:1"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-krb5.5.xml:382
+@@ -12796,7 +13786,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:391
+ msgid "Default: false (AD provider: true)"
+-msgstr ""
++msgstr "По умолчанию: false (поставщик данных AD: true)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-krb5.5.xml:394
+@@ -12900,6 +13890,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ГРУППА</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_groupadd.8.xml:32
+@@ -12939,6 +13932,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ИМЯ_УЧЁТНОЙ_ЗАПИСИ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_userdel.8.xml:32
+@@ -13010,6 +14006,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ГРУППА</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_groupdel.8.xml:32
+@@ -13035,6 +14034,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ГРУППА</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_groupshow.8.xml:32
+@@ -13074,6 +14076,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_usermod</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>ИМЯ_УЧЁТНОЙ_ЗАПИСИ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_usermod.8.xml:32
+@@ -13117,6 +14122,8 @@ msgstr ""
+ #: sss_usermod.8.xml:107
+ msgid "Lock the user account. The user won't be able to log in."
+ msgstr ""
++"Заблокировать учётную запись пользователя. Пользователь не сможет выполнить "
++"вход."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sss_usermod.8.xml:114
+@@ -13126,7 +14133,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sss_usermod.8.xml:118
+ msgid "Unlock the user account."
+-msgstr ""
++msgstr "Разблокировать учётную запись пользователя."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sss_usermod.8.xml:129
+@@ -13168,12 +14175,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sss_cache.8.xml:10 sss_cache.8.xml:15
+ msgid "sss_cache"
+-msgstr ""
++msgstr "sss_cache"
+
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: sss_cache.8.xml:16
+ msgid "perform cache cleanup"
+-msgstr ""
++msgstr "выполнить очистку кэша"
+
+ #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+ #: sss_cache.8.xml:21
+@@ -13181,6 +14188,8 @@ msgid ""
+ "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+ "replaceable> </arg>"
+ msgstr ""
++"<command>sss_cache</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_cache.8.xml:31
+@@ -13190,6 +14199,11 @@ msgid ""
+ "backend is online. Options that invalidate a single object only accept a "
+ "single provided argument."
+ msgstr ""
++"<command>sss_cache</command> объявляет недействительными записи в кэше "
++"SSSD. Объявленные недействительными записи принудительно повторно "
++"загружаются с сервера, как только соответствующий внутренний сервер SSSD "
++"появляется в сети. Параметры, объявляющие недействительность одного объекта, "
++"принимают только один предоставленный аргумент."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sss_cache.8.xml:43
+@@ -13434,7 +14448,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: sss_debuglevel.8.xml:16
+ msgid "[DEPRECATED] change debug level while SSSD is running"
+-msgstr ""
++msgstr "[НЕ РЕКОМЕНДУЕТСЯ] изменить уровень отладки во время работы SSSD"
+
+ #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+ #: sss_debuglevel.8.xml:21
+@@ -13443,6 +14457,9 @@ msgid ""
+ "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+ "replaceable></arg>"
+ msgstr ""
++"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg "
++"choice='plain'><replaceable>НОВЫЙ_УРОВЕНЬ_ОТЛАДКИ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_debuglevel.8.xml:32
+@@ -13451,6 +14468,9 @@ msgid ""
+ "debug-level command. Please refer to the <command>sssctl</command> man page "
+ "for more information on sssctl usage."
+ msgstr ""
++"<command>sss_debuglevel</command> устарела и заменена командой debug-level "
++"sssctl. Дополнительные сведения об использовании sssctl доступны на man-"
++"странице <command>sssctl</command>."
+
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sss_seed.8.xml:10 sss_seed.8.xml:15
+@@ -13470,6 +14490,9 @@ msgid ""
+ "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+ "arg>"
+ msgstr ""
++"<command>sss_seed</command> <arg choice='opt'> <replaceable>параметры</"
++"replaceable> </arg> <arg choice='plain'>-D <replaceable>ДОМЕН</replaceable></"
++"arg> <arg choice='plain'>-n <replaceable>ПОЛЬЗОВАТЕЛЬ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_seed.8.xml:33
+@@ -13563,12 +14586,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+ msgid "sssd-ifp"
+-msgstr ""
++msgstr "sssd-ifp"
+
+ #. type: Content of: <reference><refentry><refnamediv><refpurpose>
+ #: sssd-ifp.5.xml:17
+ msgid "SSSD InfoPipe responder"
+-msgstr ""
++msgstr "Ответчик InfoPipe SSSD"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-ifp.5.xml:23
+@@ -13600,12 +14623,17 @@ msgid ""
+ "allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+ "startup."
+ msgstr ""
++"Разделённый запятыми список значений UID или имён пользователей, которым "
++"разрешён доступ к ответчику InfoPipe. Имена пользователей разрешаются в UID "
++"при запуске."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:59
+ msgid ""
+ "Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+ msgstr ""
++"По умолчанию: 0 (доступ к ответчику InfoPipe разрешён только пользователю "
++"root)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:63
+@@ -13620,61 +14648,62 @@ msgstr ""
+ #: sssd-ifp.5.xml:77
+ msgid "Specifies the comma-separated list of white or blacklisted attributes."
+ msgstr ""
++"Разделённый запятыми список атрибутов из «белого» или «чёрного» списков."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:91
+ msgid "name"
+-msgstr ""
++msgstr "name"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:92
+ msgid "user's login name"
+-msgstr ""
++msgstr "имя пользователя для входа"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:95
+ msgid "uidNumber"
+-msgstr ""
++msgstr "uidNumber"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:96
+ msgid "user ID"
+-msgstr ""
++msgstr "идентификатор пользователя"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:99
+ msgid "gidNumber"
+-msgstr ""
++msgstr "gidNumber"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:100
+ msgid "primary group ID"
+-msgstr ""
++msgstr "идентификатор основной группы"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:103
+ msgid "gecos"
+-msgstr ""
++msgstr "gecos"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:104
+ msgid "user information, typically full name"
+-msgstr ""
++msgstr "данные о пользователи, обычно полное имя"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:107
+ msgid "homeDirectory"
+-msgstr ""
++msgstr "homeDirectory"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: sssd-ifp.5.xml:111
+ msgid "loginShell"
+-msgstr ""
++msgstr "loginShell"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:112
+ msgid "user shell"
+-msgstr ""
++msgstr "оболочка пользователя"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:81
+@@ -13708,6 +14737,7 @@ msgstr ""
+ #: sssd-ifp.5.xml:129
+ msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+ msgstr ""
++"По умолчанию: не задано. Разрешён только стандартный набор атрибутов POSIX."
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-ifp.5.xml:139
+@@ -13720,6 +14750,7 @@ msgstr ""
+ #: sssd-ifp.5.xml:144
+ msgid "Default: 0 (let the caller set an upper limit)"
+ msgstr ""
++"По умолчанию: 0 (разрешить вызывающей стороне установить верхнее ограничение)"
+
+ #. type: Content of: <reference><refentry><refentryinfo>
+ #: sss_rpcidmapd.5.xml:8
+@@ -13731,6 +14762,12 @@ msgid ""
+ "<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+ "author>"
+ msgstr ""
++"<productname>Модуль SSS rpc.idmapd</productname> <author> <firstname>Noam</"
++"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
++"Inc.</orgname> </affiliation> <contrib>Разработчик (2013—2014)</contrib> </"
++"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
++"<contrib>Разработчик (2014—)</contrib> <email>tsnoam@gmail.com</email> "
++"</author>"
+
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
+@@ -13763,7 +14800,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><refsect2><title>
+ #: sss_rpcidmapd.5.xml:51
+ msgid "Enable SSS plugin"
+-msgstr ""
++msgstr "Включить модуль SSS"
+
+ #. type: Content of: <reference><refentry><refsect1><refsect2><para>
+ #: sss_rpcidmapd.5.xml:53
+@@ -13811,6 +14848,8 @@ msgid ""
+ "The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
+ "in sssd."
+ msgstr ""
++"Для работы модуля SSS необходимо включить в SSSD <emphasis>ответчик "
++"NSS</emphasis>."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_rpcidmapd.5.xml:91
+@@ -13880,6 +14919,9 @@ msgid ""
+ "<replaceable>options</replaceable> </arg> <arg "
+ "choice='plain'><replaceable>USER</replaceable></arg>"
+ msgstr ""
++"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
++"<replaceable>параметры</replaceable> </arg> <arg "
++"choice='plain'><replaceable>ПОЛЬЗОВАТЕЛЬ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_ssh_authorizedkeys.1.xml:32
+@@ -14036,6 +15078,10 @@ msgid ""
+ "choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+ "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+ msgstr ""
++"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
++"<replaceable>параметры</replaceable> </arg> <arg "
++"choice='plain'><replaceable>УЗЕЛ</replaceable></arg> <arg "
++"choice='opt'><replaceable>КОМАНДА_ПРОКСИ</replaceable></arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_ssh_knownhostsproxy.1.xml:33
+@@ -14123,7 +15169,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: idmap_sss.8.xml:29
+ msgid "IDMAP OPTIONS"
+-msgstr ""
++msgstr "ПАРАМЕТРЫ IDMAP"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: idmap_sss.8.xml:33
+@@ -14158,6 +15204,17 @@ msgid ""
+ "idmap config * : range = 100000-199999\n"
+ " "
+ msgstr ""
++"[global]\n"
++"security = ads\n"
++"workgroup = <AD-DOMAIN-SHORTNAME>\n"
++"\n"
++"idmap config <AD-DOMAIN-SHORTNAME> : backend = sss\n"
++"idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-"
++"2147483647\n"
++"\n"
++"idmap config * : backend = tdb\n"
++"idmap config * : range = 100000-199999\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: idmap_sss.8.xml:62
+@@ -14192,6 +15249,9 @@ msgid ""
+ "replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+ "arg>"
+ msgstr ""
++"<command>sssctl</command> <arg "
++"choice='plain'><replaceable>КОМАНДА</replaceable></arg> <arg choice='opt'> "
++"<replaceable>параметры</replaceable> </arg>"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssctl.8.xml:32
+@@ -14290,7 +15350,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-files.5.xml:105
+ msgid "Default: /etc/passwd"
+-msgstr ""
++msgstr "По умолчанию: /etc/passwd"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-files.5.xml:111
+@@ -14308,14 +15368,12 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-files.5.xml:120
+ msgid "Default: /etc/group"
+-msgstr ""
++msgstr "Default: /etc/group"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-files.5.xml:126
+-#, fuzzy
+-#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+ msgid "fallback_to_nss (boolean)"
+-msgstr "ldap_rfc2307_fallback_to_local_users (логическое значение)"
++msgstr "fallback_to_nss (логическое значение)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-files.5.xml:129
+@@ -14591,7 +15649,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-secrets.5.xml:199
+ msgid "Default: 4"
+-msgstr ""
++msgstr "По умолчанию: 4"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-secrets.5.xml:204
+@@ -14608,7 +15666,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-secrets.5.xml:211
+ msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
+-msgstr ""
++msgstr "По умолчанию: 1024 (куст секретов), 256 (куст kcm)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-secrets.5.xml:216
+@@ -14625,7 +15683,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-secrets.5.xml:223
+ msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+-msgstr ""
++msgstr "По умолчанию: 256 (куст секретов), 64 (куст kcm)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-secrets.5.xml:228
+@@ -14642,7 +15700,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-secrets.5.xml:235
+ msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+-msgstr ""
++msgstr "По умолчанию: 16 (куст секретов), 65536 (64 МиБ) (куст kcm)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><programlisting>
+ #: sssd-secrets.5.xml:244
+@@ -15360,7 +16418,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-kcm.8.xml:133
+ msgid "OBTAINING DEBUG LOGS"
+-msgstr ""
++msgstr "ПОЛУЧЕНИЕ ЖУРНАЛА ОТЛАДКИ"
+
+ #. type: Content of: <reference><refentry><refsect1><para><programlisting>
+ #: sssd-kcm.8.xml:144
+@@ -15402,11 +16460,14 @@ msgid ""
+ "if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> "
+ "exists at all."
+ msgstr ""
++"Обратите внимание, что в настоящее время фрагменты конфигурации "
++"обрабатываются только в том случае, если основной файл конфигурации по пути "
++"<filename>/etc/sssd/sssd.conf</filename> существует."
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-kcm.8.xml:166
+ msgid "RENEWALS"
+-msgstr ""
++msgstr "ОБНОВЛЕНИЯ"
+
+ #. type: Content of: <reference><refentry><refsect1><para><programlisting>
+ #: sssd-kcm.8.xml:174
+@@ -15416,6 +16477,9 @@ msgid ""
+ "krb5_renew_interval = 60m\n"
+ " "
+ msgstr ""
++"tgt_renewal = true\n"
++"krb5_renew_interval = 60m\n"
++" "
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-kcm.8.xml:168
+@@ -15506,6 +16570,7 @@ msgstr ""
+ #: sssd-kcm.8.xml:240
+ msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
+ msgstr ""
++"По умолчанию: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-kcm.8.xml:243
+@@ -15529,6 +16594,8 @@ msgstr ""
+ #: sssd-kcm.8.xml:259
+ msgid "Default: 0 (unlimited, only the per-UID quota is enforced)"
+ msgstr ""
++"По умолчанию: 0 (без ограничений, принудительно применяется только квота для "
++"отдельного UID)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-kcm.8.xml:264
+@@ -15545,7 +16612,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-kcm.8.xml:272
+ msgid "Default: 64"
+-msgstr ""
++msgstr "По умолчанию: 64"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-kcm.8.xml:277
+@@ -15562,7 +16629,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-kcm.8.xml:284
+ msgid "Default: 65536"
+-msgstr ""
++msgstr "По умолчанию: 65536"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-kcm.8.xml:289
+@@ -15577,7 +16644,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+ #: sssd-kcm.8.xml:295
+ msgid "Default: False (Automatic renewals disabled)"
+-msgstr ""
++msgstr "По умолчанию: False (автоматические обновления отключены)"
+
+ #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+ #: sssd-kcm.8.xml:300
+@@ -16177,7 +17244,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:61
+ msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+-msgstr ""
++msgstr "По умолчанию: uid (rfc2307, rfc2307bis и IPA), sAMAccountName (AD)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:68
+@@ -16192,7 +17259,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:75
+ msgid "Default: uidNumber"
+-msgstr ""
++msgstr "По умолчанию: uidNumber"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:81
+@@ -16203,11 +17270,12 @@ msgstr "ldap_user_gid_number (строка)"
+ #: sssd-ldap-attributes.5.xml:84
+ msgid "The LDAP attribute that corresponds to the user's primary group id."
+ msgstr ""
++"Атрибут LDAP, соответствующий идентификатору основной группы пользователя."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:681
+ msgid "Default: gidNumber"
+-msgstr ""
++msgstr "По умолчанию: gidNumber"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:94
+@@ -16221,6 +17289,9 @@ msgid ""
+ "attribute should only be set manually if you are running the <quote>ldap</"
+ "quote> provider with ID mapping."
+ msgstr ""
++"Атрибут основной группы Active Directory для сопоставления ID. Обратите "
++"внимание, что этот атрибут следует устанавливать только вручную, если "
++"запущен поставщик <quote>ldap</quote> с сопоставлением ID."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:103
+@@ -16255,7 +17326,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:129
+ msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)"
+-msgstr ""
++msgstr "По умолчанию: homeDirectory (LDAP и IPA), unixHomeDirectory (AD)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:135
+@@ -16305,6 +17376,7 @@ msgstr ""
+ #: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:722
+ msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+ msgstr ""
++"По умолчанию: objectSid для ActiveDirectory, не задано для других серверов."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:177
+@@ -16342,7 +17414,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:203
+ msgid "Default: shadowLastChange"
+-msgstr ""
++msgstr "По умолчанию: shadowLastChange"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:209
+@@ -16361,7 +17433,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:221
+ msgid "Default: shadowMin"
+-msgstr ""
++msgstr "По умолчанию: shadowMin"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:227
+@@ -16380,7 +17452,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:239
+ msgid "Default: shadowMax"
+-msgstr ""
++msgstr "По умолчанию: shadowMax"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:245
+@@ -16455,7 +17527,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:311
+ msgid "Default: krbLastPwdChange"
+-msgstr ""
++msgstr "По умолчанию: krbLastPwdChange"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:317
+@@ -16472,7 +17544,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:326
+ msgid "Default: krbPasswordExpiration"
+-msgstr ""
++msgstr "По умолчанию: krbPasswordExpiration"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:332
+@@ -16489,7 +17561,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:340
+ msgid "Default: accountExpires"
+-msgstr ""
++msgstr "По умолчанию: accountExpires"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:346
+@@ -16506,7 +17578,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:354
+ msgid "Default: userAccountControl"
+-msgstr ""
++msgstr "По умолчанию: userAccountControl"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:360
+@@ -16523,7 +17595,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:368
+ msgid "Default: nsAccountLock"
+-msgstr ""
++msgstr "По умолчанию: nsAccountLock"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:374
+@@ -16540,7 +17612,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395
+ msgid "Default: loginDisabled"
+-msgstr ""
++msgstr "По умолчанию: loginDisabled"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:387
+@@ -16569,7 +17641,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:409
+ msgid "Default: loginAllowedTimeMap"
+-msgstr ""
++msgstr "По умолчанию: loginAllowedTimeMap"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:415
+@@ -16586,7 +17658,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:422
+ msgid "Default: krbPrincipalName"
+-msgstr ""
++msgstr "По умолчанию: krbPrincipalName"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:428
+@@ -16655,7 +17727,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:946
+ msgid "Default: sshPublicKey"
+-msgstr ""
++msgstr "По умолчанию: sshPublicKey"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:489
+@@ -16680,7 +17752,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:933
+ msgid "Default: memberOf"
+-msgstr ""
++msgstr "По умолчанию: memberOf"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:515
+@@ -16722,7 +17794,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:545
+ msgid "Default: authorizedService"
+-msgstr ""
++msgstr "По умолчанию: authorizedService"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:551
+@@ -16755,7 +17827,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:572
+ msgid "Default: host"
+-msgstr ""
++msgstr "По умолчанию: host"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:578
+@@ -16788,7 +17860,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:600
+ msgid "Default: rhost"
+-msgstr ""
++msgstr "По умолчанию: rhost"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:606
+@@ -16803,7 +17875,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:613
+ msgid "Default: userCertificate;binary"
+-msgstr ""
++msgstr "По умолчанию: userCertificate;binary"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:619
+@@ -16828,7 +17900,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:635
+ msgid "Default: mail"
+-msgstr ""
++msgstr "По умолчанию: mail"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap-attributes.5.xml:644
+@@ -16848,7 +17920,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:654
+ msgid "Default: posixGroup"
+-msgstr ""
++msgstr "По умолчанию: posixGroup"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:660
+@@ -16863,7 +17935,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:667
+ msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+-msgstr ""
++msgstr "По умолчанию: cn (rfc2307, rfc2307bis и IPA), sAMAccountName (AD)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:674
+@@ -16888,7 +17960,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:694
+ msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+-msgstr ""
++msgstr "По умолчанию: memberuid (rfc2307) / member (rfc2307bis)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:700
+@@ -16943,6 +18015,7 @@ msgstr ""
+ #: sssd-ldap-attributes.5.xml:756
+ msgid "Default: groupType in the AD provider, otherwise not set"
+ msgstr ""
++"По умолчанию: groupType для поставщика данных AD, в ином случае не задано"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:763
+@@ -16960,6 +18033,8 @@ msgstr ""
+ #: sssd-ldap-attributes.5.xml:772
+ msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+ msgstr ""
++"По умолчанию: ipaExternalMember для поставщика данных IPA, в ином случае не "
++"задано."
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap-attributes.5.xml:782
+@@ -16974,7 +18049,7 @@ msgstr "ldap_netgroup_object_class (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:789
+ msgid "The object class of a netgroup entry in LDAP."
+-msgstr ""
++msgstr "Класс объектов записи сетевой группы в LDAP."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:792
+@@ -16984,7 +18059,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:796
+ msgid "Default: nisNetgroup"
+-msgstr ""
++msgstr "По умолчанию: nisNetgroup"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:802
+@@ -17019,7 +18094,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:830
+ msgid "Default: memberNisNetgroup"
+-msgstr ""
++msgstr "По умолчанию: memberNisNetgroup"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:836
+@@ -17040,7 +18115,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:846
+ msgid "Default: nisNetgroupTriple"
+-msgstr ""
++msgstr "По умолчанию: nisNetgroupTriple"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:852
+@@ -17065,7 +18140,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:881 sssd-ldap-attributes.5.xml:978
+ msgid "Default: ipService"
+-msgstr ""
++msgstr "По умолчанию: ipService"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:887
+@@ -17092,7 +18167,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:907
+ msgid "Default: fqdn"
+-msgstr ""
++msgstr "По умолчанию: fqdn"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:913
+@@ -17102,7 +18177,7 @@ msgstr "ldap_host_serverhostname (строка)"
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:920
+ msgid "Default: serverHostname"
+-msgstr ""
++msgstr "По умолчанию: serverHostname"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:926
+@@ -17174,7 +18249,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1004
+ msgid "Default: ipServicePort"
+-msgstr ""
++msgstr "По умолчанию: ipServicePort"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1010
+@@ -17190,7 +18265,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1017
+ msgid "Default: ipServiceProtocol"
+-msgstr ""
++msgstr "По умолчанию: ipServiceProtocol"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap-attributes.5.xml:1026
+@@ -17210,7 +18285,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1036
+ msgid "Default: sudoRole"
+-msgstr ""
++msgstr "По умолчанию: sudoRole"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1042
+@@ -17235,7 +18310,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1062
+ msgid "Default: sudoCommand"
+-msgstr ""
++msgstr "По умолчанию: sudoCommand"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1068
+@@ -17252,7 +18327,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1076
+ msgid "Default: sudoHost"
+-msgstr ""
++msgstr "По умолчанию: sudoHost"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1082
+@@ -17269,7 +18344,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1089
+ msgid "Default: sudoUser"
+-msgstr ""
++msgstr "По умолчанию: sudoUser"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1095
+@@ -17284,7 +18359,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1102
+ msgid "Default: sudoOption"
+-msgstr ""
++msgstr "По умолчанию: sudoOption"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1108
+@@ -17301,7 +18376,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1115
+ msgid "Default: sudoRunAsUser"
+-msgstr ""
++msgstr "По умолчанию: sudoRunAsUser"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1121
+@@ -17318,7 +18393,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1128
+ msgid "Default: sudoRunAsGroup"
+-msgstr ""
++msgstr "По умолчанию: sudoRunAsGroup"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1134
+@@ -17335,7 +18410,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1141
+ msgid "Default: sudoNotBefore"
+-msgstr ""
++msgstr "По умолчанию: sudoNotBefore"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1147
+@@ -17352,7 +18427,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1155
+ msgid "Default: sudoNotAfter"
+-msgstr ""
++msgstr "По умолчанию: sudoNotAfter"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1161
+@@ -17367,7 +18442,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1168
+ msgid "Default: sudoOrder"
+-msgstr ""
++msgstr "По умолчанию: sudoOrder"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap-attributes.5.xml:1177
+@@ -17392,7 +18467,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1194
+ msgid "Default: ipHost"
+-msgstr ""
++msgstr "По умолчанию: ipHost"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1200
+@@ -17419,7 +18494,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1220
+ msgid "Default: ipHostNumber"
+-msgstr ""
++msgstr "По умолчанию: ipHostNumber"
+
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sssd-ldap-attributes.5.xml:1229
+@@ -17439,7 +18514,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1239
+ msgid "Default: ipNetwork"
+-msgstr ""
++msgstr "По умолчанию: ipNetwork"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-ldap-attributes.5.xml:1245
+@@ -17466,7 +18541,7 @@ msgstr ""
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-ldap-attributes.5.xml:1265
+ msgid "Default: ipNetworkNumber"
+-msgstr ""
++msgstr "По умолчанию: ipNetworkNumber"
+
+ #. type: Content of: <variablelist><varlistentry><term>
+ #: include/autofs_attributes.xml:3
+@@ -17482,6 +18557,8 @@ msgstr ""
+ #: include/autofs_attributes.xml:9
+ msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
+ msgstr ""
++"По умолчанию: nisMap (rfc2307, autofs_provider=ad), в ином случае — "
++"automountMap"
+
+ #. type: Content of: <variablelist><varlistentry><term>
+ #: include/autofs_attributes.xml:16
+@@ -17498,6 +18575,8 @@ msgstr ""
+ msgid ""
+ "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
+ msgstr ""
++"По умолчанию: nisMapName (rfc2307, autofs_provider=ad), в ином случае — "
++"automountMapName"
+
+ #. type: Content of: <variablelist><varlistentry><term>
+ #: include/autofs_attributes.xml:29
+@@ -17515,6 +18594,8 @@ msgstr ""
+ #: include/autofs_attributes.xml:37
+ msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
+ msgstr ""
++"По умолчанию: nisObject (rfc2307, autofs_provider=ad), в ином случае — "
++"automount"
+
+ #. type: Content of: <variablelist><varlistentry><term>
+ #: include/autofs_attributes.xml:44
+@@ -17532,6 +18613,7 @@ msgstr ""
+ #: include/autofs_attributes.xml:51
+ msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
+ msgstr ""
++"По умолчанию: cn (rfc2307, autofs_provider=ad), в ином случае — automountKey"
+
+ #. type: Content of: <variablelist><varlistentry><term>
+ #: include/autofs_attributes.xml:58
+@@ -17544,11 +18626,13 @@ msgid ""
+ "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
+ "automountInformation"
+ msgstr ""
++"По умолчанию: nisMapEntry (rfc2307, autofs_provider=ad), в ином случае — "
++"automountInformation"
+
+ #. type: Content of: <refsect1><title>
+ #: include/service_discovery.xml:2
+ msgid "SERVICE DISCOVERY"
+-msgstr ""
++msgstr "ОБНАРУЖЕНИЕ СЛУЖБ"
+
+ #. type: Content of: <refsect1><para>
+ #: include/service_discovery.xml:4
+@@ -17603,7 +18687,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><title>
+ #: include/service_discovery.xml:42
+ msgid "See Also"
+-msgstr ""
++msgstr "См. также"
+
+ #. type: Content of: <refsect1><refsect2><para>
+ #: include/service_discovery.xml:44
+@@ -17626,7 +18710,7 @@ msgstr ""
+ #. type: Content of: <refsect1><title>
+ #: include/failover.xml:2
+ msgid "FAILOVER"
+-msgstr ""
++msgstr "ОТРАБОТКА ОТКАЗА"
+
+ #. type: Content of: <refsect1><para>
+ #: include/failover.xml:4
+@@ -17716,7 +18800,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: include/failover.xml:76
+ msgid "dns_resolver_server_timeout"
+-msgstr ""
++msgstr "dns_resolver_server_timeout"
+
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: include/failover.xml:80
+@@ -17728,7 +18812,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: include/failover.xml:90
+ msgid "dns_resolver_op_timeout"
+-msgstr ""
++msgstr "dns_resolver_op_timeout"
+
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: include/failover.xml:94
+@@ -17741,7 +18825,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+ #: include/failover.xml:106
+ msgid "dns_resolver_timeout"
+-msgstr ""
++msgstr "dns_resolver_timeout"
+
+ #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+ #: include/failover.xml:110
+@@ -17939,7 +19023,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+ #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
+ msgid "Default: 200000"
+-msgstr ""
++msgstr "По умолчанию: 200000"
+
+ #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+ #: include/ldap_id_mapping.xml:142
+@@ -17966,7 +19050,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+ #: include/ldap_id_mapping.xml:159
+ msgid "Default: 2000200000"
+-msgstr ""
++msgstr "По умолчанию: 2000200000"
+
+ #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+ #: include/ldap_id_mapping.xml:164
+@@ -18461,7 +19545,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: include/override_homedir.xml:23
+ msgid "%f"
+-msgstr ""
++msgstr "%f"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: include/override_homedir.xml:24
+@@ -18471,7 +19555,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: include/override_homedir.xml:27
+ msgid "%l"
+-msgstr ""
++msgstr "%l"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: include/override_homedir.xml:28
+@@ -18486,7 +19570,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: include/override_homedir.xml:35
+ msgid "%o"
+-msgstr ""
++msgstr "%o"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: include/override_homedir.xml:37
+@@ -18496,7 +19580,7 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+ #: include/override_homedir.xml:42
+ msgid "%H"
+-msgstr ""
++msgstr "%H"
+
+ #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+ #: include/override_homedir.xml:44
+@@ -18529,6 +19613,8 @@ msgstr ""
+ #: include/override_homedir.xml:65
+ msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+ msgstr ""
++"По умолчанию: не задано (SSSD будет использовать значение, полученное от "
++"LDAP)"
+
+ #. type: Content of: <varlistentry><listitem><para>
+ #: include/override_homedir.xml:69
+@@ -18560,12 +19646,12 @@ msgstr ""
+ #. type: Content of: <varlistentry><listitem><para>
+ #: include/homedir_substring.xml:15
+ msgid "Default: /home"
+-msgstr ""
++msgstr "По умолчанию: /home"
+
+ #. type: Content of: <refsect1><title>
+ #: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
+ msgid "MODIFIED DEFAULT OPTIONS"
+-msgstr ""
++msgstr "ИЗМЕНЁННЫЕ СТАНДАРТНЫЕ ПАРАМЕТРЫ"
+
+ #. type: Content of: <refsect1><para>
+ #: include/ad_modified_defaults.xml:4
+@@ -18583,7 +19669,7 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
+ msgid "krb5_validate = true"
+-msgstr ""
++msgstr "krb5_validate = true"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:18
+@@ -18598,42 +19684,42 @@ msgstr ""
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:28
+ msgid "ldap_schema = ad"
+-msgstr ""
++msgstr "ldap_schema = ad"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
+ msgid "ldap_force_upper_case_realm = true"
+-msgstr ""
++msgstr "ldap_force_upper_case_realm = true"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:38
+ msgid "ldap_id_mapping = true"
+-msgstr ""
++msgstr "ldap_id_mapping = true"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:43
+ msgid "ldap_sasl_mech = GSS-SPNEGO"
+-msgstr ""
++msgstr "ldap_sasl_mech = GSS-SPNEGO"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:48
+ msgid "ldap_referrals = false"
+-msgstr ""
++msgstr "ldap_referrals = false"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:53
+ msgid "ldap_account_expire_policy = ad"
+-msgstr ""
++msgstr "ldap_account_expire_policy = ad"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
+ msgid "ldap_use_tokengroups = true"
+-msgstr ""
++msgstr "ldap_use_tokengroups = true"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:63
+ msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+-msgstr ""
++msgstr "ldap_sasl_authid = sAMAccountName@REALM (обычно SHORTNAME$@REALM)"
+
+ #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+ #: include/ad_modified_defaults.xml:66
+diff --git a/src/man/po/uk.po b/src/man/po/uk.po
+index e9466997c..02ae32c87 100644
+--- a/src/man/po/uk.po
++++ b/src/man/po/uk.po
+@@ -16,7 +16,7 @@ msgstr ""
+ "Project-Id-Version: sssd-docs 2.3.0\n"
+ "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+ "POT-Creation-Date: 2021-07-12 20:51+0200\n"
+-"PO-Revision-Date: 2021-06-12 18:04+0000\n"
++"PO-Revision-Date: 2021-07-17 04:04+0000\n"
+ "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
+ "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/"
+ "sssd-manpage-master/uk/>\n"
+@@ -26,7 +26,7 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+ "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
+-"X-Generator: Weblate 4.6.2\n"
++"X-Generator: Weblate 4.7.1\n"
+
+ #. type: Content of: <reference><title>
+ #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+@@ -9727,13 +9727,6 @@ msgstr ""
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: pam_sss_gss.8.xml:74
+-#, fuzzy
+-#| msgid ""
+-#| "Some Kerberos deployments allow to assocate authentication indicators "
+-#| "with a particular pre-authentication method used to obtain the ticket "
+-#| "granting ticket by the user. <command>pam_sss_gss.so</command> allows to "
+-#| "enforce presence of authentication indicators in the service tickets "
+-#| "before a particular PAM service can be accessed."
+ msgid ""
+ "Some Kerberos deployments allow to associate authentication indicators with "
+ "a particular pre-authentication method used to obtain the ticket granting "
+@@ -9879,12 +9872,6 @@ msgstr ""
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: pam_sss_gss.8.xml:200
+-#, fuzzy
+-#| msgid ""
+-#| "3. Authentication does not work and syslog contains \"No Kerberos "
+-#| "credentials available\": You don't have any credentials that can be used "
+-#| "to obtain the required service ticket. Use kinit or autheticate over SSSD "
+-#| "to acquire those credentials."
+ msgid ""
+ "3. Authentication does not work and syslog contains \"No Kerberos "
+ "credentials available\": You don't have any credentials that can be used to "
+@@ -14488,13 +14475,6 @@ msgstr "Коригування швидкодії"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-sudo.5.xml:215
+-#, fuzzy
+-#| msgid ""
+-#| "SSSD uses different kinds of mechanisms with more or less complex LDAP "
+-#| "filters to keep the cached sudo rules up to date. The default "
+-#| "configuration is set to values that should satisfy most of our users, but "
+-#| "the following paragraps contains few tips on how to fine tune the "
+-#| "configuration to your requirements."
+ msgid ""
+ "SSSD uses different kinds of mechanisms with more or less complex LDAP "
+ "filters to keep the cached sudo rules up to date. The default configuration "
+@@ -16748,7 +16728,7 @@ msgstr "Обмежити процедуру скасування визначе
+ #. type: Content of: <reference><refentry><refsect1><title>
+ #: sss_cache.8.xml:224
+ msgid "EFFECTS ON THE FAST MEMORY CACHE"
+-msgstr ""
++msgstr "ВПЛИВ НА ШВИДКИЙ КЕШ У ПАМ'ЯТІ"
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_cache.8.xml:226
+@@ -16765,6 +16745,17 @@ msgid ""
+ "kernel can release the occupied disk space and the old memory cache file is "
+ "finally removed completely."
+ msgstr ""
++"Крім того, <command>sss_cache</command> вимикає кеш у пам'яті. Оскільки кеш "
++"у пам'яті є файлом, копію якого програма створює у пам'яті кожного процесу, "
++"який викликає SSSD для визначення користувачів або груп, файл не може бути "
++"обрізано. У заголовку файла встановлюють спеціальний прапорець для "
++"позначення некоректності вмісту, а потім файл від'єднується відповідачем NSS "
++"SSSD і створюється новий файл кешу. Після цього, кожного разу, коли процес "
++"виконує новий пошук користувача або групи, він бачить цей прапорець, "
++"закриває старий файл кешу у пам'яті і відтворює новий файл у своїй пам'яті. "
++"Коли усі процеси, які відкривали старий файл кешу у пам'яті, закриють його "
++"під час пошуку користувача або групи, ядро може звільнити зайняте ним місце "
++"на диску і нарешті повністю вилучити застарілий файл кешу у пам'яті."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_cache.8.xml:240
+@@ -16779,6 +16770,17 @@ msgid ""
+ "disk usage because old memory cache files cannot be removed from the disk "
+ "because they are still mapped by long running processes."
+ msgstr ""
++"Особливим випадком є процеси довготривалої дії, які виконують пошук "
++"користувачів або груп лише під час запуску, наприклад, щоб визначити назву "
++"облікового запису користувача, від імені якого запущено процес. Для таких "
++"пошуків файл кешу у пам'яті відображається до пам'яті процесу. Але оскільки "
++"подальших пошуків виконано не буде, цей процес ніколи не зможе визначити "
++"втрату чинності файлом кешу у пам'яті, а отже, файл лишатиметься у пам'яті і "
++"займатиме місце на диску аж до завершення процесом роботи. У результаті "
++"виклик <command>sss_cache</command> може збільшити обсяг використаного "
++"програмою місця на диску, оскільки вилучення застарілих файлів кешу у "
++"пам'яті виявиться неможливим, оскільки їх буде пов'язано із процесами "
++"довготривалої дії."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sss_cache.8.xml:252
+@@ -16791,6 +16793,14 @@ msgid ""
+ "so that they meet the local expectations and calling <command>sss_cache</"
+ "command> is not needed."
+ msgstr ""
++"Можливим обхідним маневром у випадках процесів довготривалої дії, які "
++"виконують пошук користувачів та груп лише під час запуску або дуже нечасто, "
++"є запуск процесів із встановленим для змінної середовища "
++"SSS_NSS_USE_MEMCACHE значенням «NO», щоб вони взагалі не використовували кеш "
++"у пам'яті або не відображали файл кешу до своєї пам'яті. Загалом, кращим "
++"варіантом є коригування параметрів часу очікування кешування так, щоб вони "
++"відповідали конкретному випадку. Тоді виклик <command>sss_cache</command> "
++"стане непотрібним."
+
+ #. type: Content of: <reference><refentry><refnamediv><refname>
+ #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+@@ -17947,10 +17957,8 @@ msgstr "Типове значення: /etc/group"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+ #: sssd-files.5.xml:126
+-#, fuzzy
+-#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+ msgid "fallback_to_nss (boolean)"
+-msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
++msgstr "fallback_to_nss (булеве значення)"
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-files.5.xml:129
+@@ -17961,6 +17969,11 @@ msgid ""
+ "<filename>/etc/group</filename> and the NSS configuration has 'sss' before "
+ "'files' for the 'passwd' and 'group' maps."
+ msgstr ""
++"Під час оновлення внутрішніх даних SSSD поверне повідомлення про помилку і "
++"надасть змогу клієнту продовжити роботу з наступним модулем NSS. Це "
++"допомагає уникнути затримок при використанні типових файлів системи "
++"<filename>/etc/passwd</filename> і <filename>/etc/group</filename>. "
++"Налаштування NSS містять «sss» до «files» для прив'язок «passwd» і «group»."
+
+ #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+ #: sssd-files.5.xml:139
+@@ -17969,6 +17982,10 @@ msgid ""
+ "set this option to 'False' to avoid inconsistent behavior because in general "
+ "there would be no other NSS module which can be used as a fallback."
+ msgstr ""
++"Якщо надавача даних файлів налаштовано на спостереження за іншими файлами, "
++"має сенс встановлення для цього параметра значення False для уникнення "
++"несумісної поведінки, оскільки, загалом, не буде іншого модуля NSS, яким "
++"можна буде скористатися як резервним."
+
+ #. type: Content of: <reference><refentry><refsect1><para>
+ #: sssd-files.5.xml:80
+--
+2.26.3
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
new file mode 100644
index 0000000..b23f1ae
--- /dev/null
+++ b/SPECS/sssd.spec
@@ -0,0 +1,2817 @@
+# SSSD SPEC file for Fedora 34+ and RHEL-9+
+
+# define SSSD user
+%if 0%{?rhel}
+%global sssd_user sssd
+%else
+%global sssd_user root
+%endif
+
+# Set setuid bit on child helpers if we support non-root user.
+%if "%{sssd_user}" == "root"
+%global child_attrs 0750
+%else
+%global child_attrs 4750
+%endif
+
+# we don't want to provide private python extension libs
+%define __provides_exclude_from %{python3_sitearch}/.*\.so$
+
+%define _hardened_build 1
+
+# Determine the location of the LDB modules directory
+%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
+%global ldb_version 1.2.0
+
+%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
+
+Name: sssd
+Version: 2.5.2
+Release: 5%{?dist}
+Summary: System Security Services Daemon
+License: GPLv3+
+URL: https://github.com/SSSD/sssd/
+Source0: https://github.com/SSSD/sssd/releases/download/2.5.2/sssd-2.5.2.tar.gz
+
+### Patches ###
+Patch0001: 0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
+Patch0002: 0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
+Patch0003: 0003-NSS-don-t-treat-absent-CLEAR_MC_FLAG-as-an-error-Thi.patch
+Patch0004: 0004-po-update-translations.patch
+
+### Dependencies ###
+
+Requires: sssd-ad = %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-ipa = %{version}-%{release}
+Requires: sssd-krb5 = %{version}-%{release}
+Requires: sssd-ldap = %{version}-%{release}
+Recommends: sssd-proxy = %{version}-%{release}
+Recommends: logrotate
+Suggests: python3-sssdconfig = %{version}-%{release}
+Suggests: sssd-dbus = %{version}-%{release}
+
+%global servicename sssd
+%global sssdstatedir %{_localstatedir}/lib/sss
+%global dbpath %{sssdstatedir}/db
+%global keytabdir %{sssdstatedir}/keytabs
+%global pipepath %{sssdstatedir}/pipes
+%global mcpath %{sssdstatedir}/mc
+%global pubconfpath %{sssdstatedir}/pubconf
+%global gpocachepath %{sssdstatedir}/gpo_cache
+%global secdbpath %{sssdstatedir}/secrets
+%global deskprofilepath %{sssdstatedir}/deskprofile
+
+### Build Dependencies ###
+
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: bind-utils
+BuildRequires: c-ares-devel
+BuildRequires: check-devel
+BuildRequires: cifs-utils-devel
+BuildRequires: dbus-devel
+BuildRequires: docbook-style-xsl
+BuildRequires: doxygen
+BuildRequires: findutils
+BuildRequires: gcc
+BuildRequires: gdm-pam-extensions-devel
+BuildRequires: gettext-devel
+BuildRequires: glib2-devel
+# required for p11_child smartcard tests
+BuildRequires: gnutls-utils
+BuildRequires: jansson-devel
+BuildRequires: keyutils-libs-devel
+BuildRequires: krb5-devel
+BuildRequires: libcmocka-devel >= 1.0.0
+BuildRequires: libdhash-devel >= 0.4.2
+BuildRequires: libini_config-devel >= 1.1
+BuildRequires: libldb-devel >= %{ldb_version}
+BuildRequires: libnfsidmap-devel
+BuildRequires: libnl3-devel
+BuildRequires: libselinux-devel
+BuildRequires: libsemanage-devel
+BuildRequires: libsmbclient-devel
+BuildRequires: libtalloc-devel
+BuildRequires: libtdb-devel
+BuildRequires: libtevent-devel
+BuildRequires: libtool
+BuildRequires: libuuid-devel
+BuildRequires: libxml2
+BuildRequires: libxslt
+BuildRequires: m4
+BuildRequires: make
+BuildRequires: nss_wrapper
+BuildRequires: openldap-devel
+BuildRequires: openssh
+BuildRequires: openssl
+BuildRequires: openssl-devel
+BuildRequires: p11-kit-devel
+BuildRequires: pam_wrapper
+BuildRequires: pam-devel
+BuildRequires: pcre-devel
+BuildRequires: pkgconfig
+BuildRequires: popt-devel
+BuildRequires: python3-devel
+BuildRequires: samba-devel
+# required for idmap_sss.so
+BuildRequires: samba-winbind
+BuildRequires: selinux-policy-targeted
+# required for p11_child smartcard tests
+BuildRequires: softhsm >= 2.1.0
+BuildRequires: systemd-devel
+BuildRequires: systemtap-sdt-devel
+BuildRequires: uid_wrapper
+BuildRequires: po4a
+BuildRequires: shadow-utils-subid-devel
+
+%description
+Provides a set of daemons to manage access to remote directories and
+authentication mechanisms. It provides an NSS and PAM interface toward
+the system and a pluggable back end system to connect to multiple different
+account sources. It is also the basis to provide client auditing and policy
+services for projects like FreeIPA.
+
+The sssd subpackage is a meta-package that contains the daemon as well as all
+the existing back ends.
+
+%package common
+Summary: Common files for the SSSD
+License: GPLv3+
+# Requires
+# due to ABI changes in 1.1.30/1.2.0
+Requires: libldb >= %{ldb_version}
+Requires: sssd-client%{?_isa} = %{version}-%{release}
+Recommends: libsss_sudo = %{version}-%{release}
+Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
+Recommends: sssd-nfs-idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+%if 0%{?rhel}
+Requires(pre): shadow-utils
+%endif
+%{?systemd_requires}
+
+### Provides ###
+Provides: libsss_sudo-devel = %{version}-%{release}
+Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
+
+%description common
+Common files for the SSSD. The common package includes all the files needed
+to run a particular back end, however, the back ends are packaged in separate
+subpackages such as sssd-ldap.
+
+%package client
+Summary: SSSD Client libraries for NSS and PAM
+License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires(post): /sbin/ldconfig
+Requires(post): /usr/sbin/alternatives
+Requires(preun): /usr/sbin/alternatives
+
+%description client
+Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
+service.
+
+%package -n libsss_sudo
+Summary: A library to allow communication between SUDO and SSSD
+License: LGPLv3+
+Conflicts: sssd-common < %{version}-%{release}
+
+%description -n libsss_sudo
+A utility library to allow communication between SUDO and SSSD
+
+%package -n libsss_autofs
+Summary: A library to allow communication between Autofs and SSSD
+License: LGPLv3+
+Conflicts: sssd-common < %{version}-%{release}
+
+%description -n libsss_autofs
+A utility library to allow communication between Autofs and SSSD
+
+%package tools
+Summary: Userspace tools for use with the SSSD
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+# required by sss_obfuscate
+Requires: python3-sss = %{version}-%{release}
+Requires: python3-sssdconfig = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+Recommends: sssd-dbus
+
+%description tools
+Provides userspace tools for manipulating users, groups, and nested groups in
+SSSD when using id_provider = local in /etc/sssd/sssd.conf.
+
+Also provides several other administrative tools:
+ * sss_debuglevel to change the debug level on the fly
+ * sss_seed which pre-creates a user entry for use in kickstarts
+ * sss_obfuscate for generating an obfuscated LDAP password
+ * sssctl -- an sssd status and control utility
+
+%package -n python3-sssdconfig
+Summary: SSSD and IPA configuration file manipulation classes and functions
+License: GPLv3+
+BuildArch: noarch
+%{?python_provide:%python_provide python3-sssdconfig}
+
+%description -n python3-sssdconfig
+Provides python3 files for manipulation SSSD and IPA configuration files.
+
+%package -n python3-sss
+Summary: Python3 bindings for sssd
+License: LGPLv3+
+Requires: sssd-common = %{version}-%{release}
+%{?python_provide:%python_provide python3-sss}
+
+%description -n python3-sss
+Provides python3 module for manipulating users, groups, and nested groups in
+SSSD when using id_provider = local in /etc/sssd/sssd.conf.
+
+Also provides several other useful python3 bindings:
+ * function for retrieving list of groups user belongs to.
+ * class for obfuscation of passwords
+
+%package -n python3-sss-murmur
+Summary: Python3 bindings for murmur hash function
+License: LGPLv3+
+%{?python_provide:%python_provide python3-sss-murmur}
+
+%description -n python3-sss-murmur
+Provides python3 module for calculating the murmur hash version 3
+
+%package ldap
+Summary: The LDAP back end of the SSSD
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+
+%description ldap
+Provides the LDAP back end that the SSSD can utilize to fetch identity data
+from and authenticate against an LDAP server.
+
+%package krb5-common
+Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
+License: GPLv3+
+Requires: cyrus-sasl-gssapi%{?_isa}
+Requires: sssd-common = %{version}-%{release}
+
+%description krb5-common
+Provides helper processes that the LDAP and Kerberos back ends can use for
+Kerberos user or host authentication.
+
+%package krb5
+Summary: The Kerberos authentication back end for the SSSD
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+
+%description krb5
+Provides the Kerberos back end that the SSSD can utilize authenticate
+against a Kerberos server.
+
+%package common-pac
+Summary: Common files needed for supporting PAC processing
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+
+%description common-pac
+Provides common files needed by SSSD providers such as IPA and Active Directory
+for handling Kerberos PACs.
+
+%package ipa
+Summary: The IPA back end of the SSSD
+License: GPLv3+
+Requires: samba-client-libs >= %{samba_package_version}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libipa_hbac%{?_isa} = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+Recommends: bind-utils
+Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+
+%description ipa
+Provides the IPA back end that the SSSD can utilize to fetch identity data
+from and authenticate against an IPA server.
+
+%package ad
+Summary: The AD back end of the SSSD
+License: GPLv3+
+Requires: samba-client-libs >= %{samba_package_version}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+Recommends: bind-utils
+Recommends: adcli
+Suggests: sssd-winbind-idmap = %{version}-%{release}
+
+%description ad
+Provides the Active Directory back end that the SSSD can utilize to fetch
+identity data from and authenticate against an Active Directory server.
+
+%package proxy
+Summary: The proxy back end of the SSSD
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+
+%description proxy
+Provides the proxy back end which can be used to wrap an existing NSS and/or
+PAM modules to leverage SSSD caching.
+
+%package -n libsss_idmap
+Summary: FreeIPA Idmap library
+License: LGPLv3+
+
+%description -n libsss_idmap
+Utility library to convert SIDs to Unix uids and gids
+
+%package -n libsss_idmap-devel
+Summary: FreeIPA Idmap library
+License: LGPLv3+
+Requires: libsss_idmap = %{version}-%{release}
+
+%description -n libsss_idmap-devel
+Utility library to SIDs to Unix uids and gids
+
+%package -n libipa_hbac
+Summary: FreeIPA HBAC Evaluator library
+License: LGPLv3+
+
+%description -n libipa_hbac
+Utility library to validate FreeIPA HBAC rules for authorization requests
+
+%package -n libipa_hbac-devel
+Summary: FreeIPA HBAC Evaluator library
+License: LGPLv3+
+Requires: libipa_hbac = %{version}-%{release}
+
+%description -n libipa_hbac-devel
+Utility library to validate FreeIPA HBAC rules for authorization requests
+
+%package -n python3-libipa_hbac
+Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
+License: LGPLv3+
+Requires: libipa_hbac = %{version}-%{release}
+%{?python_provide:%python_provide python3-libipa_hbac}
+
+%description -n python3-libipa_hbac
+The python3-libipa_hbac contains the bindings so that libipa_hbac can be
+used by Python applications.
+
+%package -n libsss_nss_idmap
+Summary: Library for SID and certificate based lookups
+License: LGPLv3+
+
+%description -n libsss_nss_idmap
+Utility library for SID and certificate based lookups
+
+%package -n libsss_nss_idmap-devel
+Summary: Library for SID and certificate based lookups
+License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+
+%description -n libsss_nss_idmap-devel
+Utility library for SID and certificate based lookups
+
+%package -n python3-libsss_nss_idmap
+Summary: Python3 bindings for libsss_nss_idmap
+License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+%{?python_provide:%python_provide python3-libsss_nss_idmap}
+
+%description -n python3-libsss_nss_idmap
+The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
+be used by Python applications.
+
+%package dbus
+Summary: The D-Bus responder of the SSSD
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+%{?systemd_requires}
+
+%description dbus
+Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
+the information from the SSSD to be transmitted over the system bus.
+
+%if 0%{?rhel}
+%package polkit-rules
+Summary: Rules for polkit integration for SSSD
+Group: Applications/System
+License: GPLv3+
+Requires: polkit >= 0.106
+Requires: sssd-common = %{version}-%{release}
+
+%description polkit-rules
+Provides rules for polkit integration with SSSD. This is required
+for smartcard support.
+%endif
+
+%package -n libsss_simpleifp
+Summary: The SSSD D-Bus responder helper library
+License: GPLv3+
+Requires: sssd-dbus = %{version}-%{release}
+
+%description -n libsss_simpleifp
+Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
+
+%package -n libsss_simpleifp-devel
+Summary: The SSSD D-Bus responder helper library
+License: GPLv3+
+Requires: dbus-devel
+Requires: libsss_simpleifp = %{version}-%{release}
+
+%description -n libsss_simpleifp-devel
+Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
+
+%package winbind-idmap
+Summary: SSSD's idmap_sss Backend for Winbind
+License: GPLv3+ and LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Conflicts: sssd-common < %{version}-%{release}
+
+%description winbind-idmap
+The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
+and SIDs.
+
+%package nfs-idmap
+Summary: SSSD plug-in for NFSv4 rpc.idmapd
+License: GPLv3+
+Conflicts: sssd-common < %{version}-%{release}
+
+%description nfs-idmap
+The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
+UIDs/GIDs to names and vice versa. It can be also used for mapping principal
+(user) name to IDs(UID or GID) or to obtain groups which user are member of.
+
+%package -n libsss_certmap
+Summary: SSSD Certificate Mapping Library
+License: LGPLv3+
+Conflicts: sssd-common < %{version}-%{release}
+
+%description -n libsss_certmap
+Library to map certificates to users based on rules
+
+%package -n libsss_certmap-devel
+Summary: SSSD Certificate Mapping Library
+License: LGPLv3+
+Requires: libsss_certmap = %{version}-%{release}
+
+%description -n libsss_certmap-devel
+Library to map certificates to users based on rules
+
+%package kcm
+Summary: An implementation of a Kerberos KCM server
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+%{?systemd_requires}
+
+%description kcm
+An implementation of a Kerberos KCM server. Use this package if you want to
+use the KCM: Kerberos credentials cache.
+
+%prep
+%autosetup -p1
+
+%build
+
+autoreconf -ivf
+
+%configure \
+ --disable-rpath \
+ --disable-static \
+ --enable-gss-spnego-for-zero-maxssf \
+ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
+ --enable-nsslibdir=%{_libdir} \
+ --enable-pammoddir=%{_libdir}/security \
+ --enable-sss-default-nss-plugin \
+ --enable-systemtap \
+ --with-db-path=%{dbpath} \
+ --with-gpo-cache-path=%{gpocachepath} \
+ --with-init-dir=%{_initrddir} \
+ --with-initscript=systemd \
+ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
+ --with-mcache-path=%{mcpath} \
+ --with-pid-path=%{_rundir} \
+ --with-pipe-path=%{pipepath} \
+ --with-pubconf-path=%{pubconfpath} \
+ --with-sssd-user=%{sssd_user} \
+ --with-syslog=journald \
+ --with-test-dir=/dev/shm \
+ --with-subid \
+%if 0%{?fedora}
+ --enable-files-domain \
+ --disable-polkit-rules-path \
+%endif
+ %{nil}
+
+%make_build all docs runstatedir=%{_rundir}
+
+sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
+
+%check
+export CK_TIMEOUT_MULTIPLIER=10
+%make_build check VERBOSE=yes
+unset CK_TIMEOUT_MULTIPLIER
+
+%install
+
+%make_install
+
+# Prepare language files
+/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
+
+# Copy default logrotate file
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
+install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
+
+# Make sure SSSD is able to run on read-only root
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
+install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
+
+# Kerberos KCM credential cache by default
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
+cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
+ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
+
+# Create directory for cifs-idmap alternative
+# Otherwise this directory could not be owned by sssd-client
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
+
+# Remove .la files created by libtool
+find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
+
+# Suppress developer-only documentation
+rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
+
+# Older versions of rpmbuild can only handle one -f option
+# So we need to append to the sssd*.lang file
+for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
+do
+ echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
+done
+
+touch sssd.lang
+for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
+ sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
+ libsss_certmap sssd_kcm
+do
+ touch $subpackage.lang
+done
+
+for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
+do
+ lang=`echo $man | cut -c 1-2`
+ case `basename $man` in
+ sss_cache*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
+ ;;
+ sss_ssh*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
+ ;;
+ sss_rpcidmapd*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
+ ;;
+ sss_*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
+ ;;
+ sssctl*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
+ ;;
+ sssd_krb5_*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
+ ;;
+ pam_sss*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
+ ;;
+ sssd-ldap*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
+ ;;
+ sssd-krb5*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
+ ;;
+ sssd-ipa*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
+ ;;
+ sssd-ad*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
+ ;;
+ sssd-proxy*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
+ ;;
+ sssd-ifp*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
+ ;;
+ sssd-kcm*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
+ ;;
+ idmap_sss*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
+ ;;
+ sss-certmap*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
+ ;;
+ *)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
+ ;;
+ esac
+done
+
+# Print these to the rpmbuild log
+echo "sssd.lang:"
+cat sssd.lang
+
+echo "python3_sssdconfig.lang:"
+cat python3_sssdconfig.lang
+
+for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
+ sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
+ libsss_certmap sssd_kcm
+do
+ echo "$subpackage.lang:"
+ cat $subpackage.lang
+done
+
+%files
+%license COPYING
+
+%files common -f sssd.lang
+%license COPYING
+%doc src/examples/sssd-example.conf
+%{_sbindir}/sssd
+%{_unitdir}/sssd.service
+%{_unitdir}/sssd-autofs.socket
+%{_unitdir}/sssd-autofs.service
+%{_unitdir}/sssd-nss.socket
+%{_unitdir}/sssd-nss.service
+%{_unitdir}/sssd-pac.socket
+%{_unitdir}/sssd-pac.service
+%{_unitdir}/sssd-pam.socket
+%{_unitdir}/sssd-pam-priv.socket
+%{_unitdir}/sssd-pam.service
+%{_unitdir}/sssd-ssh.socket
+%{_unitdir}/sssd-ssh.service
+%{_unitdir}/sssd-sudo.socket
+%{_unitdir}/sssd-sudo.service
+
+%dir %{_libexecdir}/%{servicename}
+%{_libexecdir}/%{servicename}/sssd_be
+%{_libexecdir}/%{servicename}/sssd_nss
+%{_libexecdir}/%{servicename}/sssd_pam
+%{_libexecdir}/%{servicename}/sssd_autofs
+%{_libexecdir}/%{servicename}/sssd_ssh
+%{_libexecdir}/%{servicename}/sssd_sudo
+%{_libexecdir}/%{servicename}/p11_child
+%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
+
+%dir %{_libdir}/%{name}
+# The files provider is intentionally packaged in -common
+%{_libdir}/%{name}/libsss_files.so
+%{_libdir}/%{name}/libsss_simple.so
+
+#Internal shared libraries
+%{_libdir}/%{name}/libsss_child.so
+%{_libdir}/%{name}/libsss_crypt.so
+%{_libdir}/%{name}/libsss_cert.so
+%{_libdir}/%{name}/libsss_debug.so
+%{_libdir}/%{name}/libsss_krb5_common.so
+%{_libdir}/%{name}/libsss_ldap_common.so
+%{_libdir}/%{name}/libsss_util.so
+%{_libdir}/%{name}/libsss_semanage.so
+%{_libdir}/%{name}/libifp_iface.so
+%{_libdir}/%{name}/libifp_iface_sync.so
+%{_libdir}/%{name}/libsss_iface.so
+%{_libdir}/%{name}/libsss_iface_sync.so
+%{_libdir}/%{name}/libsss_sbus.so
+%{_libdir}/%{name}/libsss_sbus_sync.so
+
+%{ldb_modulesdir}/memberof.so
+%{_bindir}/sss_ssh_authorizedkeys
+%{_bindir}/sss_ssh_knownhostsproxy
+%{_sbindir}/sss_cache
+%{_libexecdir}/%{servicename}/sss_signal
+
+%dir %{sssdstatedir}
+%dir %{_localstatedir}/cache/krb5rcache
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{dbpath}
+%attr(775,%{sssd_user},%{sssd_user}) %dir %{mcpath}
+%attr(700,root,root) %dir %{secdbpath}
+%attr(751,root,root) %dir %{deskprofilepath}
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/passwd
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/group
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/initgroups
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pipepath}
+%attr(750,%{sssd_user},root) %dir %{pipepath}/private
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
+%attr(750,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
+%attr(711,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
+%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
+%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
+%dir %{_sysconfdir}/logrotate.d
+%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
+%dir %{_sysconfdir}/rwtab.d
+%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
+%dir %{_datadir}/sssd
+%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
+%dir %{_libdir}/%{name}/conf
+%{_libdir}/%{name}/conf/sssd.conf
+
+%{_datadir}/sssd/cfg_rules.ini
+%{_mandir}/man1/sss_ssh_authorizedkeys.1*
+%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
+%{_mandir}/man5/sssd.conf.5*
+%{_mandir}/man5/sssd-files.5*
+%{_mandir}/man5/sssd-simple.5*
+%{_mandir}/man5/sssd-sudo.5*
+%{_mandir}/man5/sssd-session-recording.5*
+%{_mandir}/man8/sssd.8*
+%{_mandir}/man8/sss_cache.8*
+%dir %{_datadir}/sssd/systemtap
+%{_datadir}/sssd/systemtap/id_perf.stp
+%{_datadir}/sssd/systemtap/nested_group_perf.stp
+%{_datadir}/sssd/systemtap/dp_request.stp
+%{_datadir}/sssd/systemtap/ldap_perf.stp
+%dir %{_datadir}/systemtap
+%dir %{_datadir}/systemtap/tapset
+%{_datadir}/systemtap/tapset/sssd.stp
+%{_datadir}/systemtap/tapset/sssd_functions.stp
+%{_mandir}/man5/sssd-systemtap.5*
+
+%if 0%{?rhel}
+%files polkit-rules
+%{_datadir}/polkit-1/rules.d/*
+%endif
+
+%files ldap -f sssd_ldap.lang
+%license COPYING
+%{_libdir}/%{name}/libsss_ldap.so
+%{_mandir}/man5/sssd-ldap.5*
+%{_mandir}/man5/sssd-ldap-attributes.5*
+
+%files krb5-common
+%license COPYING
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
+%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
+%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
+
+%files krb5 -f sssd_krb5.lang
+%license COPYING
+%{_libdir}/%{name}/libsss_krb5.so
+%{_mandir}/man5/sssd-krb5.5*
+
+%files common-pac
+%license COPYING
+%{_libexecdir}/%{servicename}/sssd_pac
+
+%files ipa -f sssd_ipa.lang
+%license COPYING
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
+%{_libdir}/%{name}/libsss_ipa.so
+%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
+%{_mandir}/man5/sssd-ipa.5*
+
+%files ad -f sssd_ad.lang
+%license COPYING
+%{_libdir}/%{name}/libsss_ad.so
+%{_libexecdir}/%{servicename}/gpo_child
+%{_mandir}/man5/sssd-ad.5*
+
+%files proxy
+%license COPYING
+%attr(%{child_attrs},root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
+%{_libdir}/%{name}/libsss_proxy.so
+
+%files dbus -f sssd_dbus.lang
+%license COPYING
+%{_libexecdir}/%{servicename}/sssd_ifp
+%{_mandir}/man5/sssd-ifp.5*
+%{_unitdir}/sssd-ifp.service
+# InfoPipe DBus plumbing
+%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
+
+%files -n libsss_simpleifp
+%{_libdir}/libsss_simpleifp.so.*
+
+%files -n libsss_simpleifp-devel
+%doc sss_simpleifp_doc/html
+%{_includedir}/sss_sifp.h
+%{_includedir}/sss_sifp_dbus.h
+%{_libdir}/libsss_simpleifp.so
+%{_libdir}/pkgconfig/sss_simpleifp.pc
+
+%files client -f sssd_client.lang
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libnss_sss.so.2
+%{_libdir}/libsubid_sss.so
+%{_libdir}/security/pam_sss.so
+%{_libdir}/security/pam_sss_gss.so
+%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
+%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
+%dir %{_libdir}/cifs-utils
+%{_libdir}/cifs-utils/cifs_idmap_sss.so
+%dir %{_sysconfdir}/cifs-utils
+%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/modules
+%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
+%{_mandir}/man8/pam_sss.8*
+%{_mandir}/man8/pam_sss_gss.8*
+%{_mandir}/man8/sssd_krb5_locator_plugin.8*
+
+%files -n libsss_sudo
+%license src/sss_client/COPYING
+%{_libdir}/libsss_sudo.so*
+
+%files -n libsss_autofs
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%dir %{_libdir}/%{name}/modules
+%{_libdir}/%{name}/modules/libsss_autofs.so
+
+%files tools -f sssd_tools.lang
+%license COPYING
+%{_sbindir}/sss_obfuscate
+%{_sbindir}/sss_override
+%{_sbindir}/sss_debuglevel
+%{_sbindir}/sss_seed
+%{_sbindir}/sssctl
+%{_mandir}/man8/sss_obfuscate.8*
+%{_mandir}/man8/sss_override.8*
+%{_mandir}/man8/sss_debuglevel.8*
+%{_mandir}/man8/sss_seed.8*
+%{_mandir}/man8/sssctl.8*
+
+%files -n python3-sssdconfig -f python3_sssdconfig.lang
+%dir %{python3_sitelib}/SSSDConfig
+%{python3_sitelib}/SSSDConfig/*.py*
+%dir %{python3_sitelib}/SSSDConfig/__pycache__
+%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
+%dir %{_datadir}/sssd
+%{_datadir}/sssd/sssd.api.conf
+%{_datadir}/sssd/sssd.api.d
+
+%files -n python3-sss
+%{python3_sitearch}/pysss.so
+
+%files -n python3-sss-murmur
+%{python3_sitearch}/pysss_murmur.so
+
+%files -n libsss_idmap
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libsss_idmap.so.*
+
+%files -n libsss_idmap-devel
+%doc idmap_doc/html
+%{_includedir}/sss_idmap.h
+%{_libdir}/libsss_idmap.so
+%{_libdir}/pkgconfig/sss_idmap.pc
+
+%files -n libipa_hbac
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libipa_hbac.so.*
+
+%files -n libipa_hbac-devel
+%doc hbac_doc/html
+%{_includedir}/ipa_hbac.h
+%{_libdir}/libipa_hbac.so
+%{_libdir}/pkgconfig/ipa_hbac.pc
+
+%files -n libsss_nss_idmap
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libsss_nss_idmap.so.*
+
+%files -n libsss_nss_idmap-devel
+%doc nss_idmap_doc/html
+%{_includedir}/sss_nss_idmap.h
+%{_libdir}/libsss_nss_idmap.so
+%{_libdir}/pkgconfig/sss_nss_idmap.pc
+
+%files -n python3-libsss_nss_idmap
+%{python3_sitearch}/pysss_nss_idmap.so
+
+%files -n python3-libipa_hbac
+%{python3_sitearch}/pyhbac.so
+
+%files winbind-idmap -f sssd_winbind_idmap.lang
+%dir %{_libdir}/samba/idmap
+%{_libdir}/samba/idmap/sss.so
+%{_mandir}/man8/idmap_sss.8*
+
+%files nfs-idmap -f sssd_nfs_idmap.lang
+%{_mandir}/man5/sss_rpcidmapd.5*
+%{_libdir}/libnfsidmap/sss.so
+
+%files -n libsss_certmap -f libsss_certmap.lang
+%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libsss_certmap.so.*
+%{_mandir}/man5/sss-certmap.5*
+
+%files -n libsss_certmap-devel
+%doc certmap_doc/html
+%{_includedir}/sss_certmap.h
+%{_libdir}/libsss_certmap.so
+%{_libdir}/pkgconfig/sss_certmap.pc
+
+%files kcm -f sssd_kcm.lang
+%{_libexecdir}/%{servicename}/sssd_kcm
+%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
+%dir %{_datadir}/sssd-kcm
+%{_datadir}/sssd-kcm/kcm_default_ccache
+%{_unitdir}/sssd-kcm.socket
+%{_unitdir}/sssd-kcm.service
+%{_mandir}/man8/sssd-kcm.8*
+%{_libdir}/%{name}/libsss_secrets.so
+
+%if 0%{?rhel}
+%pre common
+getent group sssd >/dev/null || groupadd -r sssd
+getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+%endif
+
+%post common
+%systemd_post sssd.service
+%systemd_post sssd-autofs.socket
+%systemd_post sssd-nss.socket
+%systemd_post sssd-pac.socket
+%systemd_post sssd-pam.socket
+%systemd_post sssd-pam-priv.socket
+%systemd_post sssd-ssh.socket
+%systemd_post sssd-sudo.socket
+
+%preun common
+%systemd_preun sssd.service
+%systemd_preun sssd-autofs.socket
+%systemd_preun sssd-nss.socket
+%systemd_preun sssd-pac.socket
+%systemd_preun sssd-pam.socket
+%systemd_preun sssd-pam-priv.socket
+%systemd_preun sssd-ssh.socket
+%systemd_preun sssd-sudo.socket
+
+%postun common
+%systemd_postun_with_restart sssd-autofs.socket
+%systemd_postun_with_restart sssd-nss.socket
+%systemd_postun_with_restart sssd-pac.socket
+%systemd_postun_with_restart sssd-pam.socket
+%systemd_postun_with_restart sssd-pam-priv.socket
+%systemd_postun_with_restart sssd-ssh.socket
+%systemd_postun_with_restart sssd-sudo.socket
+
+# Services have RefuseManualStart=true, therefore we can't request restart.
+%systemd_postun sssd-autofs.service
+%systemd_postun sssd-nss.service
+%systemd_postun sssd-pac.service
+%systemd_postun sssd-pam.service
+%systemd_postun sssd-ssh.service
+%systemd_postun sssd-sudo.service
+
+%post dbus
+%systemd_post sssd-ifp.service
+
+%preun dbus
+%systemd_preun sssd-ifp.service
+
+%postun dbus
+%systemd_postun_with_restart sssd-ifp.service
+
+%post kcm
+%systemd_post sssd-kcm.socket
+
+%preun kcm
+%systemd_preun sssd-kcm.socket
+
+%postun kcm
+%systemd_postun_with_restart sssd-kcm.socket
+%systemd_postun_with_restart sssd-kcm.service
+
+%post client
+%{?ldconfig}
+/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
+
+%preun client
+if [ $1 -eq 0 ] ; then
+ /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
+fi
+
+%ldconfig_postun client
+
+%ldconfig_scriptlets -n libsss_sudo
+
+%ldconfig_scriptlets -n libipa_hbac
+
+%ldconfig_scriptlets -n libsss_idmap
+
+%ldconfig_scriptlets -n libsss_nss_idmap
+
+%ldconfig_scriptlets -n libsss_simpleifp
+
+%ldconfig_scriptlets -n libsss_certmap
+
+%posttrans common
+%systemd_postun_with_restart sssd.service
+
+%changelog
+* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-5
+- Resolves: rhbz#1909755 - Suppress log message "[sssd] [service_signal_done] (0x0010): Unable to signal service [2]: No such file or directory" during logrote
+- Resolves: rhbz#1962123 - [sssd] RHEL 9.0 Beta Tier 0 Localization
+
+* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-4
+- Resolves: rhbz#1973411 - CVE-2021-3621 sssd: shell command injection in sssctl [rhel-9]
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.2-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2
+- Resolves: rhbz#1803943 - [RFE] support subid ranges managed by FreeIPA
+
+* Fri Jul 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
+- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
+- Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()
+
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-2
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+ Related: rhbz#1971065
+
+* Mon Jun 14 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-1
+- Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
+- Resolves: rhbz#1938876 - review of important potential issues detected by static analyzers in sssd-2.4.1-1.el9
+- Resolves: rhbz#1942277 - Wrong default debug level of sssd tools
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.2-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-3
+- Add CAP_DAC_OVERRIDE to ifp service file if required by build configuration
+
+* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-2
+- Remove setuid from child binaries and relax requirement on python3-sssdconfig
+
+* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.2-1
+- Rebase to SSSD 2.4.2
+
+* Fri Feb 5 2021 Pavel Březina <pbrezina@redhat.com> - 2.4.1-1
+- Rebase to SSSD 2.4.1
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Dec 11 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-6
+- Improve sssd-kcm performance, fix upgrade with existing credentials (rhbz#1645624)
+
+* Mon Dec 7 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-5
+- Improve sssd-kcm performance (rhbz#1645624)
+
+* Mon Nov 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-4
+- Rebuild for Fedora ELN
+
+* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 2.4.0-3
+- Rebuild with libsemanage.so.2
+
+* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-2
+- Remove old patches
+
+* Mon Oct 12 2020 Pavel Březina <pbrezina@redhat.com> - 2.4.0-1
+- Rebase to SSSD 2.4.0
+
+* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-4
+- Actually include 2.3.1 source
+
+* Tue Jul 28 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-3
+- Fix test compilation with check-0.15
+
+* Mon Jul 27 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-2
+- Use correct run dir (RHBZ#1557622)
+
+* Fri Jul 24 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.1-1
+- Rebase to SSSD 2.3.1
+
+* Fri Jul 24 2020 Merlin Mathesius <mmathesi@redhat.com> - 2.3.0-5
+- Minor ELN conditional fix
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.3.0-4
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Wed Jul 1 2020 Jeff Law <law@redhat.com>
+- Disable LTO
+
+* Fri Jun 19 2020 Peter Jones <pjones@redhat.com>
+- Fix github url typo
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.3.0-2
+- Rebuilt for Python 3.9
+
+* Wed May 20 2020 Pavel Březina <pbrezina@redhat.com> - 2.3.0-1
+- Rebase to SSSD 2.3.0
+
+* Fri Feb 28 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-14
+- Resolves: rhbz#1800567 - sssd fail to build in Fedora rawhide
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-13
+- Resolves: upstream#4159 - p11_child should have an option to skip
+ C_WaitForSlotEvent if the PKCS#11 module does not
+ implement it properly
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-12
+- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
+ `sss_ptr_hash_delete_cb()`
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
+- Resolves: upstream#4118 - sssd requires timed sudoers ldap entries to be
+ specified up to the seconds
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-11
+- Add sssd-dbus package as a dependency of sssd-tools
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-10
+- Resolves: upstream#4142 - sssd_be frequent crash
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-9
+- Resolves: upstream#4131 Force LDAPS over 636 with AD Provider
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-8
+- Resolves: upstream#3630 - Randomize ldap_connection_expire_timeout either
+ by default or w/ a configure option
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-7
+- Resolves: upstream#4135 - util/sss_ptr_hash.c: potential double free in
+ `sss_ptr_hash_delete_cb()`
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-6
+- Resolves: upstream#4088 - server/be: SIGTERM handling is incorrect
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-5
+- Resolves: upstream##4089 Watchdog implementation or usage is incorrect
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-4
+- Resolves: upstream#4126 pcscd rejecting sssd ldap_child as unauthorized
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-3
+- Resolves: upstream#4127 - [Doc]Provide explanation on escape character for
+ match rules sss-certmap
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-2
+- Resolves: upstream#4129 - sssctl config-check command does not give proper
+ error messages with line numbers
+
+* Wed Feb 26 2020 Michal Židek <mzidek@redhat.com> - 2.2.3-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_3.htm
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jan 24 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.2.2-5
+- Fix build against samba-4.12.0rc1
+
+* Fri Jan 24 2020 Mohan Boddu <mboddu@bhujji.com> - 2.2.2-4
+- Rebuild for samba-4.12.0rc1
+
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-3
+- Resolves: rhbz#1755643 - Upgrade to sssd 2.2.2-1.fc30 breaks setting
+ up FreeIPA replica in containers
+
+* Tue Oct 22 2019 Adam Williamson <awilliam@redhat.com> - 2.2.2-2
+- Resolves: rhbz#1757224 - Tickets act like they're expiring prematurely
+ when using KCM cache
+
+* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html
+
+* Mon Aug 26 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-6
+- Rebuilding for libldb 2.0.5
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.2.0-5
+- Rebuilt for Python 3.8
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jul 5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-3
+- Resolves: rhbz#1721636 - sssd-kcm calls sssd-genconf which triggers
+ nscd warning
+
+* Fri Jul 5 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.2.0-2
+- Resolves: rhbz#1724717 - sssd-proxy crashes resolving groups with
+ no members
+
+* Mon Jun 17 2019 Michal Židek <mzidek@redhat.com> - 2.2.0-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_0.html
+
+* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-2
+- Resolves: upstream#3867 - [RFE] Need an option in SSSD so that it will skip
+ GPOs that have groupPolicyContainers unreadable
+ by SSSD.
+- CVE-2018-16838
+
+* Wed Mar 27 2019 Michal Židek <mzidek@redhat.com> - 2.1.0-1
+- Update to latest released upstream version
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_1_0.html
+
+* Wed Feb 13 2019 Sinny Kumari <skumari@redhat.com> - 2.0.0-9
+- Resolves: rhbz#1667444 - sssd: make python3-sssdconfig as suggest
+
+* Wed Feb 13 2019 Adam Williamson <awilliam@redhat.com> - 2.0.0-8
+- Resolves: rhbz#1676946 - startup fail with status NOTIMPLEMENTED
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Dec 12 2018 Adam Williamson <awilliam@redhat.com> - 2.0.0-6
+- Resolves: rhbz#1654537 - sbus: use 120 second default timeout
+- Backport two other patches from master to fix build with recent krb5
+
+* Wed Nov 07 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-5
+- Resolves: rhbz#1629737 - sssd: Remove python2 (sub)packages from Fedora 30+
+
+* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-4
+- Resolves: upstream#3821 - crash related to sbus_router_destructor()
+- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref
+- Resolves: upstream#3819 - sssd only sets the SELinux login context if it
+ differs from the default
+- Resolves: upstream#3807 - The sbus codegen script relies on "python" which
+ might not be available on all distributions
+- Resolves: upstream#3820 - sudo: search with lower cased name for case
+ insensitive domains
+- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from
+ an allow-any default to a deny-any default when it
+ can't find any GPOs to apply to a user login.
+- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort
+ startup
+- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11
+ also for local account authentication
+- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup
+- Resolves: upstream#3826 - Remove references of sss_user/group/add/del
+ commands in man pages since local provider is
+ deprecated
+- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not
+ started due to a misconfiguration
+- Resolves: upstream#3830 - Printing incorrect information about domain with
+ sssctl utility
+- Resolves: upstream#3489 - p11_child should work wit openssl1.0+
+- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary
+ changes in nsswitch.conf
+- Resovles: upstream#3650 - RFE: Require smartcard authentication
+- Resolves: upstream#3334 - sssctl config-check does not check any special
+ characters in domain name of domain section
+- Resolves: upstream#3849 - Files: The files provider always enumerates
+ which causes duplicate when running getent passwd
+- Related: upstream#3855 - session not recording for local user when groups
+ defined
+- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb
+- Related: upstream#3493 - Remove the pysss.local interface
+
+* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-3
+- Resolves: rhbz#1622760 - Console login as FreeIPA domain user fails in
+ current Fedora Rawhide / 29
+
+* Wed Aug 29 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-2
+- Fix linking issues
+
+* Tue Aug 14 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-1
+- New upstream release 2.0.0
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-5
+- Rebuilt for Python 3.7
+
+* Mon Jun 25 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-4
+- Related: upstream#941 - return multiple server addresses to the Kerberos
+ locator plugin
+- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
+- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
+ closes its end of the pipe before reading all the
+ SSH keys
+- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
+- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
+ stored in AD GC also for regular AD DC queries
+- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
+ able to consume an @-sign in the user/group name.
+- Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo
+ responder
+
+* Thu Jun 21 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-3
+- Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on
+ minimal appliance image, breaking composes
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.16.2-2
+- Rebuilt for Python 3.7
+
+* Mon Jun 11 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.2-1
+- New upstream release 1.16.2
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html
+
+* Thu May 24 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-9
+- Related: upstream#3742 - Change of: User may not run sudo --> a password is
+ required
+
+* Thu May 17 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-8
+- Revert 589d1a48 as the builders are back to f27
+
+* Wed May 16 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-7
+- Related: upstream#3436 - Certificates used in unit tests have limited
+ lifetime
+- Add: "ExcludeArch: armv7hl"
+
+* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-6
+- Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires
+
+* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-5
+- Related: upstream#3436 - Certificates used in unit tests have limited
+ lifetime
+- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
+ process is terminated with a signal
+- Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning
+ in case the ldap schema is manually changed to
+ something different than 'ad'.
+- Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is
+ set.
+- Resolves: upstream#3719 - The SSSD IPA provider allocates information about
+ external groups on a long lived memory context,
+ causing memory growth of the sssd_be process
+- Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a
+ first domain does not reach the second domain
+- Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove
+ entries from the hash table, do not free them
+- Resolves: upstream#3595 - ID override GID from Default Trust View is not
+ properly resolved in case domain resolution order
+ is set
+
+* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
+- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa
+
+* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3
+- Resolves: upstream#3684 - A group is not updated if its member is removed
+ with the cleanup task, but the group does not
+ change
+- Resolves: upstream#3558 - sudo: report error when two rules share cn
+- Tone down shutdown messages for socket activated responders
+- IPA: Qualify the externalUser sudo attribute
+- Resolves: upstream#3550 - refresh_expired_interval does not work with
+ netgrous in 1.15
+- Resolves: upstream#3402 - Support alternative sources for the files provider
+- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
+- Resolves: upstream#3679 - Make nss netgroup requests more robust
+- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not
+ configured
+- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
+ processing
+- Improve docs/debug message about GC detection
+- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
+ list out of bound?
+- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is
+ set.
+- Document which principal does the AD provider use
+- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is
+ defined, but contains no SIDs
+- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
+- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
+ Provider returned an error
+ [org.freedesktop.sssd.Error.DataProvider.Fatal]
+- Add gcc to build dependencies
+
+* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
+- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
+- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
+- Resolves: upstream#3658 - Application domain is not interpreted correctly
+- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to
+ json_loads()
+- Resolves: upstream#3386 - KCM: Payload buffer is too small
+- Resolves: upstream#3666 - Fix usage of str.decode() in our tests
+- A few KCM misc fixes
+
+* Fri Mar 9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
+- New upstream release 1.16.1
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
+
+* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13
+- Resolves: upstream#3621 - backport bug found by static analyzers
+
+* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12
+- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile
+ with no specific host/hostgroup set
+- Resolves: upstream#3621 - FleetCommander integration must not require
+ capability DAC_OVERRIDE
+
+* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11
+- Resolves: upstream#3618 - selinux_child segfaults in a docker container
+
+* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10
+- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
+
+* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9
+- Fix systemd executions/requirements
+
+* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8
+- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
+
+* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7
+- Fix building of sssd-nfs-idmap with libnfsidmap.so.1
+
+* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6
+- Rebuilt for libnfsidmap.so.1
+
+* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5
+- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
+ setnetgrent_result_timeout
+- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
+ or machine swaps
+- Resolves: failure in glibc tests
+ https://sourceware.org/bugzilla/show_bug.cgi?id=22530
+- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
+ auth_provider ldap, login fails if the LDAP server
+ is not allowing anonymous binds
+- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
+ corrected with AD
+- Resolves: upstream#3586 - Give a more detailed debug and system-log message
+ if krb5_init_context() failed
+- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
+ in /etc/systemd/system
+- Backport few upstream features from 1.16.1
+
+* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4
+- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
+
+* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3
+- Backport extended NSS API from upstream master branch
+
+* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2
+- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
+
+* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1
+- New upstream release 1.16.0
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
+
+* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5
+- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when
+ searching in local cache database access on
+ the sock_file system_bus_socket
+
+* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4
+- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write
+ access on the sock_file system_bus_socket
+- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
+ fails to download desktop profile data
+- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
+- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients
+ after applying ID Views for them in IPA server
+- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id
+ mapping is applied
+
+* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3
+- Backport few upstream patches/fixes
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1
+- New upstream release 1.15.3
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
+
+* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5
+- Rebuild with libldb-1.2.0
+
+* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4
+- Fix build issues: Update expided certificate in unit tests
+
+* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3
+- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
+- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
+ file from package sssd-common-1.15.1-1.fc25.x86_64
+- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
+
+* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2
+- Fix issue with IPA + SELinux in containers
+- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
+
+* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1
+- Backport upstream patches for 1.15.3 pre-release
+- required for building freeipa-4.5.x in rawhide
+
+* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1
+- New upstream release 1.15.2
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
+
+* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1
+- New upstream release 1.15.1
+- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
+
+* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4
+- Cherry-pick patches from upstream that enable the files provider
+- Enable the files domain
+- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch
+ which is superseded by the files domain autoconfiguration
+- Related: rhbz#1357418 - SSSD fast cache for local users
+
+* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3
+- Add missing %%license macro
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1
+- New upstream release 1.15.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
+
+* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3
+- Rebuild for Python 3.6
+
+* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2
+- Resolves: rhbz#1369130 - nss_sss should not link against libpthread
+- Resolves: rhbz#1392916 - sssd failes to start after update
+- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
+ on the directory /etc/sssd
+
+* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
+- New upstream release 1.14.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
+
+* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
+- libwbclient-sssd: update interface to version 0.13
+
+* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3
+- Fix regression with krb5_map_user
+- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
+- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
+ default if nonexistent domain is mentioned
+
+* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2
+- Backport important patches from upstream 1.14.2 prerelease
+- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
+ boot
+- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
+
+* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1
+- New upstream release 1.14.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
+
+* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5
+- Add workaround patch for RHBZ #1366403
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3
+- New upstream release 1.14.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
+
+* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta
+- New upstream release 1.14 beta
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
+
+* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha
+- New upstream release 1.14 alpha
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
+
+* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
+- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
+ sssd_ifp killed by SIGSEGV
+
+* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
+- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
+
+* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1
+- New upstream release 1.13.4
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
+
+* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6
+- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
+ prompts (e.g. Password + Token)
+- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
+ by remote host" if locale not available
+
+* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5
+- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
+ groups during getgrnam and getgrgid
+- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
+ in call to 'print'
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3
+- Additional upstream fixes
+
+* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2
+- Resolves: rhbz#1256849 - SUDO: Support the IPA schema
+
+* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1
+- New upstream release 1.13.3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
+
+* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1
+- New upstream release 1.13.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
+
+* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5
+- Rebuilt for Python3.5 rebuild
+
+* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4
+- Fix building pac responder with the krb5-1.14
+
+* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
+- python-sssdconfig: Fix parssing sssd.conf without config_file_version
+- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
+
+* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
+- Fix few segfaults
+- Resolves: upstream #2811 - PAM responder crashed if user was not set
+- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
+
+* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1
+- New upstream release 1.13.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
+
+* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6
+- Fix OTP bug
+- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
+ entered separately
+
+* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5
+- Backport upstream patches required by FreeIPA 4.2.1
+
+* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4
+- Fix ipa-migration bug
+- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
+ migration mode
+
+* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3
+- New upstream release 1.13.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
+
+* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha
+- Unify return type of list_active_domains for python{2,3}
+
+* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha
+- New upstream release 1.13 alpha
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3
+- Fix libwbclient alternatives
+
+* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2
+- Backport important patches from upstream 1.13 prerelease
+
+* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1
+- New upstream release 1.12.5
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
+
+* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8
+- Backport important patches from upstream 1.13 prerelease
+- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
+ attribute for group name
+- Resolves: upstream #2335 - Investigate using the krb5 responder
+ for driving the PAM conversation with OTPs
+- Enable cmocka tests for secondary architectures
+
+* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7
+- Backport patches from upstream 1.12.5 prerelease - contains many fixes
+
+* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6
+- Fix slow login with ipa and SELinux
+- Resolves: upstream #2624 - Only set the selinux context if the context
+ differs from the local one
+
+* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5
+- Fix regressions with ipa and SELinux
+- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
+ context on client is staff_u
+
+* Fri Mar 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4
+- Also relax libldb Requires
+- Remove --enable-ldb-version-check
+
+* Fri Mar 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3
+- Relax libldb BuildRequires to be greater-or-equal
+
+* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2
+- Add support for python3 bindings
+- Add requirement to python3 or python3 bindings
+- Resolves: rhbz#1014594 - sssd: Support Python 3
+
+* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
+- New upstream release 1.12.4
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
+
+* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
+- Backport patches with Python3 support from upstream
+
+* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6
+- Fix double free in monitor
+- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
+ sssd killed by SIGABRT
+
+* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5
+- Rebuild for new libldb
+
+* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
+- Decrease priority of sssd-libwbclient 20 -> 5
+- It should be lower than priority of samba veriosn of libwbclient.
+- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
+
+* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3
+- Apply a number of patches from upstream to fix issues found 1.12.3
+- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
+ interfaces, or isn't documented to be able to
+- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
+ not running
+- Resolves: upstream #2557 authentication failure with user from AD
+
+* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2
+- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
+- Resolves: rhbz#1179379 - gzip: stdin: file size changed while
+ zipping when rotating logfile
+
+* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1
+- New upstream release 1.12.3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
+- Fix spelling errors in description (fedpkg lint)
+
+* Tue Jan 6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8
+- Rebuild for libldb 1.1.19
+
+* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7
+- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
+ crash in wbinfo
+ - in addition to the patch libwbclient.so is
+ filtered out of the Provides list of the package
+
+* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6
+- Fix regressions and bugs in sssd upstream 1.12.2
+- https://fedorahosted.org/sssd/ticket/{id}
+- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
+- Bugs: #2287, #2445
+
+* Sun Dec 7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5
+- Rebuild for libldb 1.1.18
+
+* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4
+- Fix typo in libwbclient-devel %%preun
+
+* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3
+- Use alternatives for libwbclient
+
+* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2
+- Backport several patches from upstream.
+- Fix a potential crash against old (pre-4.0) IPA servers
+
+* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1
+- New upstream release 1.12.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
+
+* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2
+- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user
+ private group from server
+
+* Mon Sep 8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1
+- New upstream release 1.12.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
+
+* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7
+- Do not crash on resolving a group SID in IPA server mode
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5
+- Fix release version for upgrades
+
+* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1
+- New upstream release 1.12.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2
+- New upstream release 1.12 beta2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
+
+* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1
+- Fix tests on big-endian
+- Fix previous changelog entry
+
+* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1
+- New upstream release 1.12 beta1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
+
+* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4
+- Rebuild against new ding-libs
+
+* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3
+- Make LDB dependency a strict equivalency
+
+* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2
+- Rebuild against new libldb
+
+* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
+- New upstream release 1.11.5.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
+
+* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2
+- Fix bug in generation of systemd unit file
+
+* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
+- New upstream release 1.11.5
+- Remove upstreamed patch
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
+
+* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
+- Handle new error code for IPA password migration
+
+* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
+- Include couple of patches from upstream 1.11 branch
+
+* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
+- New upstream release 1.11.4
+- Remove upstreamed patch
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
+
+* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
+- Handle OTP response from FreeIPA server gracefully
+
+* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
+- New upstream release 1.11.3
+- Remove upstreamed patches
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
+
+* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
+- New upstream release 1.11.2
+- Remove upstreamed patches
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
+
+* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5
+- Fix potential crash with external groups in trusted IPA-AD setup
+
+* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
+- Add plugin for cifs-utils
+- Resolves: rhbz#998544
+
+* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
+- Fix failover from Global Catalog to LDAP in case GC is not available
+
+* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
+- Remove the ability to create public ccachedir (#1015089)
+
+* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
+- New upstream release 1.11.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
+
+* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
+- Fix multicast checks in the SSSD
+- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
+ code getting the host info
+
+* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
+- Backport simplification of ccache management from 1.11.1
+- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
+
+* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
+- New upstream release 1.11.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
+
+* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2
+- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
+ Process /usr/libexec/sssd/sssd_nss was killed by
+ signal 11 (SIGSEGV)
+- Resolves: #996214 - sssd proxy_child segfault
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2
+- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and
+ pam libraries
+
+* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2
+- New upstream release 1.11 beta 2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
+
+* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
+- New upstream release 1.10.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
+
+* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
+- sssd-tools should require sssd-common, not sssd
+
+* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
+- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
+- Trim out RHEL5-specific macros since we don't build on RHEL 5
+- Trim out macros for Fedora older than F18
+- Update libldb requirement to 1.1.16
+- Trim RPM changelog down to the last year
+
+* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
+- Move sssd_pac to the sssd-krb5 subpackage
+
+* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
+- Fix Obsoletes: to account for dist tag
+- Convert post and pre scripts to run on the sssd-common subpackage
+- Remove old conversion from SYSV
+
+* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
+- New upstream release 1.10
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
+
+* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
+- the cmocka toolkit exists only on selected arches
+
+* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
+- Apply a number of patches from upstream to fix issues found post-beta,
+ in particular:
+ -- segfault with a high DEBUG level
+ -- Fix IPA password migration (upstream #1873)
+ -- Fix fail over when retrying SRV resolution (upstream #1886)
+
+* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
+- Only BuildRequire libcmocka on Fedora
+
+* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
+- Fix typo in Requires that prevented an upgrade (#973916)
+- Use a hardcoded version in Conflicts, not less-than-current
+
+* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1
+- Enable hardened build for RHEL7
+
+* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
+- New upstream release 1.10 beta2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
+- BuildRequire libcmocka-devel in order to run all upstream tests during build
+- BuildRequire libnl3 instead of libnl1
+- No longer BuildRequire initscripts, we no longer use /sbin/service
+- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
+ older krb5-libs version
+
+* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
+- Apply a couple of patches from upstream git that resolve crashes when
+ ID mapping object was not initialized properly but needed later
+
+* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
+- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
+ realm join
+- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
+ default for AD Provider
+- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
+ parent directory when logging in
+
+* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
+- BuildRequire recent libini_config to ensure consistent behaviour
+
+* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
+- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
+ in ding-libs
+- Fix SSH integration with fully-qualified domains
+- Add the ability to dynamically discover the NetBIOS name
+
+* Fri May 3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
+- New upstream release 1.10 beta1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
+
+* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
+- Add a patch to fix krb5 ccache creation issue with krb5 1.11
+
+* Tue Apr 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
+- New upstream release 1.10 alpha1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
+
+* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10
+- Add a patch to fix krb5 unit tests
+
+* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
+- Split internal helper libraries into a shared object
+- Significantly reduce disk-space usage
+
+* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8
+- Fix the Kerberos password expiration warning (#912223)
+
+* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
+- Do not write out dots in the domain-realm mapping file (#905650)
+
+* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
+- Include upstream patch to build with krb5-1.11
+
+* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5
+- Rebuild against new libldb
+
+* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4
+- Fix build with new automake versions
+
+* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3
+- Recreate Kerberos ccache directory if it's missing
+- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
+ directory /run/user/UID/ccdir does not exist
+
+* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2
+- Fix changelog dates to make F19 rpmbuild happy
+
+* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1
+- New upstream release 1.9.4
+
+* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1
+- New upstream release 1.9.3
+
+* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5
+- Resolve groups from AD correctly
+
+* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4
+- Check the validity of naming context
+
+* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3
+- Move the sss_cache tool to the main package
+
+* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2
+- Include the 1.9.2 tarball
+
+* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
+- New upstream release 1.9.2
+
+* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
+- New upstream release 1.9.1
+
+* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
+- require the latest libldb
+
+* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
+- Use mcpath insted of mcachepath macro to be consistent with
+ upsteam spec file
+
+* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23
+- New upstream release 1.9.0
+
+* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1
+- New upstream release 1.9.0 rc1
+
+* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7
+- New upstream release 1.9.0 beta7
+- obsoletes patches #1-#3
+
+* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6
+- Rebuild against libldb 1.12
+
+* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6
+- Rebuild against libldb 1.11
+
+* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6
+- Change the default ccache location to DIR:/run/user/${UID}/krb5cc
+ and patch man page accordingly
+- Resolves: rhbz#851304
+
+* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6
+- Rebuild against libldb 1.10
+
+* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6
+- Only create the SELinux login file if there are SELinux mappings on
+ the IPA server
+
+* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6
+- Don't discard HBAC rule processing result if SELinux is on
+ Resolves: rhbz#846792 (CVE-2012-3462)
+
+* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6
+- New upstream release 1.9.0 beta 6
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6
+- A new option, override_shell was added. If this option is set, all users
+ managed by SSSD will have their shell set to its value.
+- Fixes for the support for setting default SELinux user context from FreeIPA.
+- Fixed a regression introduced in beta 5 that broke LDAP SASL binds
+- The SSSD supports the concept of a Primary Server and a Back Up Server in
+ failover
+- A new command-line tool sss_seed is available to help prime the cache with
+ a user record when deploying a new machine
+- SSSD is now able to discover and save the domain-realm mappings
+ between an IPA server and a trusted Active Directory server.
+- Packaging changes to fix ldconfig usage in subpackages (#843995)
+- Rebuild against libldb 1.1.9
+
+* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5
+- New upstream release 1.9.0 beta 5
+- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5
+- Many fixes for the support for setting default SELinux user context from
+ FreeIPA, most notably fixed the specificity evaluation
+- Fixed an incorrect default in the krb5_canonicalize option of the AD
+ provider which was preventing password change operation
+- The shadowLastChange attribute value is now correctly updated with the
+ number of days since the Epoch, not seconds
+
+* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4
+- Fix broken ARM build
+- Add missing DP_OPTION_TERMINATOR in AD provider options
+
+* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4
+- Own several directories create during make install (#839782)
+
+* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4
+- New upstream release 1.9.0 beta 4
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4
+- Add a new AD provider to improve integration with Active Directory 2008 R2
+ or later servers
+- SUDO integration was completely rewritten. The new implementation works
+ with multiple domains and uses an improved refresh mechanism to download
+ only the necessary rules
+- The IPA authentication provider now supports subdomains
+- Fixed regression for setups that were setting default_tkt_enctypes
+ manually by reverting a previous workaround.
+
+* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3
+- New upstream release 1.9.0 beta 3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
+- Add a new PAC responder for dealing with cross-realm Kerberos trusts
+- Terminate idle connections to the NSS and PAM responders
+
+* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2
+- Switch unicode library from libunistring to Glib
+- Drop unnecessary explicit Requires on keyutils
+- Guarantee that versioned Requires include the correct architecture
+
+* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2
+- Fix accidental disabling of the DIR cache support
+
+* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2
+- New upstream release 1.9.0 beta 2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
+- Add support for the Kerberos DIR cache for storing multiple TGTs
+ automatically
+- Major performance enhancement when storing large groups in the cache
+- Major performance enhancement when performing initgroups() against Active
+ Directory
+- SSSDConfig data file default locations can now be set during configure for
+ easier packaging
+
+* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1
+- Fix regression in endianness patch
+
+* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1
+- Rebuild SSSD against ding-libs 0.3.0beta1
+- Fix endianness bug in service map protocol
+
+* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
+- Fix several regressions since 1.5.x
+- Ensure that the RPM creates the /var/lib/sss/mc directory
+- Add support for Netscape password warning expiration control
+- Rebuild against libldb 1.1.6
+
+* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
+- New upstream release 1.9.0 beta 1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
+- Add native support for autofs to the IPA provider
+- Support for ID-mapping when connecting to Active Directory
+- Support for handling very large (> 1500 users) groups in Active Directory
+- Support for sub-domains (will be used for dealing with trust relationships)
+- Add a new fast in-memory cache to speed up lookups of cached data on
+ repeated requests
+
+* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
+- New upstream release 1.8.3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
+- Numerous manpage and translation updates
+- LDAP: Handle situations where the RootDSE isn't available anonymously
+- LDAP: Fix regression for users using non-standard LDAP attributes for user
+ information
+
+* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10
+- New upstream release 1.8.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
+- Several fixes to case-insensitive domain functions
+- Fix for GSSAPI binds when the keytab contains unrelated principals
+- Fixed several segfaults
+- Workarounds added for LDAP servers with unreadable RootDSE
+- SSH knownhostproxy will no longer enter an infinite loop preventing login
+- The provided SYSV init script now starts SSSD earlier at startup and stops
+ it later during shutdown
+- Assorted minor fixes for issues discovered by static analysis tools
+
+* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9
+- Don't duplicate libsss_autofs.so in two packages
+- Set explicit package contents instead of globbing
+
+* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8
+- Fix uninitialized value bug causing crashes throughout the code
+- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
+
+* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7
+- New upstream release 1.8.1
+- Resolve issue where we could enter an infinite loop trying to connect to an
+ auth server
+- Fix serious issue with complex (3+ levels) nested groups
+- Fix netgroup support for case-insensitivity and aliases
+- Fix serious issue with lookup bundling resulting in requests never
+ completing
+- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
+ in addition to pam_authenticate
+- Fix several regressions in the proxy provider
+- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
+ against AD
+- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
+
+* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6
+- New upstream release 1.8.0
+- Support for the service map in NSS
+- Support for setting default SELinux user context from FreeIPA
+- Support for retrieving SSH user and host keys from LDAP (Experimental)
+- Support for caching autofs LDAP requests (Experimental)
+- Support for caching SUDO rules (Experimental)
+- Include the IPA AutoFS provider
+- Fixed several memory-corruption bugs
+- Fixed a regression in group enumeration since 1.7.0
+- Fixed a regression in the proxy provider
+- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
+- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
+ logged at each login
+- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
+ /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
+- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
+ against AD
+- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
+ new LDAP features
+- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
+
+* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3
+- Change default kerberos credential cache location to /run/user/<username>
+
+* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3
+- New upstream release 1.8.0 beta 3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
+- Fixed a regression in group enumeration since 1.7.0
+- Fixed several memory-corruption bugs
+- Finalized the ABI for the autofs support
+- Fixed a regression in the proxy provider
+
+* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2
+- Rebuild against PCRE 8.30
+
+* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2
+- New upstream release
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
+- Fix two minor manpage bugs
+- Include the IPA AutoFS provider
+
+* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1
+- New upstream release
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
+- Support for the service map in NSS
+- Support for setting default SELinux user context from FreeIPA
+- Support for retrieving SSH user and host keys from LDAP (Experimental)
+- Support for caching autofs LDAP requests (Experimental)
+- Support for caching SUDO rules (Experimental)
+
+* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
+- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
+ new LDAP features - fix netgroups and sudo as well
+
+* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
+- Fixes a serious memory hierarchy bug causing unpredictable behavior in the
+ LDAP provider.
+
+* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3
+- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
+ new LDAP features
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1
+- New upstream release 1.7.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
+- Support for case-insensitive domains
+- Support for multiple search bases in the LDAP provider
+- Support for the native FreeIPA netgroup implementation
+- Reliability improvements to the process monitor
+- New DEBUG facility with more consistent log levels
+- New tool to change debug log levels without restarting SSSD
+- SSSD will now disconnect from LDAP server when idle
+- FreeIPA HBAC rules can choose to ignore srchost options for significant
+ performance gains
+- Assorted performance improvements in the LDAP provider
+
+* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
+- New upstream release 1.6.4
+- Rolls up previous patches applied to the 1.6.3 tarball
+- Fixes a rare issue causing crashes in the failover logic
+- Fixes an issue where SSSD would return the wrong PAM error code for users
+ that it does not recognize.
+
+* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
+- Rebuild against libldb 1.1.4
+
+* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4
+- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
+ username in getpwnam()
+- Resolves: rhbz#758425 - LDAP failover not working if server refuses
+ connections
+
+* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3
+- Rebuild for libldb 1.1.3
+
+* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2
+- Resolves: rhbz#752495 - Crash when apply settings
+
+* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1
+- New upstream release 1.6.3
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
+- Fixes a major cache performance issue introduced in 1.6.2
+- Fixes a potential infinite-loop with certain LDAP layouts
+
+* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5
+- Rebuilt for glibc bug#747377
+
+* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4
+- Change selinux policy requirement to Conflicts: with the old version,
+ rather than Requires: the supported version.
+
+* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3
+- Add explicit requirement on selinux-policy version to address new SBUS
+ symlinks.
+
+* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2
+- Remove %%files reference to sss_debuglevel copied from wrong upstreeam
+ spec file.
+
+* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
+- Improved handling of users and groups with multi-valued name attributes
+ (aliases)
+- Performance enhancements
+ Initgroups on RFC2307bis/FreeIPA
+ HBAC rule processing
+- Improved process-hang detection and restarting
+- Enabled the midpoint cache refresh by default (fewer cache misses on
+ commonly-used entries)
+- Cleaned up the example configuration
+- New tool to change debug level on the fly
+
+* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
+- New upstream release 1.6.1
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
+- Fixes a serious issue with LDAP connections when the communication is
+ dropped (e.g. VPN disconnection, waking from sleep)
+- SSSD is now less strict when dealing with users/groups with multiple names
+ when a definitive primary name cannot be determined
+- The LDAP provider will no longer attempt to canonicalize by default when
+ using SASL. An option to re-enable this has been provided.
+- Fixes for non-standard LDAP attribute names (e.g. those used by Active
+ Directory)
+- Three HBAC regressions have been fixed.
+- Fix for an infinite loop in the deref code
+
+* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2
+- Build with _hardened_build macro
+
+* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1
+- New upstream release 1.6.0
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
+- Add host access control support for LDAP (similar to pam_host_attr)
+- Finer-grained control on principals used with Kerberos (such as for FAST or
+- validation)
+- Added a new tool sss_cache to allow selective expiring of cached entries
+- Added support for LDAP DEREF and ASQ controls
+- Added access control features for Novell Directory Server
+- FreeIPA dynamic DNS update now checks first to see if an update is needed
+- Complete rewrite of the HBAC library
+- New libraries: libipa_hbac and libipa_hbac-python
+
+* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
+- New upstream release 1.5.11
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
+- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
+- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
+- address being saved to the AAAA record
+
+* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
+- New upstream release 1.5.10
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
+- Fixed a regression introduced in 1.5.9 that could result in blocking calls
+- to LDAP
+
+* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
+- New upstream release 1.5.9
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
+- Support for overriding home directory, shell and primary GID locally
+- Properly honor TTL values from SRV record lookups
+- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
+- servers)
+- Properly escape IPv6 addresses in the failover code
+- Do not crash if inotify fails (e.g. resource exhaustion)
+- Don't add multiple TGT renewal callbacks (too many log messages)
+
+* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
+- New upstream release 1.5.8
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
+- Support for the LDAP paging control
+- Support for multiple DNS servers for name resolution
+- Fixes for several group membership bugs
+- Fixes for rare crash bugs
+
+* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3
+- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
+- Make sure to properly convert to systemd if upgrading from newer
+- updates for Fedora 14
+
+* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
+- Fix segfault in TGT renewal
+
+* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
+- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
+- cached password with predicatable filename
+
+* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
+- Re-add manpage translations
+
+* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
+- New upstream release 1.5.6
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
+- Fixed a serious memory leak in the memberOf plugin
+- Fixed a regression with the negative cache that caused it to be essentially
+- nonfunctional
+- Fixed an issue where the user's full name would sometimes be removed from
+- the cache
+- Fixed an issue with password changes in the kerberos provider not working
+- with kpasswd
+
+* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
+- Resolves: rhbz#697057 - kpasswd fails when using sssd and
+- kadmin server != kdc server
+- Upgrades from SysV should now maintain enabled/disabled status
+
+* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4
+- Fix %%postun
+
+* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
+- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
+- enabling the systemd service.
+- Fix a serious memory leak in the memberOf plugin
+- Fix an issue where the user's full name would sometimes be removed
+- from the cache
+
+* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
+- Install systemd unit file instead of sysv init script
+
+* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
+- New upstream release 1.5.5
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
+- Fixes for several crash bugs
+- LDAP group lookups will no longer abort if there is a zero-length member
+- attribute
+- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
+
+* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
+- New upstream release 1.5.4
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
+- Fixes for Active Directory when not all users and groups have POSIX attributes
+- Fixes for handling users and groups that have name aliases (aliases are ignored)
+- Fix group memberships after initgroups in the IPA provider
+
+* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
+- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
+
+* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1
+- New upstream release 1.5.3
+- Support for libldb >= 1.0.0
+
+* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1
+- New upstream release 1.5.2
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
+- Fixes for support of FreeIPA v2
+- Fixes for failover if DNS entries change
+- Improved sss_obfuscate tool with better interactive mode
+- Fix several crash bugs
+- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
+- Delete users from the local cache if initgroups calls return 'no such user'
+- (previously only worked for getpwnam/getpwuid)
+- Use new Transifex.net translations
+- Better support for automatic TGT renewal (now survives restart)
+- Netgroup fixes
+
+* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
+- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
+- Related: rhbz#677425
+
+* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
+- Resolves: rhbz#677768 - name service caches names, so id command shows
+- recently deleted users
+
+* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
+- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
+- Remove .la for memberOf
+
+* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
+- Fix memberOf install path
+
+* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
+- Add support for libldb 1.0.0
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
+- Fix nested group member filter sanitization for RFC2307bis
+- Put translated tool manpages into the sssd-tools subpackage
+
+* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
+- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
+- rpmbuild
+
+* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
+- New upstream release 1.5.1
+- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
+- Vast performance improvements when enumerate = true
+- All PAM actions will now perform a forced initgroups lookup instead of just
+- a user information lookup
+- This guarantees that all group information is available to other
+- providers, such as the simple provider.
+- For backwards-compatibility, DNS lookups will also fall back to trying the
+- SSSD domain name as a DNS discovery domain.
+- Support for more password expiration policies in LDAP
+- 389 Directory Server
+- FreeIPA
+- ActiveDirectory
+- Support for ldap_tls_{cert,key,cipher_suite} config options
+-Assorted bugfixes
+
+* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
+- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
+
+* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
+- New upstream release 1.5.0
+- Fixed issues with LDAP search filters that needed to be escaped
+- Add Kerberos FAST support on platforms that support it
+- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
+- Added a Kerberos access provider to honor .k5login
+- Addressed several thread-safety issues in the sss_client code
+- Improved support for delayed online Kerberos auth
+- Significantly reduced time between connecting to the network/VPN and
+- acquiring a TGT
+- Added feature for automatic Kerberos ticket renewal
+- Provides the kerberos ticket for long-lived processes or cron jobs
+- even when the user logs out
+- Added several new features to the LDAP access provider
+- Support for 'shadow' access control
+- Support for authorizedService access control
+- Ability to mix-and-match LDAP access control features
+- Added an option for a separate password-change LDAP server for those
+- platforms where LDAP referrals are not supported
+- Added support for manpage translations
+
+
+* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
+- Solve a shutdown race-condition that sometimes left processes running
+- Resolves: rhbz#606887 - SSSD stops on upgrade
+
+* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2
+- Log startup errors to the syslog
+- Allow cache cleanup to be disabled in sssd.conf
+
+* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1
+- New upstream release 1.4.1
+- Add support for netgroups to the proxy provider
+- Fixes a minor bug with UIDs/GIDs >= 2^31
+- Fixes a segfault in the kerberos provider
+- Fixes a segfault in the NSS responder if a data provider crashes
+- Correctly use sdap_netgroup_search_base
+
+* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2
+- Fix incorrect tarball URL
+
+* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1
+- New upstream release 1.4.0
+- Added support for netgroups to the LDAP provider
+- Performance improvements made to group processing of RFC2307 LDAP servers
+- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
+- Build-system improvements to support Gentoo
+- Split out several libraries into the ding-libs tarball
+- Manpage reviewed and updated
+
+* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35
+- Fix pre and post script requirements
+
+* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34
+- Resolves: rhbz#606887 - sssd stops on upgrade
+
+* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33
+- Resolves: rhbz#626205 - Unable to unlock screen
+
+* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32
+- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
+- doesn't require it
+
+* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31
+- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
+
+* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
+- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
+- against LDAP
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20
+- New upstream version 1.2.91 (1.3.0rc1)
+- Improved LDAP failover
+- Synchronous sysdb API (provides performance enhancements)
+- Better online reconnection detection
+
+* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
+- New stable upstream version 1.2.1
+- Resolves: rhbz#595529 - spec file should eschew %%define in favor of
+- %%global
+- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
+- to fail while restart.
+- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
+- keyring
+- Resolves: rhbz#599724 - sssd is broken on Rawhide
+
+* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
+- New stable upstream version 1.2.0
+- Support ServiceGroups for FreeIPA v2 HBAC rules
+- Fix long-standing issue with auth_provider = proxy
+- Better logging for TLS issues in LDAP
+
+* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
+- New LDAP access provider allows for filtering user access by LDAP attribute
+- Reduced default timeout for detecting offline status with LDAP
+- GSSAPI ticket lifetime made configurable
+- Better offline->online transition support in Kerberos
+
+* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
+- Release new upstream version 1.1.91
+- Enhancements when using SSSD with FreeIPA v2
+- Support for deferred kinit
+- Support for DNS SRV records for failover
+
+* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
+- Bump up release number to avoid library sub-packages version issues with
+ previous releases.
+
+* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
+- New upstream release 1.1.1
+- Fixed the IPA provider (which was segfaulting at start)
+- Fixed a bug in the SSSDConfig API causing some options to revert to
+- their defaults
+- This impacted the Authconfig UI
+- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
+
+* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
+- Release SSSD 1.1.0 final
+- Fix two potential segfaults
+- Fix memory leak in monitor
+- Better error message for unusable confdb
+
+* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
+- Release candidate for SSSD 1.1
+- Add simple access provider
+- Create subpackages for libcollection, libini_config, libdhash and librefarray
+- Support IPv6
+- Support LDAP referrals
+- Fix cache issues
+- Better feedback from PAM when offline
+
+* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
+- Rebuild against new libtevent
+
+* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
+- Fix licenses in sources and on RPMs
+
+* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
+- Fix regression on 64-bit platforms
+
+* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
+- Fixes link error on platforms that do not do implicit linking
+- Fixes double-free segfault in PAM
+- Fixes double-free error in async resolver
+- Fixes support for TCP-based DNS lookups in async resolver
+- Fixes memory alignment issues on ARM processors
+- Manpage fixes
+
+* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
+- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
+- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
+- Several segfault bugfixes
+
+* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
+- Fix CVE-2010-0014
+
+* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
+- Patch SSSDConfig API to address
+- https://bugzilla.redhat.com/show_bug.cgi?id=549482
+
+* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
+- New upstream stable release 1.0.0
+
+* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
+- New upstream bugfix release 0.99.1
+
+* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
+- New upstream release 0.99.0
+
+* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
+- Fix segfault in sssd_pam when cache_credentials was enabled
+- Update the sample configuration
+- Fix upgrade issues caused by data provider service removal
+
+* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
+- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
+
+* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
+- New upstream release 0.7.0
+
+* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
+- Fix missing file permissions for sssd-clients
+
+* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
+- Add SSSDConfig API
+- Update polish translation for 0.6.0
+- Fix long timeout on ldap operation
+- Make dp requests more robust
+
+* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
+- Ensure that the configuration upgrade script always writes the config
+ file with 0600 permissions
+- Eliminate an infinite loop in group enumerations
+
+* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
+- New upstream release 0.6.0
+
+* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
+- New upstream release 0.5.0
+
+* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
+- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
+ without a password. (Patch by Stephen Gallagher)
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
+- Fix a couple of segfaults that may happen on reload
+
+* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
+- add missing configure check that broke stopping the daemon
+- also fix default config to add a missing required option
+
+* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
+- latest upstream release.
+- also add a patch that fixes debugging output (potential segfault)
+
+* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
+- release out of the official 0.3.2 tarball
+
+* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
+- bugfix release 0.3.2
+- includes previous release patches
+- change permissions of the /etc/sssd/sssd.conf to 0600
+
+* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
+- Add last minute bug fixes, found in testing the package
+
+* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
+- Version 0.3.1
+- includes previous release patches
+
+* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
+- Try to fix build adding automake as an explicit BuildRequire
+- Add also a couple of last minute patches from upstream
+
+* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
+- Version 0.3.0
+- Provides file based configuration and lots of improvements
+
+* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
+- Version 0.2.1
+
+* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
+- Version 0.2.0
+
+* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
+- package git snapshot
+
+* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
+- fixed items found during review
+- added initscript
+
+* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
+- added sss_client
+
+* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
+- Small cleanup and fixes in the spec file
+
+* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
+- Initial release (based on version 0.1.0 upstream code)