mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
afa0f5d187
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/freeipa/master/ Translation: freeipa/master Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
23377 lines
539 KiB
Plaintext
23377 lines
539 KiB
Plaintext
# Abhijeet Kasurde <akasurde@redhat.com>, 2015. #zanata
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: freeipa 4.9.0.dev201908140712+gitc9938e3d8\n"
|
|
"Report-Msgid-Bugs-To: https://pagure.io/freeipa/new_issue\n"
|
|
"POT-Creation-Date: 2020-08-20 13:01+0300\n"
|
|
"PO-Revision-Date: 2019-11-11 10:25+0000\n"
|
|
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
|
|
"Language-Team: Marathi\n"
|
|
"Language: mr\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
|
|
"X-Generator: Zanata 4.6.2\n"
|
|
|
|
#, c-format
|
|
msgid "Out of memory!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "No permission to join this host to the IPA domain.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "No write permissions on keytab file '%s'\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "access() on %1$s failed: errno = %2$d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Out of memory!"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to enable SSL in LDAP\n"
|
|
msgstr ""
|
|
|
|
msgid "SASL Bind failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Search for %1$s on rootdse failed with error %2$d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "No values for %s"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Search for IPA namingContext failed with error %d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "IPA namingContext not found\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to determine root DN of %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Enrollment failed. %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "principal not found in XML-RPC response\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Host is already joined.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "curl_slist_append() failed for value: '%s'\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "curl_easy_setopt() failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Expanding buffer in jsonrpc_handle_response failed"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "curl_global_init() failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "curl_easy_init() failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "json_dumps() failed\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy, c-format
|
|
#| msgid "Invalid JSON-RPC request: %(error)s"
|
|
msgid ""
|
|
"JSON-RPC request:\n"
|
|
"%s\n"
|
|
msgstr "अवैध JSON-RPC विनंती : %(error)s"
|
|
|
|
#, c-format
|
|
msgid "JSON-RPC call failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "JSON-RPC call failed with status code: %li\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "JSON-RPC call was unauthorized. Check your credentials.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid ""
|
|
"JSON-RPC response:\n"
|
|
"%s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Extracting the error from the JSON-RPC response failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Parsing JSON-RPC response failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Parsing JSON-RPC response failed: no 'result' value found.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Extracting the data from the JSON-RPC response failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "json_pack_ex() failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unenrollment successful.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unenrollment failed.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "result not found in XML-RPC response\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to determine IPA server from %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "The hostname must be fully-qualified: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "The hostname must not be: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to join host: Kerberos context initialization failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to join host: Kerberos Credential Cache not found\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid ""
|
|
"Unable to join host: Kerberos User Principal not found and host password not "
|
|
"provided.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "fork() failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "ipa-getkeytab not found\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "ipa-getkeytab has bad permissions?\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "executing ipa-getkeytab failed, errno %d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "child exited with %d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Error resolving keytab: %s.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Error getting default Kerberos realm: %s.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Error parsing \"%1$s\": %2$s.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Error obtaining initial credentials: %s.\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy, c-format
|
|
#| msgid "did not receive Kerberos credentials"
|
|
msgid "Unable to generate Kerberos Credential Cache\n"
|
|
msgstr "Kerberos credentials प्राप्त झाले नाहीत"
|
|
|
|
#, c-format
|
|
msgid "Error storing creds in credential cache: %s.\n"
|
|
msgstr ""
|
|
|
|
msgid "Print the raw XML-RPC output in GSSAPI mode"
|
|
msgstr ""
|
|
|
|
msgid "Quiet mode. Only errors are displayed."
|
|
msgstr ""
|
|
|
|
msgid "Unenroll this host from IPA server"
|
|
msgstr ""
|
|
|
|
msgid "Hostname of this server"
|
|
msgstr ""
|
|
|
|
msgid "hostname"
|
|
msgstr ""
|
|
|
|
msgid "IPA Server to use"
|
|
msgstr ""
|
|
|
|
msgid "Specifies where to store keytab information."
|
|
msgstr ""
|
|
|
|
msgid "filename"
|
|
msgstr ""
|
|
|
|
msgid "Force the host join. Rejoin even if already joined."
|
|
msgstr ""
|
|
|
|
msgid "LDAP password (if not using Kerberos)"
|
|
msgstr ""
|
|
|
|
msgid "password"
|
|
msgstr ""
|
|
|
|
msgid "LDAP basedn"
|
|
msgstr ""
|
|
|
|
msgid "basedn"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "cannot open configuration file %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "cannot stat() configuration file %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "out of memory\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "read error\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to parse principal name\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "krb5_parse_name %1$d: %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Removing principal %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to open keytab\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "principal not found\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "krb5_kt_get_entry %1$d: %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to remove entry\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "kvno %d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "krb5_kt_remove_entry %1$d: %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to parse principal\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "krb5_unparse_name %1$d: %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "realm not found\n"
|
|
msgstr ""
|
|
|
|
msgid "Print debugging information"
|
|
msgstr ""
|
|
|
|
msgid "Debugging output"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Service Principal Name"
|
|
msgstr ""
|
|
|
|
msgid "The keytab file to remove the principcal(s) from"
|
|
msgstr ""
|
|
|
|
msgid "Keytab File Name"
|
|
msgstr ""
|
|
|
|
msgid "Remove all principals in this realm"
|
|
msgstr ""
|
|
|
|
msgid "Realm name"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Kerberos context initialization failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to open keytab '%1$s': %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Closing keytab failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "krb5_kt_close %1$d: %2$s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Kerberos context initialization failed: %1$s (%2$d)\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to parse principal: %1$s (%2$d)\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "No keys accepted by KDC\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Out of memory \n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to initialize ldap library!\n"
|
|
msgstr ""
|
|
|
|
msgid "Simple bind failed\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Operation failed: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to get result: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Timeout exceeded."
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to parse extended result: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to parse result: %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Missing reply control list!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Missing reply control!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Out of Memory!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to create control!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to bind to server!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to get keytab!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "ber_init() failed, Invalid control ?!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "ber_scanf() failed, unable to find kvno ?!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to retrieve encryption type type #%d\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to retrieve encryption type %1$s (#%2$d)\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to retrieve any keys"
|
|
msgstr ""
|
|
|
|
msgid "Failed to decode control reply!\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy, c-format
|
|
#| msgid "Passwords do not match!"
|
|
msgid "Passwords do not match!\n"
|
|
msgstr "पासवर्ड जुळत नाही!"
|
|
|
|
#, c-format
|
|
msgid "Failed to open config file %s\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to parse config file %s\n"
|
|
msgstr ""
|
|
|
|
msgid "Failed to resolve symlink to keytab.\n"
|
|
msgstr ""
|
|
|
|
msgid "keytab is a dangling symlink and owned by another user.\n"
|
|
msgstr ""
|
|
|
|
msgid "Print as little as possible"
|
|
msgstr ""
|
|
|
|
msgid "Output only on errors"
|
|
msgstr ""
|
|
|
|
msgid "Contact this specific KDC Server"
|
|
msgstr ""
|
|
|
|
msgid "Server Name"
|
|
msgstr ""
|
|
|
|
msgid "The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The keytab file to append the new key to (will be created if it does not "
|
|
"exist)."
|
|
msgstr ""
|
|
|
|
msgid "Encryption types to request"
|
|
msgstr ""
|
|
|
|
msgid "Comma separated encryption types list"
|
|
msgstr ""
|
|
|
|
msgid "Show the list of permitted encryption types and exit"
|
|
msgstr ""
|
|
|
|
msgid "Permitted Encryption Types"
|
|
msgstr ""
|
|
|
|
msgid "Asks for a non-random password to use for the principal"
|
|
msgstr ""
|
|
|
|
msgid "LDAP DN"
|
|
msgstr ""
|
|
|
|
msgid "DN to bind as if not using kerberos"
|
|
msgstr ""
|
|
|
|
msgid "LDAP password"
|
|
msgstr ""
|
|
|
|
msgid "password to use if not using kerberos"
|
|
msgstr ""
|
|
|
|
msgid "Prompt for LDAP password"
|
|
msgstr ""
|
|
|
|
msgid "Path to the IPA CA certificate"
|
|
msgstr ""
|
|
|
|
msgid "IPA CA certificate"
|
|
msgstr ""
|
|
|
|
msgid "LDAP uri to connect to. Mutually exclusive with --server"
|
|
msgstr ""
|
|
|
|
msgid "url"
|
|
msgstr ""
|
|
|
|
msgid "LDAP SASL bind mechanism if no bindd/bindpw"
|
|
msgstr ""
|
|
|
|
msgid "GSSAPI|EXTERNAL"
|
|
msgstr ""
|
|
|
|
msgid "Retrieve current keys without changing them"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "No system preferred enctypes ?!\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Supported encryption types:\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Warning: failed to convert type (#%d)\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Bind password already provided (-w).\n"
|
|
msgstr ""
|
|
|
|
msgid "Enter LDAP password"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Bind password required when using a bind DN (-w or -W).\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Cannot specify both SASL mechanism and bind DN simultaneously.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Invalid SASL bind mechanism\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Cannot specify server and LDAP uri simultaneously.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Server name not provided and unavailable\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Incompatible options provided (-r and -P)\n"
|
|
msgstr ""
|
|
|
|
msgid "New Principal Password"
|
|
msgstr ""
|
|
|
|
msgid "Verify Principal Password"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid ""
|
|
"Warning: salt types are not honored with randomized passwords (see opt. -P)\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Invalid Service Principal Name\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Kerberos Credential Cache not found. Do you have a Kerberos Ticket?\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid ""
|
|
"Kerberos User Principal not found. Do you have a valid Credential Cache?\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to open Keytab\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Retrying with pre-4.0 keytab retrieval method...\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to create key material\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to get keytab\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to add key to the keytab\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Failed to close the keytab\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Keytab successfully retrieved and stored in: %s\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "No file to read"
|
|
msgid "Failed to add"
|
|
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "
|
|
|
|
msgid "maps not connected to /etc/auto.master:"
|
|
msgstr ""
|
|
|
|
msgid "Import automount files for a specific location."
|
|
msgstr ""
|
|
|
|
msgid "Master file"
|
|
msgstr ""
|
|
|
|
msgid "Automount master file."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Continuous operation mode. Errors are reported but the process continues."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "File %(file)s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "key %(key)s already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "map %(map)s already exists"
|
|
msgstr ""
|
|
|
|
msgid "Imported maps:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added %(map)s"
|
|
msgstr ""
|
|
|
|
msgid "Imported keys:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added %(src)s to %(dst)s"
|
|
msgstr ""
|
|
|
|
msgid "Ignored keys:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Ignored %(src)s to %(dst)s"
|
|
msgstr ""
|
|
|
|
msgid "Duplicate maps skipped:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Skipped %(map)s"
|
|
msgstr ""
|
|
|
|
msgid "Duplicate keys skipped:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Skipped %(key)s"
|
|
msgstr ""
|
|
|
|
msgid "Write certificate (chain if --chain used) to file"
|
|
msgstr ""
|
|
|
|
msgid "Path to NSS database"
|
|
msgstr ""
|
|
|
|
msgid "Path to NSS database to use for private key"
|
|
msgstr ""
|
|
|
|
msgid "Path to private key file"
|
|
msgstr ""
|
|
|
|
msgid "Path to PEM file containing a private key"
|
|
msgstr ""
|
|
|
|
msgid "File containing a password for the private key or database"
|
|
msgstr ""
|
|
|
|
msgid "Name of CSR generation profile (if not the same as profile_id)"
|
|
msgstr ""
|
|
|
|
msgid "Generated CSR was empty"
|
|
msgstr ""
|
|
|
|
msgid "Options 'database' and 'private_key' are not compatible with 'csr'"
|
|
msgstr ""
|
|
|
|
msgid "Unrevoked"
|
|
msgstr ""
|
|
|
|
msgid "Error"
|
|
msgstr ""
|
|
|
|
msgid "Input filename"
|
|
msgstr ""
|
|
|
|
msgid "File to load the certificate from."
|
|
msgstr ""
|
|
|
|
msgid "cannot specify both raw certificate and file"
|
|
msgstr ""
|
|
|
|
msgid "Input file"
|
|
msgstr ""
|
|
|
|
msgid "File to load the certificate from"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Profile configuration stored in file '%(file)s'"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Commands to build certificate requests automatically\n"
|
|
msgstr ""
|
|
|
|
msgid "Gather data for a certificate signing request."
|
|
msgstr ""
|
|
|
|
msgid "Principal"
|
|
msgstr ""
|
|
|
|
msgid "Principal for this certificate (e.g. HTTP/test.example.com)"
|
|
msgstr ""
|
|
|
|
msgid "Profile ID"
|
|
msgstr ""
|
|
|
|
msgid "CSR Generation Profile to use"
|
|
msgstr ""
|
|
|
|
msgid "Subject Public Key Info"
|
|
msgstr ""
|
|
|
|
msgid "DER-encoded SubjectPublicKeyInfo structure"
|
|
msgstr ""
|
|
|
|
msgid "Write CertificationRequestInfo to file"
|
|
msgstr ""
|
|
|
|
msgid "Dictionary mapping variable name to value"
|
|
msgstr ""
|
|
|
|
msgid "CertificationRequestInfo structure"
|
|
msgstr ""
|
|
|
|
msgid "The principal for this request doesn't exist."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Certificate(s) stored in file '%(file)s'"
|
|
msgstr ""
|
|
|
|
msgid "Servers details:"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Migration mode is disabled.\n"
|
|
"Use 'ipa config-mod --enable-migration=TRUE' to enable it."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Passwords have been migrated in pre-hashed format.\n"
|
|
"IPA is unable to generate Kerberos keys unless provided\n"
|
|
"with clear text passwords. All migrated users need to\n"
|
|
"login at https://your.domain/ipa/migration/ before they\n"
|
|
"can use their Kerberos accounts."
|
|
msgstr ""
|
|
|
|
msgid "python-yubico is not installed."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"YubiKey Tokens\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage YubiKey tokens.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"This code is an extension to the otptoken plugin and provides support for\n"
|
|
"reading/writing YubiKey tokens directly.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new token:\n"
|
|
" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n"
|
|
msgstr ""
|
|
|
|
msgid "Add a new YubiKey OTP token."
|
|
msgstr ""
|
|
|
|
msgid "YubiKey slot"
|
|
msgstr ""
|
|
|
|
msgid "No free YubiKey slot!"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removing %(servers)s from replication topology, please wait..."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled Sudo Rule \"%s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled Sudo Rule \"%s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added option \"%(option)s\" to Sudo Rule \"%(rule)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Replication topology of suffix \"%(suffix)s\" is in order."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Replication topology of suffix \"%(suffix)s\" contains errors."
|
|
msgstr ""
|
|
|
|
msgid "Topology is disconnected"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Server %(srv)s can't contact servers: %(replicas)s"
|
|
msgstr ""
|
|
|
|
msgid "Recommended maximum number of agreements per replica exceeded"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of agreements per replica"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Server \"%(srv)s\" has %(n)d agreements with servers:"
|
|
msgstr ""
|
|
|
|
msgid "Delete a user, keeping the entry available for future use"
|
|
msgstr ""
|
|
|
|
msgid "Delete a user"
|
|
msgstr ""
|
|
|
|
msgid "preserve and no-preserve cannot be both set"
|
|
msgstr ""
|
|
|
|
msgid "Split DNS record to parts"
|
|
msgstr ""
|
|
|
|
msgid "Please choose a type of DNS resource record to be added"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The most common types for this type of zone are: %s\n"
|
|
msgstr ""
|
|
|
|
msgid "DNS resource record type"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Invalid or unsupported type. Allowed values are: %s"
|
|
msgstr ""
|
|
|
|
msgid "No option to modify specific record provided."
|
|
msgstr ""
|
|
|
|
msgid "Current DNS record contents:\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modify %(name)s '%(value)s'?"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"%(count)d %(type)s record skipped. Only one value per DNS record type can be "
|
|
"modified at one time."
|
|
msgid_plural ""
|
|
"%(count)d %(type)s records skipped. Only one value per DNS record type can "
|
|
"be modified at one time."
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"Neither --del-all nor options to delete a specific record provided.\n"
|
|
"Command help may be consulted for all supported record types."
|
|
msgstr ""
|
|
|
|
msgid "No option to delete specific record provided."
|
|
msgstr ""
|
|
|
|
msgid "Delete all?"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Delete %(name)s '%(value)s'?"
|
|
msgstr ""
|
|
|
|
msgid "Server will check DNS forwarder(s)."
|
|
msgstr ""
|
|
|
|
msgid "This may take some time, please wait ..."
|
|
msgstr ""
|
|
|
|
msgid "DNS forwarder"
|
|
msgstr ""
|
|
|
|
msgid "file to store DNS records in nsupdate format"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Unable to display QR code using the configured output encoding. Please use "
|
|
"the token URI to configure your OTP device"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"QR code width is greater than that of the output tty. Please resize your "
|
|
"terminal."
|
|
msgstr ""
|
|
|
|
msgid "Synchronize an OTP token."
|
|
msgstr ""
|
|
|
|
msgid "User ID"
|
|
msgstr ""
|
|
|
|
msgid "Password"
|
|
msgstr ""
|
|
|
|
msgid "First Code"
|
|
msgstr ""
|
|
|
|
msgid "Second Code"
|
|
msgstr ""
|
|
|
|
msgid "Token ID"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot read file '%(filename)s': %(exc)s"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "cannot connect to '%(uri)s': %(error)s"
|
|
msgid "Cannot decode file '%(filename)s': %(exc)s"
|
|
msgstr "'%(uri)s' ला जोडणी अपयशी : %(error)s"
|
|
|
|
msgid "Invalid credentials"
|
|
msgstr ""
|
|
|
|
msgid "Create a new vault."
|
|
msgstr ""
|
|
|
|
msgid "Vault password"
|
|
msgstr ""
|
|
|
|
msgid "File containing the vault password"
|
|
msgstr ""
|
|
|
|
msgid "File containing the vault public key"
|
|
msgstr ""
|
|
|
|
msgid "Password can be specified only for symmetric vault"
|
|
msgstr ""
|
|
|
|
msgid "Public key can be specified only for asymmetric vault"
|
|
msgstr ""
|
|
|
|
msgid "Password specified multiple times"
|
|
msgstr ""
|
|
|
|
msgid "Public key specified multiple times"
|
|
msgstr ""
|
|
|
|
msgid "Missing vault public key"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Invalid or unsupported vault public key: %s"
|
|
msgstr ""
|
|
|
|
msgid "Modify a vault."
|
|
msgstr ""
|
|
|
|
msgid "Change password"
|
|
msgstr ""
|
|
|
|
msgid "Old vault password"
|
|
msgstr ""
|
|
|
|
msgid "File containing the old vault password"
|
|
msgstr ""
|
|
|
|
msgid "New vault password"
|
|
msgstr ""
|
|
|
|
msgid "File containing the new vault password"
|
|
msgstr ""
|
|
|
|
msgid "Old vault private key"
|
|
msgstr ""
|
|
|
|
msgid "File containing the old vault private key"
|
|
msgstr ""
|
|
|
|
msgid "File containing the new vault public key"
|
|
msgstr ""
|
|
|
|
msgid "New public key specified multiple times"
|
|
msgstr ""
|
|
|
|
msgid "Missing new vault public key"
|
|
msgstr ""
|
|
|
|
msgid "Archive data into a vault."
|
|
msgstr ""
|
|
|
|
msgid "Binary data to archive"
|
|
msgstr ""
|
|
|
|
msgid "File containing data to archive"
|
|
msgstr ""
|
|
|
|
msgid "Override existing password"
|
|
msgstr ""
|
|
|
|
msgid "Input data specified multiple times"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Size of data exceeds the limit. Current vault data size limit is %(limit)d B"
|
|
msgstr ""
|
|
|
|
msgid "Invalid vault type"
|
|
msgstr ""
|
|
|
|
msgid "Retrieve a data from a vault."
|
|
msgstr ""
|
|
|
|
msgid "File to store retrieved data"
|
|
msgstr ""
|
|
|
|
msgid "Vault private key"
|
|
msgstr ""
|
|
|
|
msgid "File containing the vault private key"
|
|
msgstr ""
|
|
|
|
msgid "Data"
|
|
msgstr ""
|
|
|
|
msgid "Private key specified multiple times"
|
|
msgstr ""
|
|
|
|
msgid "Missing vault private key"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Directory Server Access Control Instructions (ACIs)\n"
|
|
"\n"
|
|
"ACIs are used to allow or deny access to information. This module is\n"
|
|
"currently designed to allow, not deny, access.\n"
|
|
"\n"
|
|
"The aci commands are designed to grant permissions that allow updating\n"
|
|
"existing entries or adding or deleting new ones. The goal of the ACIs\n"
|
|
"that ship with IPA is to provide a set of low-level permissions that\n"
|
|
"grant access to special groups called taskgroups. These low-level\n"
|
|
"permissions can be combined into roles that grant broader access. These\n"
|
|
"roles are another type of group, roles.\n"
|
|
"\n"
|
|
"For example, if you have taskgroups that allow adding and modifying users "
|
|
"you\n"
|
|
"could create a role, useradmin. You would assign users to the useradmin\n"
|
|
"role to allow them to do the operations defined by the taskgroups.\n"
|
|
"\n"
|
|
"You can create ACIs that delegate permission so users in group A can write\n"
|
|
"attributes on group B.\n"
|
|
"\n"
|
|
"The type option is a map that applies to all entries in the users, groups "
|
|
"or\n"
|
|
"host location. It is primarily designed to be used when granting add\n"
|
|
"permissions (to write new entries).\n"
|
|
"\n"
|
|
"An ACI consists of three parts:\n"
|
|
"1. target\n"
|
|
"2. permissions\n"
|
|
"3. bind rules\n"
|
|
"\n"
|
|
"The target is a set of rules that define which LDAP objects are being\n"
|
|
"targeted. This can include a list of attributes, an area of that LDAP\n"
|
|
"tree or an LDAP filter.\n"
|
|
"\n"
|
|
"The targets include:\n"
|
|
"- attrs: list of attributes affected\n"
|
|
"- type: an object type (user, group, host, service, etc)\n"
|
|
"- memberof: members of a group\n"
|
|
"- targetgroup: grant access to modify a specific group. This is primarily\n"
|
|
" designed to enable users to add or remove members of a specific group.\n"
|
|
"- filter: A legal LDAP filter used to narrow the scope of the target.\n"
|
|
"- subtree: Used to apply a rule across an entire set of objects. For "
|
|
"example,\n"
|
|
" to allow adding users you need to grant \"add\" permission to the subtree\n"
|
|
" ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n"
|
|
" is a fail-safe for objects that may not be covered by the type option.\n"
|
|
"\n"
|
|
"The permissions define what the ACI is allowed to do, and are one or\n"
|
|
"more of:\n"
|
|
"1. write - write one or more attributes\n"
|
|
"2. read - read one or more attributes\n"
|
|
"3. add - add a new entry to the tree\n"
|
|
"4. delete - delete an existing entry\n"
|
|
"5. all - all permissions are granted\n"
|
|
"\n"
|
|
"Note the distinction between attributes and entries. The permissions are\n"
|
|
"independent, so being able to add a user does not mean that the user will\n"
|
|
"be editable.\n"
|
|
"\n"
|
|
"The bind rule defines who this ACI grants permissions to. The LDAP server\n"
|
|
"allows this to be any valid LDAP entry but we encourage the use of\n"
|
|
"taskgroups so that the rights can be easily shared through roles.\n"
|
|
"\n"
|
|
"For a more thorough description of access controls see\n"
|
|
"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control."
|
|
"html\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
"NOTE: ACIs are now added via the permission plugin. These examples are to\n"
|
|
"demonstrate how the various options work but this is done via the "
|
|
"permission\n"
|
|
"command-line now (see last example).\n"
|
|
"\n"
|
|
" Add an ACI so that the group \"secretaries\" can update the address on any "
|
|
"user:\n"
|
|
" ipa group-add --desc=\"Office secretaries\" secretaries\n"
|
|
" ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries "
|
|
"--permissions=write --prefix=none \"Secretaries write addresses\"\n"
|
|
"\n"
|
|
" Show the new ACI:\n"
|
|
" ipa aci-show --prefix=none \"Secretaries write addresses\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the \"addusers\" permission to add new "
|
|
"users:\n"
|
|
" ipa aci-add --type=user --permission=addusers --permissions=add --"
|
|
"prefix=none \"Add new users\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the editors manage members of the admins "
|
|
"group:\n"
|
|
" ipa aci-add --permissions=write --attrs=member --targetgroup=admins --"
|
|
"group=editors --prefix=none \"Editors manage admins\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the admins group to manage the street and "
|
|
"zip code of those in the editors group:\n"
|
|
" ipa aci-add --permissions=write --memberof=editors --group=admins --"
|
|
"attrs=street --attrs=postalcode --prefix=none \"admins edit the address of "
|
|
"editors\"\n"
|
|
"\n"
|
|
" Add an ACI that allows the admins group manage the street and zipcode of "
|
|
"those who work for the boss:\n"
|
|
" ipa aci-add --permissions=write --group=admins --attrs=street --"
|
|
"attrs=postalcode --filter=\"(manager=uid=boss,cn=users,cn=accounts,"
|
|
"dc=example,dc=com)\" --prefix=none \"Edit the address of those who work for "
|
|
"the boss\"\n"
|
|
"\n"
|
|
" Add an entirely new kind of record to IPA that isn't covered by any of the "
|
|
"--type options, creating a permission:\n"
|
|
" ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange,"
|
|
"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n"
|
|
"\n"
|
|
"\n"
|
|
"The show command shows the raw 389-ds ACI.\n"
|
|
"\n"
|
|
"IMPORTANT: When modifying the target attributes of an existing ACI you\n"
|
|
"must include all existing attributes as well. When doing an aci-mod the\n"
|
|
"targetattr REPLACES the current attributes, it does not add to them.\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "ACI name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Permission"
|
|
msgstr ""
|
|
|
|
msgid "Permission ACI grants access to"
|
|
msgstr ""
|
|
|
|
msgid "User group"
|
|
msgstr ""
|
|
|
|
msgid "User group ACI grants access to"
|
|
msgstr ""
|
|
|
|
msgid "Permissions"
|
|
msgstr ""
|
|
|
|
msgid "Permissions to grant(read, write, add, delete, all)"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to which the permission applies"
|
|
msgstr ""
|
|
|
|
msgid "Attributes"
|
|
msgstr ""
|
|
|
|
msgid "Type"
|
|
msgstr ""
|
|
|
|
msgid "type of IPA object (user, group, host, hostgroup, service, netgroup)"
|
|
msgstr ""
|
|
|
|
msgid "Member of"
|
|
msgstr ""
|
|
|
|
msgid "Member of a group"
|
|
msgstr ""
|
|
|
|
msgid "Filter"
|
|
msgstr ""
|
|
|
|
msgid "Legal LDAP filter (e.g. ou=Engineering)"
|
|
msgstr ""
|
|
|
|
msgid "Subtree"
|
|
msgstr ""
|
|
|
|
msgid "Subtree to apply ACI to"
|
|
msgstr ""
|
|
|
|
msgid "Target group"
|
|
msgstr ""
|
|
|
|
msgid "Group to apply ACI to"
|
|
msgstr ""
|
|
|
|
msgid "Target your own entry (self)"
|
|
msgstr ""
|
|
|
|
msgid "Apply ACI to your own entry (self)"
|
|
msgstr ""
|
|
|
|
msgid "Create new ACI."
|
|
msgstr ""
|
|
|
|
msgid "ACI prefix"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Prefix used to distinguish ACI types (permission, delegation, selfservice, "
|
|
"none)"
|
|
msgstr ""
|
|
|
|
msgid "Test the ACI syntax but don't write anything"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Retrieve and print all attributes from the server. Affects command output."
|
|
msgstr ""
|
|
|
|
msgid "Print entries as stored on the server. Only affects output format."
|
|
msgstr ""
|
|
|
|
msgid "User-friendly description of action performed"
|
|
msgstr ""
|
|
|
|
msgid "The primary_key value of the entry, e.g. 'jdoe' for a user"
|
|
msgstr ""
|
|
|
|
msgid "Delete ACI."
|
|
msgstr ""
|
|
|
|
msgid "True means the operation was successful"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Search for ACIs.\n"
|
|
"\n"
|
|
" Returns a list of ACIs\n"
|
|
"\n"
|
|
" EXAMPLES:\n"
|
|
"\n"
|
|
" To find all ACIs that apply directly to members of the group ipausers:\n"
|
|
" ipa aci-find --memberof=ipausers\n"
|
|
"\n"
|
|
" To find all ACIs that grant add access:\n"
|
|
" ipa aci-find --permissions=add\n"
|
|
"\n"
|
|
" Note that the find command only looks for the given text in the set of\n"
|
|
" ACIs, it does not evaluate the ACIs to see if something would apply.\n"
|
|
" For example, searching on memberof=ipausers will find all ACIs that\n"
|
|
" have ipausers as a memberof. There may be other ACIs that apply to\n"
|
|
" members of that group indirectly.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "A string searched in all relevant object attributes"
|
|
msgstr "एक शब्द सर्व संबंधित ऑब्जेक्ट गुणधर्मात शोधला"
|
|
|
|
msgid "Primary key only"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"name\")"
|
|
msgstr ""
|
|
|
|
msgid "Number of entries returned"
|
|
msgstr ""
|
|
|
|
msgid "True if not all results were returned"
|
|
msgstr ""
|
|
|
|
msgid "Modify ACI."
|
|
msgstr ""
|
|
|
|
msgid "Rename an ACI."
|
|
msgstr ""
|
|
|
|
msgid "New ACI name"
|
|
msgstr ""
|
|
|
|
msgid "Display a single ACI given an ACI name."
|
|
msgstr ""
|
|
|
|
msgid "Location of the ACI"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Automount\n"
|
|
"\n"
|
|
"Stores automount(8) configuration for autofs(8) in IPA.\n"
|
|
"\n"
|
|
"The base of an automount configuration is the configuration file auto."
|
|
"master.\n"
|
|
"This is also the base location in IPA. Multiple auto.master configurations\n"
|
|
"can be stored in separate locations. A location is implementation-specific\n"
|
|
"with the default being a location named 'default'. For example, you can "
|
|
"have\n"
|
|
"locations by geographic region, by floor, by type, etc.\n"
|
|
"\n"
|
|
"Automount has three basic object types: locations, maps and keys.\n"
|
|
"\n"
|
|
"A location defines a set of maps anchored in auto.master. This allows you\n"
|
|
"to store multiple automount configurations. A location in itself isn't\n"
|
|
"very interesting, it is just a point to start a new automount map.\n"
|
|
"\n"
|
|
"A map is roughly equivalent to a discrete automount file and provides\n"
|
|
"storage for keys.\n"
|
|
"\n"
|
|
"A key is a mount point associated with a map.\n"
|
|
"\n"
|
|
"When a new location is created, two maps are automatically created for\n"
|
|
"it: auto.master and auto.direct. auto.master is the root map for all\n"
|
|
"automount maps for the location. auto.direct is the default map for\n"
|
|
"direct mounts and is mounted on /-.\n"
|
|
"\n"
|
|
"An automount map may contain a submount key. This key defines a mount\n"
|
|
"location within the map that references another map. This can be done\n"
|
|
"either using automountmap-add-indirect --parentmap or manually\n"
|
|
"with automountkey-add and setting info to \"-type=autofs :<mapname>\".\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
"Locations:\n"
|
|
"\n"
|
|
" Create a named location, \"Baltimore\":\n"
|
|
" ipa automountlocation-add baltimore\n"
|
|
"\n"
|
|
" Display the new location:\n"
|
|
" ipa automountlocation-show baltimore\n"
|
|
"\n"
|
|
" Find available locations:\n"
|
|
" ipa automountlocation-find\n"
|
|
"\n"
|
|
" Remove a named automount location:\n"
|
|
" ipa automountlocation-del baltimore\n"
|
|
"\n"
|
|
" Show what the automount maps would look like if they were in the "
|
|
"filesystem:\n"
|
|
" ipa automountlocation-tofiles baltimore\n"
|
|
"\n"
|
|
" Import an existing configuration into a location:\n"
|
|
" ipa automountlocation-import baltimore /etc/auto.master\n"
|
|
"\n"
|
|
" The import will fail if any duplicate entries are found. For\n"
|
|
" continuous operation where errors are ignored, use the --continue\n"
|
|
" option.\n"
|
|
"\n"
|
|
"Maps:\n"
|
|
"\n"
|
|
" Create a new map, \"auto.share\":\n"
|
|
" ipa automountmap-add baltimore auto.share\n"
|
|
"\n"
|
|
" Display the new map:\n"
|
|
" ipa automountmap-show baltimore auto.share\n"
|
|
"\n"
|
|
" Find maps in the location baltimore:\n"
|
|
" ipa automountmap-find baltimore\n"
|
|
"\n"
|
|
" Create an indirect map with auto.share as a submount:\n"
|
|
" ipa automountmap-add-indirect baltimore --parentmap=auto.share --"
|
|
"mount=sub auto.man\n"
|
|
"\n"
|
|
" This is equivalent to:\n"
|
|
"\n"
|
|
" ipa automountmap-add-indirect baltimore --mount=/man auto.man\n"
|
|
" ipa automountkey-add baltimore auto.man --key=sub --info=\"-"
|
|
"fstype=autofs ldap:auto.share\"\n"
|
|
"\n"
|
|
" Remove the auto.share map:\n"
|
|
" ipa automountmap-del baltimore auto.share\n"
|
|
"\n"
|
|
"Keys:\n"
|
|
"\n"
|
|
" Create a new key for the auto.share map in location baltimore. This ties\n"
|
|
" the map we previously created to auto.master:\n"
|
|
" ipa automountkey-add baltimore auto.master --key=/share --info=auto."
|
|
"share\n"
|
|
"\n"
|
|
" Create a new key for our auto.share map, an NFS mount for man pages:\n"
|
|
" ipa automountkey-add baltimore auto.share --key=man --info=\"-ro,soft,"
|
|
"rsize=8192,wsize=8192 ipa.example.com:/shared/man\"\n"
|
|
"\n"
|
|
" Find all keys for the auto.share map:\n"
|
|
" ipa automountkey-find baltimore auto.share\n"
|
|
"\n"
|
|
" Find all direct automount keys:\n"
|
|
" ipa automountkey-find baltimore --key=/-\n"
|
|
"\n"
|
|
" Remove the man key from the auto.share map:\n"
|
|
" ipa automountkey-del baltimore auto.share --key=man\n"
|
|
msgstr ""
|
|
|
|
msgid "Key"
|
|
msgstr ""
|
|
|
|
msgid "Automount key name."
|
|
msgstr ""
|
|
|
|
msgid "Mount information"
|
|
msgstr ""
|
|
|
|
msgid "description"
|
|
msgstr ""
|
|
|
|
msgid "Location"
|
|
msgstr ""
|
|
|
|
msgid "Automount location name."
|
|
msgstr ""
|
|
|
|
msgid "Map"
|
|
msgstr ""
|
|
|
|
msgid "Automount map name."
|
|
msgstr ""
|
|
|
|
msgid "Description"
|
|
msgstr ""
|
|
|
|
msgid "Create a new automount key."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Set an attribute to a name/value pair. Format is attr=value.\n"
|
|
"For multi-valued attributes, the command replaces the values already present."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Add an attribute/value pair. Format is attr=value. The attribute\n"
|
|
"must be part of the schema."
|
|
msgstr ""
|
|
|
|
msgid "Delete an automount key."
|
|
msgstr ""
|
|
|
|
msgid "Continuous mode: Don't stop on errors."
|
|
msgstr ""
|
|
|
|
msgid "List of deletions that failed"
|
|
msgstr ""
|
|
|
|
msgid "Search for an automount key."
|
|
msgstr ""
|
|
|
|
msgid "Time Limit"
|
|
msgstr ""
|
|
|
|
msgid "Time limit of search in seconds"
|
|
msgstr ""
|
|
|
|
msgid "Size Limit"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of entries returned"
|
|
msgstr ""
|
|
|
|
msgid "Modify an automount key."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Delete an attribute/value pair. The option will be evaluated\n"
|
|
"last, after all sets and adds."
|
|
msgstr ""
|
|
|
|
msgid "Rights"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Display the access rights of this entry (requires --all). See ipa man page "
|
|
"for details."
|
|
msgstr ""
|
|
|
|
msgid "New mount information"
|
|
msgstr ""
|
|
|
|
msgid "Rename"
|
|
msgstr ""
|
|
|
|
msgid "Rename the automount key object"
|
|
msgstr ""
|
|
|
|
msgid "Display an automount key."
|
|
msgstr ""
|
|
|
|
msgid "Create a new automount location."
|
|
msgstr ""
|
|
|
|
msgid "Delete an automount location."
|
|
msgstr ""
|
|
|
|
msgid "Search for an automount location."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"location\")"
|
|
msgstr ""
|
|
|
|
msgid "Display an automount location."
|
|
msgstr ""
|
|
|
|
msgid "Generate automount files for a specific location."
|
|
msgstr ""
|
|
|
|
msgid "Create a new automount map."
|
|
msgstr ""
|
|
|
|
msgid "Create a new indirect mount point."
|
|
msgstr ""
|
|
|
|
msgid "Mount point"
|
|
msgstr ""
|
|
|
|
msgid "Parent map"
|
|
msgstr ""
|
|
|
|
msgid "Name of parent automount map (default: auto.master)."
|
|
msgstr ""
|
|
|
|
msgid "Delete an automount map."
|
|
msgstr ""
|
|
|
|
msgid "Search for an automount map."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"map\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify an automount map."
|
|
msgstr ""
|
|
|
|
msgid "Display an automount map."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Plugin to make multiple ipa calls via one remote procedure call\n"
|
|
"\n"
|
|
"To run this code in the lite-server\n"
|
|
"\n"
|
|
"curl -H \"Content-Type:application/json\" -H \"Accept:application/"
|
|
"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /"
|
|
"etc/ipa/ca.crt -d @batch_request.json -X POST http://"
|
|
"localhost:8888/ipa/json\n"
|
|
"\n"
|
|
"where the contents of the file batch_request.json follow the below example\n"
|
|
"\n"
|
|
"{\"method\":\"batch\",\"params\":[[\n"
|
|
" {\"method\":\"group_find\",\"params\":[[],{}]},\n"
|
|
" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all"
|
|
"\":\"true\"}]},\n"
|
|
" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n"
|
|
" ],{}],\"id\":1}\n"
|
|
"\n"
|
|
"The format of the response is nested the same way. At the top you will see\n"
|
|
" \"error\": null,\n"
|
|
" \"id\": 1,\n"
|
|
" \"result\": {\n"
|
|
" \"count\": 3,\n"
|
|
" \"results\": [\n"
|
|
"\n"
|
|
"\n"
|
|
"And then a nested response for each IPA command method sent in the request\n"
|
|
msgstr ""
|
|
|
|
msgid "Nested Methods to execute"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Server configuration\n"
|
|
"\n"
|
|
"Manage the default values that IPA uses and some of its tuning parameters.\n"
|
|
"\n"
|
|
"NOTES:\n"
|
|
"\n"
|
|
"The password notification value (--pwdexpnotify) is stored here so it will\n"
|
|
"be replicated. It is not currently used to notify users in advance of an\n"
|
|
"expiring password.\n"
|
|
"\n"
|
|
"Some attributes are read-only, provided only for information purposes. "
|
|
"These\n"
|
|
"include:\n"
|
|
"\n"
|
|
"Certificate Subject base: the configured certificate subject base,\n"
|
|
" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n"
|
|
"Password plug-in features: currently defines additional hashes that the\n"
|
|
" password will generate (there may be other conditions).\n"
|
|
"\n"
|
|
"When setting the order list for mapping SELinux users you may need to\n"
|
|
"quote the value so it isn't interpreted by the shell.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Show basic server configuration:\n"
|
|
" ipa config-show\n"
|
|
"\n"
|
|
" Show all configuration options:\n"
|
|
" ipa config-show --all\n"
|
|
"\n"
|
|
" Change maximum username length to 99 characters:\n"
|
|
" ipa config-mod --maxusername=99\n"
|
|
"\n"
|
|
" Increase default time and size limits for maximum IPA server search:\n"
|
|
" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n"
|
|
"\n"
|
|
" Set default user e-mail domain:\n"
|
|
" ipa config-mod --emaildomain=example.com\n"
|
|
"\n"
|
|
" Enable migration mode to make \"ipa migrate-ds\" command operational:\n"
|
|
" ipa config-mod --enable-migration=TRUE\n"
|
|
"\n"
|
|
" Define SELinux user map order:\n"
|
|
" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-"
|
|
"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n"
|
|
msgstr ""
|
|
|
|
msgid "Maximum username length"
|
|
msgstr ""
|
|
|
|
msgid "Home directory base"
|
|
msgstr ""
|
|
|
|
msgid "Default location of home directories"
|
|
msgstr ""
|
|
|
|
msgid "Default shell"
|
|
msgstr ""
|
|
|
|
msgid "Default shell for new users"
|
|
msgstr ""
|
|
|
|
msgid "Default users group"
|
|
msgstr ""
|
|
|
|
msgid "Default group for new users"
|
|
msgstr ""
|
|
|
|
msgid "Default e-mail domain"
|
|
msgstr ""
|
|
|
|
msgid "Search time limit"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)"
|
|
msgstr ""
|
|
|
|
msgid "Search size limit"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of records to search (-1 is unlimited)"
|
|
msgstr ""
|
|
|
|
msgid "User search fields"
|
|
msgstr ""
|
|
|
|
msgid "A comma-separated list of fields to search in when searching for users"
|
|
msgstr ""
|
|
|
|
msgid "Group search fields"
|
|
msgstr ""
|
|
|
|
msgid "A comma-separated list of fields to search in when searching for groups"
|
|
msgstr ""
|
|
|
|
msgid "Enable migration mode"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Subject base"
|
|
msgstr ""
|
|
|
|
msgid "Base for certificate subjects (OU=Test,O=Example)"
|
|
msgstr ""
|
|
|
|
msgid "Default group objectclasses"
|
|
msgstr ""
|
|
|
|
msgid "Default group objectclasses (comma-separated list)"
|
|
msgstr ""
|
|
|
|
msgid "Default user objectclasses"
|
|
msgstr ""
|
|
|
|
msgid "Default user objectclasses (comma-separated list)"
|
|
msgstr ""
|
|
|
|
msgid "Password Expiration Notification (days)"
|
|
msgstr ""
|
|
|
|
msgid "Number of days's notice of impending password expiration"
|
|
msgstr ""
|
|
|
|
msgid "Password plugin features"
|
|
msgstr ""
|
|
|
|
msgid "Extra hashes to generate in password plug-in"
|
|
msgstr ""
|
|
|
|
msgid "SELinux user map order"
|
|
msgstr ""
|
|
|
|
msgid "Order in increasing priority of SELinux users, delimited by $"
|
|
msgstr ""
|
|
|
|
msgid "Default SELinux user"
|
|
msgstr ""
|
|
|
|
msgid "Default SELinux user when no match is found in SELinux map rule"
|
|
msgstr ""
|
|
|
|
msgid "Default PAC types"
|
|
msgstr ""
|
|
|
|
msgid "Default types of PAC supported for services"
|
|
msgstr ""
|
|
|
|
msgid "Default user authentication types"
|
|
msgstr ""
|
|
|
|
msgid "Default types of supported user authentication"
|
|
msgstr ""
|
|
|
|
msgid "Modify configuration options."
|
|
msgstr ""
|
|
|
|
msgid "Show the current configuration."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Group to Group Delegation\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of permissions. Access Control\n"
|
|
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
|
|
"given tasks such as adding a user, modifying a group, etc.\n"
|
|
"\n"
|
|
"Group to Group Delegations grants the members of one group to update a set\n"
|
|
"of attributes of members of another group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a delegation rule to allow managers to edit employee's addresses:\n"
|
|
" ipa delegation-add --attrs=street --group=managers --"
|
|
"membergroup=employees \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" When managing the list of attributes you need to include all attributes\n"
|
|
" in the list, including existing ones. Add postalCode to the list:\n"
|
|
" ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --"
|
|
"membergroup=employees \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" Display our updated rule:\n"
|
|
" ipa delegation-show \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" Delete a rule:\n"
|
|
" ipa delegation-del \"managers edit employees' street\"\n"
|
|
msgstr ""
|
|
|
|
msgid "Delegation name"
|
|
msgstr ""
|
|
|
|
msgid "Permissions to grant (read, write). Default is write."
|
|
msgstr ""
|
|
|
|
msgid "Attributes to which the delegation applies"
|
|
msgstr ""
|
|
|
|
msgid "Member user group"
|
|
msgstr ""
|
|
|
|
msgid "User group to apply delegation to"
|
|
msgstr ""
|
|
|
|
msgid "Add a new delegation."
|
|
msgstr ""
|
|
|
|
msgid "Delete a delegation."
|
|
msgstr ""
|
|
|
|
msgid "Search for delegations."
|
|
msgstr ""
|
|
|
|
msgid "Modify a delegation."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a delegation."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Domain Name System (DNS)\n"
|
|
"\n"
|
|
"Manage DNS zone and resource records.\n"
|
|
"\n"
|
|
"SUPPORTED ZONE TYPES\n"
|
|
"\n"
|
|
" * Master zone (dnszone-*), contains authoritative data.\n"
|
|
" * Forward zone (dnsforwardzone-*), forwards queries to configured "
|
|
"forwarders\n"
|
|
" (a set of DNS servers).\n"
|
|
"\n"
|
|
"USING STRUCTURED PER-TYPE OPTIONS\n"
|
|
"\n"
|
|
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
|
|
"is not just a scalar value, for example an IP address or a domain name, but\n"
|
|
"a data structure which may be often complex. A good example is a LOC record\n"
|
|
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
|
|
"minutes, seconds of latitude and longitude, altitude or precision).\n"
|
|
"\n"
|
|
"It may be difficult to manipulate such DNS records without making a mistake\n"
|
|
"and entering an invalid value. DNS module provides an abstraction over "
|
|
"these\n"
|
|
"raw records and allows to manipulate each RR type with specific options. "
|
|
"For\n"
|
|
"each supported RR type, DNS module provides a standard option to manipulate\n"
|
|
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
|
|
"options\n"
|
|
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
|
|
"--mx-preference and --mx-exchanger.\n"
|
|
"\n"
|
|
"When adding a record, either RR specific options or standard option for a "
|
|
"raw\n"
|
|
"value can be used, they just should not be combined in one add operation. "
|
|
"When\n"
|
|
"modifying an existing entry, new RR specific options can be used to change\n"
|
|
"one part of a DNS record, where the standard option for raw value is used\n"
|
|
"to specify the modified value. The following example demonstrates\n"
|
|
"a modification of MX record preference from 0 to 1 in a record without\n"
|
|
"modifying the exchanger:\n"
|
|
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add new zone:\n"
|
|
" ipa dnszone-add example.com --admin-email=admin@example.com\n"
|
|
"\n"
|
|
" Add system permission that can be used for per-zone privilege delegation:\n"
|
|
" ipa dnszone-add-permission example.com\n"
|
|
"\n"
|
|
" Modify the zone to allow dynamic updates for hosts own records in realm "
|
|
"EXAMPLE.COM:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE\n"
|
|
"\n"
|
|
" This is the equivalent of:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE --update-policy="
|
|
"\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant "
|
|
"EXAMPLE.COM krb5-self * SSHFP;\"\n"
|
|
"\n"
|
|
" Modify the zone to allow zone transfers for local network only:\n"
|
|
" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n"
|
|
"\n"
|
|
" Add new reverse zone specified by network IP address:\n"
|
|
" ipa dnszone-add --name-from-ip=192.0.2.0/24\n"
|
|
"\n"
|
|
" Add second nameserver for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
|
|
"\n"
|
|
" Add a mail server for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
|
|
"\n"
|
|
" Add another record using MX record specific options:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
|
|
"\n"
|
|
" Add another record using interactive mode (started when dnsrecord-add, "
|
|
"dnsrecord-mod,\n"
|
|
" or dnsrecord-del are executed with no options):\n"
|
|
" ipa dnsrecord-add example.com @\n"
|
|
" Please choose a type of DNS resource record to be added\n"
|
|
" The most common types for this type of zone are: NS, MX, LOC\n"
|
|
"\n"
|
|
" DNS resource record type: MX\n"
|
|
" MX Preference: 30\n"
|
|
" MX Exchanger: mail3\n"
|
|
" Record name: example.com\n"
|
|
" MX record: 10 mail1, 20 mail2, 30 mail3\n"
|
|
" NS record: nameserver.example.com., nameserver2.example.com.\n"
|
|
"\n"
|
|
" Delete previously added nameserver from example.com:\n"
|
|
" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
|
|
"\n"
|
|
" Add LOC record for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
|
|
"227.64m\"\n"
|
|
"\n"
|
|
" Add new A record for www.example.com. Create a reverse record in "
|
|
"appropriate\n"
|
|
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
|
|
"example.com\n"
|
|
" will be created in zone 2.0.192.in-addr.arpa.\n"
|
|
" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n"
|
|
"\n"
|
|
" Add new PTR record for www.example.com\n"
|
|
" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
|
|
"\n"
|
|
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
|
|
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
|
|
" is available, switch to backup.example.com.\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
|
|
"example.com\"\n"
|
|
"\n"
|
|
" The interactive mode can be used for easy modification:\n"
|
|
" ipa dnsrecord-mod example.com _ldap._tcp\n"
|
|
" No option to modify specific record provided.\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
|
|
"backup.example.com\n"
|
|
"\n"
|
|
" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
|
|
" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
|
|
" SRV Priority [0]: (keep the default value)\n"
|
|
" SRV Weight [1]: 2 (modified value)\n"
|
|
" SRV Port [389]: (keep the default value)\n"
|
|
" SRV Target [slow.example.com]: (keep the default value)\n"
|
|
" 1 SRV record skipped. Only one value per DNS record type can be modified "
|
|
"at one time.\n"
|
|
" Record name: _ldap._tcp\n"
|
|
" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
|
|
"389 slow.example.com\n"
|
|
"\n"
|
|
" After this modification, three fifths of the requests should go to\n"
|
|
" fast.example.com and two fifths to slow.example.com.\n"
|
|
"\n"
|
|
" An example of the interactive mode for dnsrecord-del command:\n"
|
|
" ipa dnsrecord-del example.com www\n"
|
|
" No option to delete specific record provided.\n"
|
|
" Delete all? Yes/No (default No): (do not delete all records)\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" A record: 192.0.2.2, 192.0.2.3\n"
|
|
"\n"
|
|
" Delete A record '192.0.2.2'? Yes/No (default No):\n"
|
|
" Delete A record '192.0.2.3'? Yes/No (default No): y\n"
|
|
" Record name: www\n"
|
|
" A record: 192.0.2.2 (A record 192.0.2.3 has been "
|
|
"deleted)\n"
|
|
"\n"
|
|
" Show zone example.com:\n"
|
|
" ipa dnszone-show example.com\n"
|
|
"\n"
|
|
" Find zone with \"example\" in its domain name:\n"
|
|
" ipa dnszone-find example\n"
|
|
"\n"
|
|
" Find records for resources with \"www\" in their name in zone example.com:\n"
|
|
" ipa dnsrecord-find example.com www\n"
|
|
"\n"
|
|
" Find A records with value 192.0.2.2 in zone example.com\n"
|
|
" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n"
|
|
"\n"
|
|
" Show records for resource www in zone example.com\n"
|
|
" ipa dnsrecord-show example.com www\n"
|
|
"\n"
|
|
" Delegate zone sub.example to another nameserver:\n"
|
|
" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n"
|
|
" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
|
|
"\n"
|
|
" Delete zone example.com with all resource records:\n"
|
|
" ipa dnszone-del example.com\n"
|
|
"\n"
|
|
" If a global forwarder is configured, all queries for which this server is "
|
|
"not\n"
|
|
" authoritative (e.g. sub.example.com) will be routed to the global "
|
|
"forwarder.\n"
|
|
" Global forwarding configuration can be overridden per-zone.\n"
|
|
"\n"
|
|
" Semantics of forwarding in IPA matches BIND semantics and depends on the "
|
|
"type\n"
|
|
" of zone:\n"
|
|
" * Master zone: local BIND replies authoritatively to queries for data in\n"
|
|
" the given zone (including authoritative NXDOMAIN answers) and forwarding\n"
|
|
" affects only queries for names below zone cuts (NS records) of locally\n"
|
|
" served zones.\n"
|
|
"\n"
|
|
" * Forward zone: forward zone contains no authoritative data. BIND "
|
|
"forwards\n"
|
|
" queries, which cannot be answered from its local cache, to configured\n"
|
|
" forwarders.\n"
|
|
"\n"
|
|
" Semantics of the --forward-policy option:\n"
|
|
" * none - disable forwarding for the given zone.\n"
|
|
" * first - forward all queries to configured forwarders. If they fail,\n"
|
|
" do resolution using DNS root servers.\n"
|
|
" * only - forward all queries to configured forwarders and if they fail,\n"
|
|
" return failure.\n"
|
|
"\n"
|
|
" Disable global forwarding for given sub-tree:\n"
|
|
" ipa dnszone-mod example.com --forward-policy=none\n"
|
|
"\n"
|
|
" This configuration forwards all queries for names outside the example.com\n"
|
|
" sub-tree to global forwarders. Normal recursive resolution process is used\n"
|
|
" for names inside the example.com sub-tree (i.e. NS records are followed "
|
|
"etc.).\n"
|
|
"\n"
|
|
" Forward all requests for the zone external.example.com to another "
|
|
"forwarder\n"
|
|
" using a \"first\" policy (it will send the queries to the selected "
|
|
"forwarder\n"
|
|
" and if not answered it will use global root servers):\n"
|
|
" ipa dnsforwardzone-add external.example.com --forward-"
|
|
"policy=first --forwarder=203.0.113.1\n"
|
|
"\n"
|
|
" Change forward-policy for external.example.com:\n"
|
|
" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n"
|
|
"\n"
|
|
" Show forward zone external.example.com:\n"
|
|
" ipa dnsforwardzone-show external.example.com\n"
|
|
"\n"
|
|
" List all forward zones:\n"
|
|
" ipa dnsforwardzone-find\n"
|
|
"\n"
|
|
" Delete forward zone external.example.com:\n"
|
|
" ipa dnsforwardzone-del external.example.com\n"
|
|
"\n"
|
|
" Resolve a host name to see if it exists (will add default IPA domain\n"
|
|
" if one is not included):\n"
|
|
" ipa dns-resolve www.example.com\n"
|
|
" ipa dns-resolve www\n"
|
|
"\n"
|
|
"\n"
|
|
"GLOBAL DNS CONFIGURATION\n"
|
|
"\n"
|
|
"DNS configuration passed to command line install script is stored in a "
|
|
"local\n"
|
|
"configuration file on each IPA server where DNS service is configured. "
|
|
"These\n"
|
|
"local settings can be overridden with a common configuration stored in LDAP\n"
|
|
"server:\n"
|
|
"\n"
|
|
" Show global DNS configuration:\n"
|
|
" ipa dnsconfig-show\n"
|
|
"\n"
|
|
" Modify global DNS configuration and set a list of global forwarders:\n"
|
|
" ipa dnsconfig-mod --forwarder=203.0.113.113\n"
|
|
msgstr ""
|
|
|
|
msgid "Global forwarders"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Global forwarders. A custom port can be specified for each forwarder using a "
|
|
"standard format \"IP_ADDRESS port PORT\""
|
|
msgstr ""
|
|
|
|
msgid "Forward policy"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Global forwarding policy. Set to \"none\" to disable any configured global "
|
|
"forwarders."
|
|
msgstr ""
|
|
|
|
msgid "Allow PTR sync"
|
|
msgstr ""
|
|
|
|
msgid "Allow synchronization of forward (A, AAAA) and reverse (PTR) records"
|
|
msgstr ""
|
|
|
|
msgid "Zone refresh interval"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Zone name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Zone name (FQDN)"
|
|
msgstr ""
|
|
|
|
msgid "Reverse zone IP network"
|
|
msgstr ""
|
|
|
|
msgid "IP network to create reverse zone name from"
|
|
msgstr ""
|
|
|
|
msgid "Active zone"
|
|
msgstr ""
|
|
|
|
msgid "Is zone active?"
|
|
msgstr ""
|
|
|
|
msgid "Zone forwarders"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Per-zone forwarders. A custom port can be specified for each forwarder using "
|
|
"a standard format \"IP_ADDRESS port PORT\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Per-zone conditional forwarding policy. Set to \"none\" to disable "
|
|
"forwarding to global forwarder for this zone. In that case, conditional zone "
|
|
"forwarders are disregarded."
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Record name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Time to live"
|
|
msgstr ""
|
|
|
|
msgid "Records"
|
|
msgstr ""
|
|
|
|
msgid "Record type"
|
|
msgstr ""
|
|
|
|
msgid "Record data"
|
|
msgstr ""
|
|
|
|
msgid "A record"
|
|
msgstr ""
|
|
|
|
msgid "Raw A records"
|
|
msgstr ""
|
|
|
|
msgid "A IP Address"
|
|
msgstr ""
|
|
|
|
msgid "IP Address"
|
|
msgstr ""
|
|
|
|
msgid "A Create reverse"
|
|
msgstr ""
|
|
|
|
msgid "Create reverse record for this IP Address"
|
|
msgstr ""
|
|
|
|
msgid "AAAA record"
|
|
msgstr ""
|
|
|
|
msgid "Raw AAAA records"
|
|
msgstr ""
|
|
|
|
msgid "AAAA IP Address"
|
|
msgstr ""
|
|
|
|
msgid "AAAA Create reverse"
|
|
msgstr ""
|
|
|
|
msgid "A6 record"
|
|
msgstr ""
|
|
|
|
msgid "Raw A6 records"
|
|
msgstr ""
|
|
|
|
msgid "A6 Record data"
|
|
msgstr ""
|
|
|
|
msgid "AFSDB record"
|
|
msgstr ""
|
|
|
|
msgid "Raw AFSDB records"
|
|
msgstr ""
|
|
|
|
msgid "AFSDB Subtype"
|
|
msgstr ""
|
|
|
|
msgid "Subtype"
|
|
msgstr ""
|
|
|
|
msgid "AFSDB Hostname"
|
|
msgstr ""
|
|
|
|
msgid "Hostname"
|
|
msgstr ""
|
|
|
|
msgid "APL record"
|
|
msgstr ""
|
|
|
|
msgid "Raw APL records"
|
|
msgstr ""
|
|
|
|
msgid "CERT record"
|
|
msgstr ""
|
|
|
|
msgid "Raw CERT records"
|
|
msgstr ""
|
|
|
|
msgid "CERT Certificate Type"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Type"
|
|
msgstr ""
|
|
|
|
msgid "CERT Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "CERT Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "CERT Certificate/CRL"
|
|
msgstr ""
|
|
|
|
msgid "Certificate/CRL"
|
|
msgstr ""
|
|
|
|
msgid "CNAME record"
|
|
msgstr ""
|
|
|
|
msgid "Raw CNAME records"
|
|
msgstr ""
|
|
|
|
msgid "CNAME Hostname"
|
|
msgstr ""
|
|
|
|
msgid "A hostname which this alias hostname points to"
|
|
msgstr ""
|
|
|
|
msgid "DHCID record"
|
|
msgstr ""
|
|
|
|
msgid "Raw DHCID records"
|
|
msgstr ""
|
|
|
|
msgid "DLV record"
|
|
msgstr ""
|
|
|
|
msgid "Raw DLV records"
|
|
msgstr ""
|
|
|
|
msgid "DLV Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "DLV Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "DLV Digest Type"
|
|
msgstr ""
|
|
|
|
msgid "Digest Type"
|
|
msgstr ""
|
|
|
|
msgid "DLV Digest"
|
|
msgstr ""
|
|
|
|
msgid "Digest"
|
|
msgstr ""
|
|
|
|
msgid "DNAME record"
|
|
msgstr ""
|
|
|
|
msgid "Raw DNAME records"
|
|
msgstr ""
|
|
|
|
msgid "DNAME Target"
|
|
msgstr ""
|
|
|
|
msgid "Target"
|
|
msgstr ""
|
|
|
|
msgid "DNSKEY record"
|
|
msgstr ""
|
|
|
|
msgid "Raw DNSKEY records"
|
|
msgstr ""
|
|
|
|
msgid "DS record"
|
|
msgstr ""
|
|
|
|
msgid "Raw DS records"
|
|
msgstr ""
|
|
|
|
msgid "DS Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "DS Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "DS Digest Type"
|
|
msgstr ""
|
|
|
|
msgid "DS Digest"
|
|
msgstr ""
|
|
|
|
msgid "HIP record"
|
|
msgstr ""
|
|
|
|
msgid "Raw HIP records"
|
|
msgstr ""
|
|
|
|
msgid "IPSECKEY record"
|
|
msgstr ""
|
|
|
|
msgid "Raw IPSECKEY records"
|
|
msgstr ""
|
|
|
|
msgid "KEY record"
|
|
msgstr ""
|
|
|
|
msgid "Raw KEY records"
|
|
msgstr ""
|
|
|
|
msgid "KX record"
|
|
msgstr ""
|
|
|
|
msgid "Raw KX records"
|
|
msgstr ""
|
|
|
|
msgid "KX Preference"
|
|
msgstr ""
|
|
|
|
msgid "Preference given to this exchanger. Lower values are more preferred"
|
|
msgstr ""
|
|
|
|
msgid "KX Exchanger"
|
|
msgstr ""
|
|
|
|
msgid "A host willing to act as a key exchanger"
|
|
msgstr ""
|
|
|
|
msgid "LOC record"
|
|
msgstr ""
|
|
|
|
msgid "Raw LOC records"
|
|
msgstr ""
|
|
|
|
msgid "LOC Degrees Latitude"
|
|
msgstr ""
|
|
|
|
msgid "Degrees Latitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Minutes Latitude"
|
|
msgstr ""
|
|
|
|
msgid "Minutes Latitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Seconds Latitude"
|
|
msgstr ""
|
|
|
|
msgid "Seconds Latitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Direction Latitude"
|
|
msgstr ""
|
|
|
|
msgid "Direction Latitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Degrees Longitude"
|
|
msgstr ""
|
|
|
|
msgid "Degrees Longitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Minutes Longitude"
|
|
msgstr ""
|
|
|
|
msgid "Minutes Longitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Seconds Longitude"
|
|
msgstr ""
|
|
|
|
msgid "Seconds Longitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Direction Longitude"
|
|
msgstr ""
|
|
|
|
msgid "Direction Longitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Altitude"
|
|
msgstr ""
|
|
|
|
msgid "Altitude"
|
|
msgstr ""
|
|
|
|
msgid "LOC Size"
|
|
msgstr ""
|
|
|
|
msgid "Size"
|
|
msgstr ""
|
|
|
|
msgid "LOC Horizontal Precision"
|
|
msgstr ""
|
|
|
|
msgid "Horizontal Precision"
|
|
msgstr ""
|
|
|
|
msgid "LOC Vertical Precision"
|
|
msgstr ""
|
|
|
|
msgid "Vertical Precision"
|
|
msgstr ""
|
|
|
|
msgid "MX record"
|
|
msgstr ""
|
|
|
|
msgid "Raw MX records"
|
|
msgstr ""
|
|
|
|
msgid "MX Preference"
|
|
msgstr ""
|
|
|
|
msgid "MX Exchanger"
|
|
msgstr ""
|
|
|
|
msgid "A host willing to act as a mail exchanger"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR record"
|
|
msgstr ""
|
|
|
|
msgid "Raw NAPTR records"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Order"
|
|
msgstr ""
|
|
|
|
msgid "Order"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Preference"
|
|
msgstr ""
|
|
|
|
msgid "Preference"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Flags"
|
|
msgstr ""
|
|
|
|
msgid "Flags"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Service"
|
|
msgstr ""
|
|
|
|
msgid "Service"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Regular Expression"
|
|
msgstr ""
|
|
|
|
msgid "Regular Expression"
|
|
msgstr ""
|
|
|
|
msgid "NAPTR Replacement"
|
|
msgstr ""
|
|
|
|
msgid "Replacement"
|
|
msgstr ""
|
|
|
|
msgid "NS record"
|
|
msgstr ""
|
|
|
|
msgid "Raw NS records"
|
|
msgstr ""
|
|
|
|
msgid "NS Hostname"
|
|
msgstr ""
|
|
|
|
msgid "NSEC record"
|
|
msgstr ""
|
|
|
|
msgid "Raw NSEC records"
|
|
msgstr ""
|
|
|
|
msgid "NSEC3 record"
|
|
msgstr ""
|
|
|
|
msgid "Raw NSEC3 records"
|
|
msgstr ""
|
|
|
|
msgid "PTR record"
|
|
msgstr ""
|
|
|
|
msgid "Raw PTR records"
|
|
msgstr ""
|
|
|
|
msgid "PTR Hostname"
|
|
msgstr ""
|
|
|
|
msgid "The hostname this reverse record points to"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG record"
|
|
msgstr ""
|
|
|
|
msgid "Raw RRSIG records"
|
|
msgstr ""
|
|
|
|
msgid "RP record"
|
|
msgstr ""
|
|
|
|
msgid "Raw RP records"
|
|
msgstr ""
|
|
|
|
msgid "SIG record"
|
|
msgstr ""
|
|
|
|
msgid "Raw SIG records"
|
|
msgstr ""
|
|
|
|
msgid "SPF record"
|
|
msgstr ""
|
|
|
|
msgid "Raw SPF records"
|
|
msgstr ""
|
|
|
|
msgid "SRV record"
|
|
msgstr ""
|
|
|
|
msgid "Raw SRV records"
|
|
msgstr ""
|
|
|
|
msgid "SRV Priority"
|
|
msgstr ""
|
|
|
|
msgid "Priority"
|
|
msgstr ""
|
|
|
|
msgid "SRV Weight"
|
|
msgstr ""
|
|
|
|
msgid "Weight"
|
|
msgstr ""
|
|
|
|
msgid "SRV Port"
|
|
msgstr ""
|
|
|
|
msgid "Port"
|
|
msgstr ""
|
|
|
|
msgid "SRV Target"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The domain name of the target host or '.' if the service is decidedly not "
|
|
"available at this domain"
|
|
msgstr ""
|
|
|
|
msgid "SSHFP record"
|
|
msgstr ""
|
|
|
|
msgid "Raw SSHFP records"
|
|
msgstr ""
|
|
|
|
msgid "SSHFP Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "SSHFP Fingerprint Type"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprint Type"
|
|
msgstr ""
|
|
|
|
msgid "SSHFP Fingerprint"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprint"
|
|
msgstr ""
|
|
|
|
msgid "TA record"
|
|
msgstr ""
|
|
|
|
msgid "Raw TA records"
|
|
msgstr ""
|
|
|
|
msgid "TLSA record"
|
|
msgstr ""
|
|
|
|
msgid "Raw TLSA records"
|
|
msgstr ""
|
|
|
|
msgid "TLSA Certificate Usage"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Usage"
|
|
msgstr ""
|
|
|
|
msgid "TLSA Selector"
|
|
msgstr ""
|
|
|
|
msgid "Selector"
|
|
msgstr ""
|
|
|
|
msgid "TLSA Matching Type"
|
|
msgstr ""
|
|
|
|
msgid "Matching Type"
|
|
msgstr ""
|
|
|
|
msgid "TLSA Certificate Association Data"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Association Data"
|
|
msgstr ""
|
|
|
|
msgid "TKEY record"
|
|
msgstr ""
|
|
|
|
msgid "Raw TKEY records"
|
|
msgstr ""
|
|
|
|
msgid "TSIG record"
|
|
msgstr ""
|
|
|
|
msgid "Raw TSIG records"
|
|
msgstr ""
|
|
|
|
msgid "TXT record"
|
|
msgstr ""
|
|
|
|
msgid "Raw TXT records"
|
|
msgstr ""
|
|
|
|
msgid "TXT Text Data"
|
|
msgstr ""
|
|
|
|
msgid "Text Data"
|
|
msgstr ""
|
|
|
|
msgid "Authoritative nameserver"
|
|
msgstr ""
|
|
|
|
msgid "Authoritative nameserver domain name"
|
|
msgstr ""
|
|
|
|
msgid "Administrator e-mail address"
|
|
msgstr ""
|
|
|
|
msgid "SOA serial"
|
|
msgstr ""
|
|
|
|
msgid "SOA record serial number"
|
|
msgstr ""
|
|
|
|
msgid "SOA refresh"
|
|
msgstr ""
|
|
|
|
msgid "SOA record refresh time"
|
|
msgstr ""
|
|
|
|
msgid "SOA retry"
|
|
msgstr ""
|
|
|
|
msgid "SOA record retry time"
|
|
msgstr ""
|
|
|
|
msgid "SOA expire"
|
|
msgstr ""
|
|
|
|
msgid "SOA record expire time"
|
|
msgstr ""
|
|
|
|
msgid "SOA minimum"
|
|
msgstr ""
|
|
|
|
msgid "How long should negative responses be cached"
|
|
msgstr ""
|
|
|
|
msgid "Time to live for records at zone apex"
|
|
msgstr ""
|
|
|
|
msgid "BIND update policy"
|
|
msgstr ""
|
|
|
|
msgid "Dynamic update"
|
|
msgstr ""
|
|
|
|
msgid "Allow dynamic updates."
|
|
msgstr ""
|
|
|
|
msgid "Allow query"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Semicolon separated list of IP addresses or networks which are allowed to "
|
|
"issue queries"
|
|
msgstr ""
|
|
|
|
msgid "Allow transfer"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Semicolon separated list of IP addresses or networks which are allowed to "
|
|
"transfer the zone"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the "
|
|
"zone"
|
|
msgstr ""
|
|
|
|
msgid "Allow in-line DNSSEC signing"
|
|
msgstr ""
|
|
|
|
msgid "Allow inline DNSSEC signing of records in the zone"
|
|
msgstr ""
|
|
|
|
msgid "NSEC3PARAM record"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt"
|
|
msgstr ""
|
|
|
|
msgid "Checks if any of the servers has the DNS service enabled."
|
|
msgstr ""
|
|
|
|
msgid "Resolve a host name in DNS."
|
|
msgstr ""
|
|
|
|
msgid "Modify global DNS configuration."
|
|
msgstr ""
|
|
|
|
msgid "Show the current global DNS configuration."
|
|
msgstr ""
|
|
|
|
msgid "Create new DNS forward zone."
|
|
msgstr ""
|
|
|
|
msgid "Add a permission for per-forward zone access delegation."
|
|
msgstr ""
|
|
|
|
msgid "Permission value"
|
|
msgstr ""
|
|
|
|
msgid "Delete DNS forward zone."
|
|
msgstr ""
|
|
|
|
msgid "Disable DNS Forward Zone."
|
|
msgstr ""
|
|
|
|
msgid "Enable DNS Forward Zone."
|
|
msgstr ""
|
|
|
|
msgid "Search for DNS forward zones."
|
|
msgstr ""
|
|
|
|
msgid "Modify DNS forward zone."
|
|
msgstr ""
|
|
|
|
msgid "Remove a permission for per-forward zone access delegation."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a DNS forward zone."
|
|
msgstr ""
|
|
|
|
msgid "Add new DNS resource record."
|
|
msgstr ""
|
|
|
|
msgid "Force"
|
|
msgstr ""
|
|
|
|
msgid "force NS record creation even if its hostname is not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Structured"
|
|
msgstr ""
|
|
|
|
msgid "Parse all raw DNS records and return them in a structured way"
|
|
msgstr ""
|
|
|
|
msgid "Delete DNS resource record."
|
|
msgstr ""
|
|
|
|
msgid "Delete all associated records"
|
|
msgstr ""
|
|
|
|
msgid "Delete DNS record entry."
|
|
msgstr ""
|
|
|
|
msgid "Search for DNS resources."
|
|
msgstr ""
|
|
|
|
msgid "Modify a DNS resource record."
|
|
msgstr ""
|
|
|
|
msgid "Rename the DNS resource record object"
|
|
msgstr ""
|
|
|
|
msgid "Display DNS resource."
|
|
msgstr ""
|
|
|
|
msgid "Create new DNS zone (SOA record)."
|
|
msgstr ""
|
|
|
|
msgid "Force DNS zone creation even if nameserver is not resolvable."
|
|
msgstr ""
|
|
|
|
msgid "Add a permission for per-zone access delegation."
|
|
msgstr ""
|
|
|
|
msgid "Delete DNS zone (SOA record)."
|
|
msgstr ""
|
|
|
|
msgid "Disable DNS Zone."
|
|
msgstr ""
|
|
|
|
msgid "Enable DNS Zone."
|
|
msgstr ""
|
|
|
|
msgid "Search for DNS zones (SOA records)."
|
|
msgstr ""
|
|
|
|
msgid "Forward zones only"
|
|
msgstr ""
|
|
|
|
msgid "Search for forward zones only"
|
|
msgstr ""
|
|
|
|
msgid "Modify DNS zone (SOA record)."
|
|
msgstr ""
|
|
|
|
msgid "Force nameserver change even if nameserver not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Remove a permission for per-zone access delegation."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a DNS zone (SOA record)."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Host-based access control\n"
|
|
"\n"
|
|
"Control who can access what services on what hosts. You\n"
|
|
"can use HBAC to control which users or groups can\n"
|
|
"access a service, or group of services, on a target host.\n"
|
|
"\n"
|
|
"You can also specify a category of users and target hosts.\n"
|
|
"This is currently limited to \"all\", but might be expanded in the\n"
|
|
"future.\n"
|
|
"\n"
|
|
"Target hosts in HBAC rules must be hosts managed by IPA.\n"
|
|
"\n"
|
|
"The available services and groups of services are controlled by the\n"
|
|
"hbacsvc and hbacsvcgroup plug-ins respectively.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a rule, \"test1\", that grants all users access to the host \"server"
|
|
"\" from\n"
|
|
" anywhere:\n"
|
|
" ipa hbacrule-add --usercat=all test1\n"
|
|
" ipa hbacrule-add-host --hosts=server.example.com test1\n"
|
|
"\n"
|
|
" Display the properties of a named HBAC rule:\n"
|
|
" ipa hbacrule-show test1\n"
|
|
"\n"
|
|
" Create a rule for a specific service. This lets the user john access\n"
|
|
" the sshd service on any machine from any machine:\n"
|
|
" ipa hbacrule-add --hostcat=all john_sshd\n"
|
|
" ipa hbacrule-add-user --users=john john_sshd\n"
|
|
" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n"
|
|
"\n"
|
|
" Create a rule for a new service group. This lets the user john access\n"
|
|
" the FTP service on any machine from any machine:\n"
|
|
" ipa hbacsvcgroup-add ftpers\n"
|
|
" ipa hbacsvc-add sftp\n"
|
|
" ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers\n"
|
|
" ipa hbacrule-add --hostcat=all john_ftp\n"
|
|
" ipa hbacrule-add-user --users=john john_ftp\n"
|
|
" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n"
|
|
"\n"
|
|
" Disable a named HBAC rule:\n"
|
|
" ipa hbacrule-disable test1\n"
|
|
"\n"
|
|
" Remove a named HBAC rule:\n"
|
|
" ipa hbacrule-del allow_server\n"
|
|
msgstr ""
|
|
|
|
msgid "Rule name"
|
|
msgstr ""
|
|
|
|
msgid "Rule type"
|
|
msgstr ""
|
|
|
|
msgid "Rule type (allow)"
|
|
msgstr ""
|
|
|
|
msgid "User category"
|
|
msgstr ""
|
|
|
|
msgid "User category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "Host category"
|
|
msgstr ""
|
|
|
|
msgid "Host category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "Service category"
|
|
msgstr ""
|
|
|
|
msgid "Service category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "Enabled"
|
|
msgstr ""
|
|
|
|
msgid "Users"
|
|
msgstr ""
|
|
|
|
msgid "User Groups"
|
|
msgstr ""
|
|
|
|
msgid "Hosts"
|
|
msgstr ""
|
|
|
|
msgid "Host Groups"
|
|
msgstr ""
|
|
|
|
msgid "Services"
|
|
msgstr ""
|
|
|
|
msgid "Service Groups"
|
|
msgstr ""
|
|
|
|
msgid "External host"
|
|
msgstr ""
|
|
|
|
msgid "Create a new HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "Suppress processing of membership attributes."
|
|
msgstr ""
|
|
|
|
msgid "Add target hosts and hostgroups to an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "member host"
|
|
msgstr ""
|
|
|
|
msgid "hosts to add"
|
|
msgstr ""
|
|
|
|
msgid "member host group"
|
|
msgstr ""
|
|
|
|
msgid "host groups to add"
|
|
msgstr ""
|
|
|
|
msgid "Members that could not be added"
|
|
msgstr ""
|
|
|
|
msgid "Number of members added"
|
|
msgstr ""
|
|
|
|
msgid "Add services to an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "member HBAC service"
|
|
msgstr ""
|
|
|
|
msgid "HBAC services to add"
|
|
msgstr ""
|
|
|
|
msgid "member HBAC service group"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service groups to add"
|
|
msgstr ""
|
|
|
|
msgid "Add users and groups to an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "member user"
|
|
msgstr ""
|
|
|
|
msgid "users to add"
|
|
msgstr ""
|
|
|
|
msgid "member group"
|
|
msgstr ""
|
|
|
|
msgid "groups to add"
|
|
msgstr ""
|
|
|
|
msgid "Delete an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "Disable an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "Enable an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "Search for HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "Remove target hosts and hostgroups from an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "hosts to remove"
|
|
msgstr ""
|
|
|
|
msgid "host groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Members that could not be removed"
|
|
msgstr ""
|
|
|
|
msgid "Number of members removed"
|
|
msgstr ""
|
|
|
|
msgid "Remove service and service groups from an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "HBAC services to remove"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove users and groups from an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "users to remove"
|
|
msgstr ""
|
|
|
|
msgid "groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Display the properties of an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"HBAC Services\n"
|
|
"\n"
|
|
"The PAM services that HBAC can control access to. The name used here\n"
|
|
"must match the service name that PAM is evaluating.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new HBAC service:\n"
|
|
" ipa hbacsvc-add tftp\n"
|
|
"\n"
|
|
" Modify an existing HBAC service:\n"
|
|
" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n"
|
|
"\n"
|
|
" Search for HBAC services. This example will return two results, the FTP\n"
|
|
" service and the newly-added tftp service:\n"
|
|
" ipa hbacsvc-find ftp\n"
|
|
"\n"
|
|
" Delete an HBAC service:\n"
|
|
" ipa hbacsvc-del tftp\n"
|
|
msgstr ""
|
|
|
|
msgid "Service name"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service description"
|
|
msgstr ""
|
|
|
|
msgid "Member of HBAC service groups"
|
|
msgstr ""
|
|
|
|
msgid "Add a new HBAC service."
|
|
msgstr ""
|
|
|
|
msgid "Delete an existing HBAC service."
|
|
msgstr ""
|
|
|
|
msgid "Search for HBAC services."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"service\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify an HBAC service."
|
|
msgstr ""
|
|
|
|
msgid "Display information about an HBAC service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"HBAC Service Groups\n"
|
|
"\n"
|
|
"HBAC service groups can contain any number of individual services,\n"
|
|
"or \"members\". Every group must have a description.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new HBAC service group:\n"
|
|
" ipa hbacsvcgroup-add --desc=\"login services\" login\n"
|
|
"\n"
|
|
" Add members to an HBAC service group:\n"
|
|
" ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login\n"
|
|
"\n"
|
|
" Display information about a named group:\n"
|
|
" ipa hbacsvcgroup-show login\n"
|
|
"\n"
|
|
" Delete an HBAC service group:\n"
|
|
" ipa hbacsvcgroup-del login\n"
|
|
msgstr ""
|
|
|
|
msgid "Service group name"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service group description"
|
|
msgstr ""
|
|
|
|
msgid "Member HBAC service"
|
|
msgstr ""
|
|
|
|
msgid "Add a new HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Add members to an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Delete an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Search for an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Modify an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Remove members from an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid "Display information about an HBAC service group."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Hosts/Machines\n"
|
|
"\n"
|
|
"A host represents a machine. It can be used in a number of contexts:\n"
|
|
"- service entries are associated with a host\n"
|
|
"- a host stores the host/ service principal\n"
|
|
"- a host can be used in Host-based Access Control (HBAC) rules\n"
|
|
"- every enrolled client generates a host entry\n"
|
|
"\n"
|
|
"ENROLLMENT:\n"
|
|
"\n"
|
|
"There are three enrollment scenarios when enrolling a new client:\n"
|
|
"\n"
|
|
"1. You are enrolling as a full administrator. The host entry may exist\n"
|
|
" or not. A full administrator is a member of the hostadmin role\n"
|
|
" or the admins group.\n"
|
|
"2. You are enrolling as a limited administrator. The host must already\n"
|
|
" exist. A limited administrator is a member a role with the\n"
|
|
" Host Enrollment privilege.\n"
|
|
"3. The host has been created with a one-time password.\n"
|
|
"\n"
|
|
"RE-ENROLLMENT:\n"
|
|
"\n"
|
|
"Host that has been enrolled at some point, and lost its configuration (e.g. "
|
|
"VM\n"
|
|
"destroyed) can be re-enrolled.\n"
|
|
"\n"
|
|
"For more information, consult the manual pages for ipa-client-install.\n"
|
|
"\n"
|
|
"A host can optionally store information such as where it is located,\n"
|
|
"the OS that it runs, etc.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new host:\n"
|
|
" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
|
|
"com\n"
|
|
"\n"
|
|
" Delete a host:\n"
|
|
" ipa host-del test.example.com\n"
|
|
"\n"
|
|
" Add a new host with a one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
|
|
"\n"
|
|
" Add a new host with a random one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --random test.example.com\n"
|
|
"\n"
|
|
" Modify information about a host:\n"
|
|
" ipa host-mod --os='Fedora 12' test.example.com\n"
|
|
"\n"
|
|
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
|
|
" ipa host-mod --sshpubkey= --updatedns test.example.com\n"
|
|
"\n"
|
|
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
|
|
" ipa host-disable test.example.com\n"
|
|
"\n"
|
|
" Add a host that can manage this host's keytab and certificate:\n"
|
|
" ipa host-add-managedby --hosts=test2 test\n"
|
|
"\n"
|
|
" Allow user to create a keytab:\n"
|
|
" ipa host-allow-create-keytab test2 --users=tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid "Host name"
|
|
msgstr ""
|
|
|
|
msgid "A description of this host"
|
|
msgstr ""
|
|
|
|
msgid "Locality"
|
|
msgstr ""
|
|
|
|
msgid "Host locality (e.g. \"Baltimore, MD\")"
|
|
msgstr ""
|
|
|
|
msgid "Host location (e.g. \"Lab 2\")"
|
|
msgstr ""
|
|
|
|
msgid "Platform"
|
|
msgstr ""
|
|
|
|
msgid "Host hardware platform (e.g. \"Lenovo T61\")"
|
|
msgstr ""
|
|
|
|
msgid "Operating system"
|
|
msgstr ""
|
|
|
|
msgid "Host operating system and version (e.g. \"Fedora 9\")"
|
|
msgstr ""
|
|
|
|
msgid "User password"
|
|
msgstr ""
|
|
|
|
msgid "Password used in bulk enrollment"
|
|
msgstr ""
|
|
|
|
msgid "Generate a random password to be used in bulk enrollment"
|
|
msgstr ""
|
|
|
|
msgid "Random password"
|
|
msgstr ""
|
|
|
|
msgid "Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Base-64 encoded server certificate"
|
|
msgstr ""
|
|
|
|
msgid "Principal name"
|
|
msgstr ""
|
|
|
|
msgid "MAC address"
|
|
msgstr ""
|
|
|
|
msgid "Hardware MAC address(es) on this host"
|
|
msgstr ""
|
|
|
|
msgid "SSH public key"
|
|
msgstr ""
|
|
|
|
msgid "Class"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Host category (semantics placed on this attribute are for local "
|
|
"interpretation)"
|
|
msgstr ""
|
|
|
|
msgid "Assigned ID View"
|
|
msgstr ""
|
|
|
|
msgid "Requires pre-authentication"
|
|
msgstr ""
|
|
|
|
msgid "Pre-authentication is required for the service"
|
|
msgstr ""
|
|
|
|
msgid "Trusted for delegation"
|
|
msgstr ""
|
|
|
|
msgid "Client credentials may be delegated to the service"
|
|
msgstr ""
|
|
|
|
msgid "Member of host-groups"
|
|
msgstr ""
|
|
|
|
msgid "Roles"
|
|
msgstr ""
|
|
|
|
msgid "Member of netgroups"
|
|
msgstr ""
|
|
|
|
msgid "Member of Sudo rule"
|
|
msgstr ""
|
|
|
|
msgid "Member of HBAC rule"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of netgroup"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of host-group"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of role"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of Sudo rule"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of HBAC rule"
|
|
msgstr ""
|
|
|
|
msgid "Keytab"
|
|
msgstr ""
|
|
|
|
msgid "Managed by"
|
|
msgstr ""
|
|
|
|
msgid "Managing"
|
|
msgstr ""
|
|
|
|
msgid "Users allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
msgid "Groups allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
msgid "Hosts allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
msgid "Host Groups allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
msgid "Users allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Groups allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Hosts allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Host Groups allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Add a new host."
|
|
msgstr ""
|
|
|
|
msgid "force host name even if not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "skip reverse DNS detection"
|
|
msgstr ""
|
|
|
|
msgid "Add the host to DNS with this IP address"
|
|
msgstr ""
|
|
|
|
msgid "Add hosts that can manage this host."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow users, groups, hosts or host groups to create a keytab of this host."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow users, groups, hosts or host groups to retrieve a keytab of this host."
|
|
msgstr ""
|
|
|
|
msgid "Delete a host."
|
|
msgstr ""
|
|
|
|
msgid "Remove entries from DNS"
|
|
msgstr ""
|
|
|
|
msgid "Disable the Kerberos key, SSL certificate and all services of a host."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Disallow users, groups, hosts or host groups to create a keytab of this host."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Disallow users, groups, hosts or host groups to retrieve a keytab of this "
|
|
"host."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"hostname\")"
|
|
msgstr ""
|
|
|
|
msgid "host group"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these member of host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these member of host groups."
|
|
msgstr ""
|
|
|
|
msgid "netgroup"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "role"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "HBAC rule"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "sudo rule"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "user"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these enrolled by users."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these enrolled by users."
|
|
msgstr ""
|
|
|
|
msgid "host"
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these managed by hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these managed by hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts with these managing hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for hosts without these managing hosts."
|
|
msgstr ""
|
|
|
|
msgid "Modify information about a host."
|
|
msgstr ""
|
|
|
|
msgid "Kerberos principal name for this host"
|
|
msgstr ""
|
|
|
|
msgid "Update DNS entries"
|
|
msgstr ""
|
|
|
|
msgid "Remove hosts that can manage this host."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a host."
|
|
msgstr ""
|
|
|
|
msgid "file to store certificate in"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of hosts.\n"
|
|
"\n"
|
|
"Manage groups of hosts. This is useful for applying access control to a\n"
|
|
"number of hosts by using Host-based Access Control.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
|
|
"\n"
|
|
" Add another new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
|
|
"\n"
|
|
" Add members to the hostgroup (using Bash brace expansion):\n"
|
|
" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n"
|
|
"\n"
|
|
" Add a hostgroup as a member of another hostgroup:\n"
|
|
" ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
|
|
"\n"
|
|
" Remove a host from the hostgroup:\n"
|
|
" ipa hostgroup-remove-member --hosts=box2 baltimore\n"
|
|
"\n"
|
|
" Display a host group:\n"
|
|
" ipa hostgroup-show baltimore\n"
|
|
"\n"
|
|
" Delete a hostgroup:\n"
|
|
" ipa hostgroup-del baltimore\n"
|
|
msgstr ""
|
|
|
|
msgid "Host-group"
|
|
msgstr ""
|
|
|
|
msgid "Name of host-group"
|
|
msgstr ""
|
|
|
|
msgid "A description of this host-group"
|
|
msgstr ""
|
|
|
|
msgid "Member hosts"
|
|
msgstr ""
|
|
|
|
msgid "Member host-groups"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member hosts"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member host-groups"
|
|
msgstr ""
|
|
|
|
msgid "Add a new hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Add members to a hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Delete a hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Search for hostgroups."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"hostgroup-name\")"
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member of host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member of host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups with these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for host groups without these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify a hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a hostgroup."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ID Views\n"
|
|
"\n"
|
|
"Manage ID Views\n"
|
|
"\n"
|
|
"IPA allows to override certain properties of users and groups per each "
|
|
"host.\n"
|
|
"This functionality is primarily used to allow migration from older systems "
|
|
"or\n"
|
|
"other Identity Management solutions.\n"
|
|
msgstr ""
|
|
|
|
msgid "Anchor to override"
|
|
msgstr ""
|
|
|
|
msgid "Group name"
|
|
msgstr ""
|
|
|
|
msgid "GID"
|
|
msgstr ""
|
|
|
|
msgid "Group ID Number"
|
|
msgstr ""
|
|
|
|
msgid "User login"
|
|
msgstr ""
|
|
|
|
msgid "UID"
|
|
msgstr ""
|
|
|
|
msgid "User ID Number"
|
|
msgstr ""
|
|
|
|
msgid "GECOS"
|
|
msgstr ""
|
|
|
|
msgid "Home directory"
|
|
msgstr ""
|
|
|
|
msgid "Login shell"
|
|
msgstr ""
|
|
|
|
msgid "ID View Name"
|
|
msgstr ""
|
|
|
|
msgid "Add a new Group ID override."
|
|
msgstr ""
|
|
|
|
msgid "Delete an Group ID override."
|
|
msgstr ""
|
|
|
|
msgid "Search for an Group ID override."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"anchor\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify an Group ID override."
|
|
msgstr ""
|
|
|
|
msgid "Rename the Group ID override object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about an Group ID override."
|
|
msgstr ""
|
|
|
|
msgid "Add a new User ID override."
|
|
msgstr ""
|
|
|
|
msgid "Delete an User ID override."
|
|
msgstr ""
|
|
|
|
msgid "Search for an User ID override."
|
|
msgstr ""
|
|
|
|
msgid "Modify an User ID override."
|
|
msgstr ""
|
|
|
|
msgid "Rename the User ID override object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about an User ID override."
|
|
msgstr ""
|
|
|
|
msgid "Add a new ID View."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Applies ID View to specified hosts or current members of specified "
|
|
"hostgroups. If any other ID View is applied to the host, it is overriden."
|
|
msgstr ""
|
|
|
|
msgid "hosts"
|
|
msgstr ""
|
|
|
|
msgid "Hosts to apply the ID View to"
|
|
msgstr ""
|
|
|
|
msgid "hostgroups"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Hostgroups to whose hosts apply the ID View to. Please note that view is not "
|
|
"applied automatically to any hosts added to the hostgroup after running the "
|
|
"idview-apply command."
|
|
msgstr ""
|
|
|
|
msgid "Hosts that this ID View was applied to."
|
|
msgstr ""
|
|
|
|
msgid "Hosts or hostgroups that this ID View could not be applied to."
|
|
msgstr ""
|
|
|
|
msgid "Number of hosts the ID View was applied to:"
|
|
msgstr ""
|
|
|
|
msgid "Delete an ID View."
|
|
msgstr ""
|
|
|
|
msgid "Search for an ID View."
|
|
msgstr ""
|
|
|
|
msgid "Modify an ID View."
|
|
msgstr ""
|
|
|
|
msgid "Rename the ID View object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about an ID View."
|
|
msgstr ""
|
|
|
|
msgid "Enumerate all the hosts the view applies to."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Clears ID View from specified hosts or current members of specified "
|
|
"hostgroups."
|
|
msgstr ""
|
|
|
|
msgid "Hosts to clear (any) ID View from."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Hostgroups whose hosts should have ID Views cleared. Note that view is not "
|
|
"cleared automatically from any host added to the hostgroup after running "
|
|
"idview-unapply command."
|
|
msgstr ""
|
|
|
|
msgid "Hosts that ID View was cleared from."
|
|
msgstr ""
|
|
|
|
msgid "Hosts or hostgroups that ID View could not be cleared from."
|
|
msgstr ""
|
|
|
|
msgid "Number of hosts that had a ID View was unset:"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Plugins not accessible directly through the CLI, commands used internally\n"
|
|
msgstr ""
|
|
|
|
msgid "Dict of I18N messages"
|
|
msgstr ""
|
|
|
|
msgid "Export plugin meta-data for the webUI."
|
|
msgstr ""
|
|
|
|
msgid "Name of object to export"
|
|
msgstr ""
|
|
|
|
msgid "Name of method to export"
|
|
msgstr ""
|
|
|
|
msgid "Name of command to export"
|
|
msgstr ""
|
|
|
|
msgid "Dict of JSON encoded IPA Objects"
|
|
msgstr ""
|
|
|
|
msgid "Dict of JSON encoded IPA Methods"
|
|
msgstr ""
|
|
|
|
msgid "Dict of JSON encoded IPA Commands"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Joining an IPA domain\n"
|
|
msgstr ""
|
|
|
|
msgid "Join an IPA domain"
|
|
msgstr ""
|
|
|
|
msgid "The hostname to register as"
|
|
msgstr ""
|
|
|
|
msgid "The IPA realm"
|
|
msgstr ""
|
|
|
|
msgid "Hardware platform of the host (e.g. Lenovo T61)"
|
|
msgstr ""
|
|
|
|
msgid "Operating System and version of the host (e.g. Fedora 9)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Kerberos ticket policy\n"
|
|
"\n"
|
|
"There is a single Kerberos ticket policy. This policy defines the\n"
|
|
"maximum ticket lifetime and the maximum renewal age, the period during\n"
|
|
"which the ticket is renewable.\n"
|
|
"\n"
|
|
"You can also create a per-user ticket policy by specifying the user login.\n"
|
|
"\n"
|
|
"For changes to the global policy to take effect, restarting the KDC service\n"
|
|
"is required, which can be achieved using:\n"
|
|
"\n"
|
|
"service krb5kdc restart\n"
|
|
"\n"
|
|
"Changes to per-user policies take effect immediately for newly requested\n"
|
|
"tickets (e.g. when the user next runs kinit).\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Display the current Kerberos ticket policy:\n"
|
|
" ipa krbtpolicy-show\n"
|
|
"\n"
|
|
" Reset the policy to the default:\n"
|
|
" ipa krbtpolicy-reset\n"
|
|
"\n"
|
|
" Modify the policy to 8 hours max life, 1-day max renewal:\n"
|
|
" ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400\n"
|
|
"\n"
|
|
" Display effective Kerberos ticket policy for user 'admin':\n"
|
|
" ipa krbtpolicy-show admin\n"
|
|
"\n"
|
|
" Reset per-user policy for user 'admin':\n"
|
|
" ipa krbtpolicy-reset admin\n"
|
|
"\n"
|
|
" Modify per-user policy for user 'admin':\n"
|
|
" ipa krbtpolicy-mod admin --maxlife=3600\n"
|
|
msgstr ""
|
|
|
|
msgid "User name"
|
|
msgstr ""
|
|
|
|
msgid "Manage ticket policy for specific user"
|
|
msgstr ""
|
|
|
|
msgid "Max life"
|
|
msgstr ""
|
|
|
|
msgid "Maximum ticket life (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Max renew"
|
|
msgstr ""
|
|
|
|
msgid "Maximum renewable age (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Modify Kerberos ticket policy."
|
|
msgstr ""
|
|
|
|
msgid "Reset Kerberos ticket policy to the default values."
|
|
msgstr ""
|
|
|
|
msgid "Display the current Kerberos ticket policy."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Migration to IPA\n"
|
|
"\n"
|
|
"Migrate users and groups from an LDAP server to IPA.\n"
|
|
"\n"
|
|
"This performs an LDAP query against the remote server searching for\n"
|
|
"users and groups in a container. In order to migrate passwords you need\n"
|
|
"to bind as a user that can read the userPassword attribute on the remote\n"
|
|
"server. This is generally restricted to high-level admins such as\n"
|
|
"cn=Directory Manager in 389-ds (this is the default bind user).\n"
|
|
"\n"
|
|
"The default user container is ou=People.\n"
|
|
"\n"
|
|
"The default group container is ou=Groups.\n"
|
|
"\n"
|
|
"Users and groups that already exist on the IPA server are skipped.\n"
|
|
"\n"
|
|
"Two LDAP schemas define how group members are stored: RFC2307 and\n"
|
|
"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
|
|
"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
|
|
"\n"
|
|
"The schema compat feature allows IPA to reformat data for systems that\n"
|
|
"do not support RFC2307bis. It is recommended that this feature is disabled\n"
|
|
"during migration to reduce system overhead. It can be re-enabled after\n"
|
|
"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
|
|
"\n"
|
|
"Migrated users do not have Kerberos credentials, they have only their\n"
|
|
"LDAP password. To complete the migration process, users need to go\n"
|
|
"to http://ipa.example.com/ipa/migration and authenticate using their\n"
|
|
"LDAP password in order to generate their Kerberos credentials.\n"
|
|
"\n"
|
|
"Migration is disabled by default. Use the command ipa config-mod to\n"
|
|
"enable it:\n"
|
|
"\n"
|
|
" ipa config-mod --enable-migration=TRUE\n"
|
|
"\n"
|
|
"If a base DN is not provided with --basedn then IPA will use either\n"
|
|
"the value of defaultNamingContext if it is set or the first value\n"
|
|
"in namingContexts set in the root of the remote LDAP server.\n"
|
|
"\n"
|
|
"Users are added as members to the default user group. This can be a\n"
|
|
"time-intensive task so during migration this is done in a batch\n"
|
|
"mode for every 100 users. As a result there will be a window in which\n"
|
|
"users will be added to IPA but will not be members of the default\n"
|
|
"user group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" The simplest migration, accepting all defaults:\n"
|
|
" ipa migrate-ds ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Specify the user and group container. This can be used to migrate user\n"
|
|
" and group data from an IPA v1 server:\n"
|
|
" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-"
|
|
"container='cn=groups,cn=accounts' ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Since IPA v2 server already contain predefined groups that may collide "
|
|
"with\n"
|
|
" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
|
|
" having colliding group as their primary group may happen to belong to\n"
|
|
" an unknown group on new IPA v2 server.\n"
|
|
" Use --group-overwrite-gid option to overwrite GID of already existing "
|
|
"groups\n"
|
|
" to prevent this issue:\n"
|
|
" ipa migrate-ds --group-overwrite-gid --user-container='cn=users,"
|
|
"cn=accounts' --group-container='cn=groups,cn=accounts' "
|
|
"ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Migrated users or groups may have object class and accompanied attributes\n"
|
|
" unknown to the IPA v2 server. These object classes and attributes may be\n"
|
|
" left out of the migration process:\n"
|
|
" ipa migrate-ds --user-container='cn=users,cn=accounts' --group-"
|
|
"container='cn=groups,cn=accounts' --user-ignore-"
|
|
"objectclass=radiusprofile --user-ignore-"
|
|
"attribute=radiusgroupname ldap://ds.example.com:389\n"
|
|
"\n"
|
|
"LOGGING\n"
|
|
"\n"
|
|
"Migration will log warnings and errors to the Apache error log. This\n"
|
|
"file should be evaluated post-migration to correct or investigate any\n"
|
|
"issues that were discovered.\n"
|
|
"\n"
|
|
"For every 100 users migrated an info-level message will be displayed to\n"
|
|
"give the current progress and duration to make it possible to track\n"
|
|
"the progress of migration.\n"
|
|
"\n"
|
|
"If the log level is debug, either by setting debug = True in\n"
|
|
"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
|
|
"printed\n"
|
|
"for each user added plus a summary when the default user group is\n"
|
|
"updated.\n"
|
|
msgstr ""
|
|
|
|
msgid "Migrate users and groups from DS to IPA."
|
|
msgstr ""
|
|
|
|
msgid "LDAP URI"
|
|
msgstr ""
|
|
|
|
msgid "LDAP URI of DS server to migrate from"
|
|
msgstr ""
|
|
|
|
msgid "bind password"
|
|
msgstr ""
|
|
|
|
msgid "Bind DN"
|
|
msgstr ""
|
|
|
|
msgid "User container"
|
|
msgstr ""
|
|
|
|
msgid "DN of container for users in DS relative to base DN"
|
|
msgstr ""
|
|
|
|
msgid "Group container"
|
|
msgstr ""
|
|
|
|
msgid "DN of container for groups in DS relative to base DN"
|
|
msgstr ""
|
|
|
|
msgid "User object class"
|
|
msgstr ""
|
|
|
|
msgid "Objectclasses used to search for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Group object class"
|
|
msgstr ""
|
|
|
|
msgid "Objectclasses used to search for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Ignore user object class"
|
|
msgstr ""
|
|
|
|
msgid "Objectclasses to be ignored for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Ignore user attribute"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to be ignored for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Ignore group object class"
|
|
msgstr ""
|
|
|
|
msgid "Objectclasses to be ignored for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Ignore group attribute"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to be ignored for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Overwrite GID"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"When migrating a group already existing in IPA domain overwrite the group "
|
|
"GID and report as success"
|
|
msgstr ""
|
|
|
|
msgid "LDAP schema"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The schema used on the LDAP server. Supported values are RFC2307 and "
|
|
"RFC2307bis. The default is RFC2307bis"
|
|
msgstr ""
|
|
|
|
msgid "Continue"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Continuous operation mode. Errors are reported but the process continues"
|
|
msgstr ""
|
|
|
|
msgid "Base DN"
|
|
msgstr ""
|
|
|
|
msgid "Base DN on remote LDAP server"
|
|
msgstr ""
|
|
|
|
msgid "Ignore compat plugin"
|
|
msgstr ""
|
|
|
|
msgid "Allows migration despite the usage of compat plugin"
|
|
msgstr ""
|
|
|
|
msgid "CA certificate"
|
|
msgstr ""
|
|
|
|
msgid "Load CA certificate of LDAP server from FILE"
|
|
msgstr ""
|
|
|
|
msgid "groups to exclude from migration"
|
|
msgstr ""
|
|
|
|
msgid "users to exclude from migration"
|
|
msgstr ""
|
|
|
|
msgid "Lists of objects migrated; categorized by type."
|
|
msgstr ""
|
|
|
|
msgid "Lists of objects that could not be migrated; categorized by type."
|
|
msgstr ""
|
|
|
|
msgid "False if migration mode was disabled."
|
|
msgstr ""
|
|
|
|
msgid "False if migration fails because the compatibility plug-in is enabled."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Misc plug-ins\n"
|
|
msgstr ""
|
|
|
|
msgid "Show environment variables."
|
|
msgstr ""
|
|
|
|
msgid "Forward to server instead of running locally"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"retrieve and print all attributes from the server. Affects command output."
|
|
msgstr ""
|
|
|
|
msgid "Total number of variables env (>= count)"
|
|
msgstr ""
|
|
|
|
msgid "Number of variables returned (<= total)"
|
|
msgstr ""
|
|
|
|
msgid "Show all loaded plugins."
|
|
msgstr ""
|
|
|
|
msgid "Dictionary mapping plugin names to bases"
|
|
msgstr ""
|
|
|
|
msgid "Number of plugins loaded"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Netgroups\n"
|
|
"\n"
|
|
"A netgroup is a group used for permission checking. It can contain both\n"
|
|
"user and host values.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new netgroup:\n"
|
|
" ipa netgroup-add --desc=\"NFS admins\" admins\n"
|
|
"\n"
|
|
" Add members to the netgroup:\n"
|
|
" ipa netgroup-add-member --users=tuser1 --users=tuser2 admins\n"
|
|
"\n"
|
|
" Remove a member from the netgroup:\n"
|
|
" ipa netgroup-remove-member --users=tuser2 admins\n"
|
|
"\n"
|
|
" Display information about a netgroup:\n"
|
|
" ipa netgroup-show admins\n"
|
|
"\n"
|
|
" Delete a netgroup:\n"
|
|
" ipa netgroup-del admins\n"
|
|
msgstr ""
|
|
|
|
msgid "Netgroup name"
|
|
msgstr ""
|
|
|
|
msgid "Netgroup description"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "NIS domain name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "IPA unique ID"
|
|
msgstr ""
|
|
|
|
msgid "Member netgroups"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member netgroups"
|
|
msgstr ""
|
|
|
|
msgid "Member User"
|
|
msgstr ""
|
|
|
|
msgid "Member Group"
|
|
msgstr ""
|
|
|
|
msgid "Member Host"
|
|
msgstr ""
|
|
|
|
msgid "Member Hostgroup"
|
|
msgstr ""
|
|
|
|
msgid "Add a new netgroup."
|
|
msgstr ""
|
|
|
|
msgid "Add members to a netgroup."
|
|
msgstr ""
|
|
|
|
msgid "member netgroup"
|
|
msgstr ""
|
|
|
|
msgid "netgroups to add"
|
|
msgstr ""
|
|
|
|
msgid "Delete a netgroup."
|
|
msgstr ""
|
|
|
|
msgid "Search for a netgroup."
|
|
msgstr ""
|
|
|
|
msgid "search for managed groups"
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member users."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member users."
|
|
msgstr ""
|
|
|
|
msgid "group"
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member host groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for netgroups without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Modify a netgroup."
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a netgroup."
|
|
msgstr ""
|
|
|
|
msgid "netgroups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a netgroup."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"OTP configuration\n"
|
|
"\n"
|
|
"Manage the default values that IPA uses for OTP tokens.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Show basic OTP configuration:\n"
|
|
" ipa otpconfig-show\n"
|
|
"\n"
|
|
" Show all OTP configuration options:\n"
|
|
" ipa otpconfig-show --all\n"
|
|
"\n"
|
|
" Change maximum TOTP authentication window to 10 minutes:\n"
|
|
" ipa otpconfig-mod --totp-auth-window=600\n"
|
|
"\n"
|
|
" Change maximum TOTP synchronization window to 12 hours:\n"
|
|
" ipa otpconfig-mod --totp-sync-window=43200\n"
|
|
"\n"
|
|
" Change maximum HOTP authentication window to 5:\n"
|
|
" ipa hotpconfig-mod --hotp-auth-window=5\n"
|
|
"\n"
|
|
" Change maximum HOTP synchronization window to 50:\n"
|
|
" ipa hotpconfig-mod --hotp-sync-window=50\n"
|
|
msgstr ""
|
|
|
|
msgid "TOTP authentication Window"
|
|
msgstr ""
|
|
|
|
msgid "TOTP authentication time variance (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "TOTP Synchronization Window"
|
|
msgstr ""
|
|
|
|
msgid "TOTP synchronization time variance (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "HOTP Authentication Window"
|
|
msgstr ""
|
|
|
|
msgid "HOTP authentication skip-ahead"
|
|
msgstr ""
|
|
|
|
msgid "HOTP Synchronization Window"
|
|
msgstr ""
|
|
|
|
msgid "HOTP synchronization skip-ahead"
|
|
msgstr ""
|
|
|
|
msgid "Modify OTP configuration options."
|
|
msgstr ""
|
|
|
|
msgid "Show the current OTP configuration."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"OTP Tokens\n"
|
|
"\n"
|
|
"Manage OTP tokens.\n"
|
|
"\n"
|
|
"IPA supports the use of OTP tokens for multi-factor authentication. This\n"
|
|
"code enables the management of OTP tokens.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new token:\n"
|
|
" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n"
|
|
"\n"
|
|
" Examine the token:\n"
|
|
" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n"
|
|
"\n"
|
|
" Change the vendor:\n"
|
|
" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat"
|
|
"\"\n"
|
|
"\n"
|
|
" Delete a token:\n"
|
|
" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n"
|
|
msgstr ""
|
|
|
|
msgid "Unique ID"
|
|
msgstr ""
|
|
|
|
msgid "Type of the token"
|
|
msgstr ""
|
|
|
|
msgid "Token description (informational only)"
|
|
msgstr ""
|
|
|
|
msgid "Owner"
|
|
msgstr ""
|
|
|
|
msgid "Assigned user of the token (default: self)"
|
|
msgstr ""
|
|
|
|
msgid "Manager"
|
|
msgstr ""
|
|
|
|
msgid "Assigned manager of the token (default: self)"
|
|
msgstr ""
|
|
|
|
msgid "Disabled"
|
|
msgstr ""
|
|
|
|
msgid "Mark the token as disabled (default: false)"
|
|
msgstr ""
|
|
|
|
msgid "Validity start"
|
|
msgstr ""
|
|
|
|
msgid "First date/time the token can be used"
|
|
msgstr ""
|
|
|
|
msgid "Validity end"
|
|
msgstr ""
|
|
|
|
msgid "Last date/time the token can be used"
|
|
msgstr ""
|
|
|
|
msgid "Vendor"
|
|
msgstr ""
|
|
|
|
msgid "Token vendor name (informational only)"
|
|
msgstr ""
|
|
|
|
msgid "Model"
|
|
msgstr ""
|
|
|
|
msgid "Token model (informational only)"
|
|
msgstr ""
|
|
|
|
msgid "Serial"
|
|
msgstr ""
|
|
|
|
msgid "Token serial (informational only)"
|
|
msgstr ""
|
|
|
|
msgid "Token secret (Base32; default: random)"
|
|
msgstr ""
|
|
|
|
msgid "Token hash algorithm"
|
|
msgstr ""
|
|
|
|
msgid "Digits"
|
|
msgstr ""
|
|
|
|
msgid "Number of digits each token code will have"
|
|
msgstr ""
|
|
|
|
msgid "Clock offset"
|
|
msgstr ""
|
|
|
|
msgid "TOTP token / FreeIPA server time difference"
|
|
msgstr ""
|
|
|
|
msgid "Clock interval"
|
|
msgstr ""
|
|
|
|
msgid "Length of TOTP token code validity"
|
|
msgstr ""
|
|
|
|
msgid "Counter"
|
|
msgstr ""
|
|
|
|
msgid "Initial counter for the HOTP token"
|
|
msgstr ""
|
|
|
|
msgid "Add a new OTP token."
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "(deprecated)"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "Do not display QR code"
|
|
msgstr ""
|
|
|
|
msgid "Add users that can manage this token."
|
|
msgstr ""
|
|
|
|
msgid "Delete an OTP token."
|
|
msgstr ""
|
|
|
|
msgid "Search for OTP token."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"id\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify a OTP token."
|
|
msgstr ""
|
|
|
|
msgid "Rename the OTP token object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about an OTP token."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"YubiKey Tokens\n"
|
|
"\n"
|
|
"Manage YubiKey tokens.\n"
|
|
"\n"
|
|
"This code is an extension to the otptoken plugin and provides support for\n"
|
|
"reading/writing YubiKey tokens directly.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new token:\n"
|
|
" ipa otptoken-add-yubikey --owner=jdoe --desc=\"My YubiKey\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Set a user's password\n"
|
|
"\n"
|
|
"If someone other than a user changes that user's password (e.g., Helpdesk\n"
|
|
"resets it) then the password will need to be changed the first time it\n"
|
|
"is used. This is so the end-user is the only one who knows the password.\n"
|
|
"\n"
|
|
"The IPA password policy controls how often a password may be changed,\n"
|
|
"what strength requirements exist, and the length of the password history.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" To reset your own password:\n"
|
|
" ipa passwd\n"
|
|
"\n"
|
|
" To change another user's password:\n"
|
|
" ipa passwd tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid "Set a user's password."
|
|
msgstr ""
|
|
|
|
msgid "New Password"
|
|
msgstr ""
|
|
|
|
msgid "Current Password"
|
|
msgstr ""
|
|
|
|
msgid "OTP"
|
|
msgstr ""
|
|
|
|
msgid "One Time Password"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Permissions\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of rights. A permission is\n"
|
|
"a human-readable wrapper around a 389-ds Access Control Rule,\n"
|
|
"or instruction (ACI).\n"
|
|
"A permission grants the right to perform a specific task such as adding a\n"
|
|
"user, modifying a group, etc.\n"
|
|
"\n"
|
|
"A permission may not contain other permissions.\n"
|
|
"\n"
|
|
"* A permission grants access to read, write, add, delete, read, search,\n"
|
|
" or compare.\n"
|
|
"* A privilege combines similar permissions (for example all the permissions\n"
|
|
" needed to add a user).\n"
|
|
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
|
|
"\n"
|
|
"A permission is made up of a number of different parts:\n"
|
|
"\n"
|
|
"1. The name of the permission.\n"
|
|
"2. The target of the permission.\n"
|
|
"3. The rights granted by the permission.\n"
|
|
"\n"
|
|
"Rights define what operations are allowed, and may be one or more\n"
|
|
"of the following:\n"
|
|
"1. write - write one or more attributes\n"
|
|
"2. read - read one or more attributes\n"
|
|
"3. search - search on one or more attributes\n"
|
|
"4. compare - compare one or more attributes\n"
|
|
"5. add - add a new entry to the tree\n"
|
|
"6. delete - delete an existing entry\n"
|
|
"7. all - all permissions are granted\n"
|
|
"\n"
|
|
"Note the distinction between attributes and entries. The permissions are\n"
|
|
"independent, so being able to add a user does not mean that the user will\n"
|
|
"be editable.\n"
|
|
"\n"
|
|
"There are a number of allowed targets:\n"
|
|
"1. subtree: a DN; the permission applies to the subtree under this DN\n"
|
|
"2. target filter: an LDAP filter\n"
|
|
"3. target: DN with possible wildcards, specifies entries permission applies "
|
|
"to\n"
|
|
"\n"
|
|
"Additionally, there are the following convenience options.\n"
|
|
"Setting one of these options will set the corresponding attribute(s).\n"
|
|
"1. type: a type of object (user, group, etc); sets subtree and target "
|
|
"filter.\n"
|
|
"2. memberof: apply to members of a group; sets target filter\n"
|
|
"3. targetgroup: grant access to modify a specific group (such as granting\n"
|
|
" the rights to manage group membership); sets target.\n"
|
|
"\n"
|
|
"Managed permissions\n"
|
|
"\n"
|
|
"Permissions that come with IPA by default can be so-called \"managed\"\n"
|
|
"permissions. These have a default set of attributes they apply to,\n"
|
|
"but the administrator can add/remove individual attributes to/from the set.\n"
|
|
"\n"
|
|
"Deleting or renaming a managed permission, as well as changing its target,\n"
|
|
"is not allowed.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a permission that grants the creation of users:\n"
|
|
" ipa permission-add --type=user --permissions=add \"Add Users\"\n"
|
|
"\n"
|
|
" Add a permission that grants the ability to manage group membership:\n"
|
|
" ipa permission-add --attrs=member --permissions=write --type=group "
|
|
"\"Manage Group Members\"\n"
|
|
msgstr ""
|
|
|
|
msgid "Permission name"
|
|
msgstr ""
|
|
|
|
msgid "Granted rights"
|
|
msgstr ""
|
|
|
|
msgid "Rights to grant (read, search, compare, write, add, delete, all)"
|
|
msgstr ""
|
|
|
|
msgid "Effective attributes"
|
|
msgstr ""
|
|
|
|
msgid "All attributes to which the permission applies"
|
|
msgstr ""
|
|
|
|
msgid "Included attributes"
|
|
msgstr ""
|
|
|
|
msgid "User-specified attributes to which the permission applies"
|
|
msgstr ""
|
|
|
|
msgid "Excluded attributes"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"User-specified attributes to which the permission explicitly does not apply"
|
|
msgstr ""
|
|
|
|
msgid "Default attributes"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to which the permission applies by default"
|
|
msgstr ""
|
|
|
|
msgid "Bind rule type"
|
|
msgstr ""
|
|
|
|
msgid "Subtree to apply permissions to"
|
|
msgstr ""
|
|
|
|
msgid "Extra target filter"
|
|
msgstr ""
|
|
|
|
msgid "Raw target filter"
|
|
msgstr ""
|
|
|
|
msgid "All target filters, including those implied by type and memberof"
|
|
msgstr ""
|
|
|
|
msgid "Target DN"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Optional DN to apply the permission to (must be in the subtree, but may not "
|
|
"yet exist)"
|
|
msgstr ""
|
|
|
|
msgid "Member of group"
|
|
msgstr ""
|
|
|
|
msgid "Target members of a group (sets memberOf targetfilter)"
|
|
msgstr ""
|
|
|
|
msgid "User group to apply permissions to (sets target)"
|
|
msgstr ""
|
|
|
|
msgid "Type of IPA object (sets subtree and objectClass targetfilter)"
|
|
msgstr ""
|
|
|
|
msgid "Deprecated; use extratargetfilter"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "Deprecated; use ipapermlocation"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "Deprecated; use ipapermright"
|
|
msgstr ""
|
|
|
|
msgid "Granted to Privilege"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of roles"
|
|
msgstr ""
|
|
|
|
msgid "Add a new permission."
|
|
msgstr ""
|
|
|
|
msgid "Add members to a permission."
|
|
msgstr ""
|
|
|
|
msgid "member privilege"
|
|
msgstr ""
|
|
|
|
msgid "privileges to add"
|
|
msgstr ""
|
|
|
|
msgid "Add a system permission without an ACI (internal command)"
|
|
msgstr ""
|
|
|
|
msgid "Permission flags"
|
|
msgstr ""
|
|
|
|
msgid "Delete a permission."
|
|
msgstr ""
|
|
|
|
msgid "force delete of SYSTEM permissions"
|
|
msgstr ""
|
|
|
|
msgid "Search for permissions."
|
|
msgstr ""
|
|
|
|
msgid "Modify a permission."
|
|
msgstr ""
|
|
|
|
msgid "Rename the permission object"
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a permission."
|
|
msgstr ""
|
|
|
|
msgid "privileges to remove"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a permission."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Ping the remote IPA server to ensure it is running.\n"
|
|
"\n"
|
|
"The ping command sends an echo request to an IPA server. The server\n"
|
|
"returns its version information. This is used by an IPA client\n"
|
|
"to confirm that the server is available and accepting requests.\n"
|
|
"\n"
|
|
"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n"
|
|
"If it does not respond then the client will contact any servers defined\n"
|
|
"by ldap SRV records in DNS.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Ping an IPA server:\n"
|
|
" ipa ping\n"
|
|
" ------------------------------------------\n"
|
|
" IPA server version 2.1.9. API version 2.20\n"
|
|
" ------------------------------------------\n"
|
|
"\n"
|
|
" Ping an IPA server verbosely:\n"
|
|
" ipa -v ping\n"
|
|
" ipa: INFO: trying https://ipa.example.com/ipa/xml\n"
|
|
" ipa: INFO: Forwarding 'ping' to server 'https://ipa.example.com/ipa/xml'\n"
|
|
" -----------------------------------------------------\n"
|
|
" IPA server version 2.1.9. API version 2.20\n"
|
|
" -----------------------------------------------------\n"
|
|
msgstr ""
|
|
|
|
msgid "Ping a remote server."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Kerberos pkinit options\n"
|
|
"\n"
|
|
"Enable or disable anonymous pkinit using the principal\n"
|
|
"WELLKNOWN/ANONYMOUS@REALM. The server must have been installed with\n"
|
|
"pkinit support.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Enable anonymous pkinit:\n"
|
|
" ipa pkinit-anonymous enable\n"
|
|
"\n"
|
|
" Disable anonymous pkinit:\n"
|
|
" ipa pkinit-anonymous disable\n"
|
|
"\n"
|
|
"For more information on anonymous pkinit see:\n"
|
|
"\n"
|
|
"http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit\n"
|
|
msgstr ""
|
|
|
|
msgid "Enable or Disable Anonymous PKINIT."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Privileges\n"
|
|
"\n"
|
|
"A privilege combines permissions into a logical task. A permission provides\n"
|
|
"the rights to do a single task. There are some IPA operations that require\n"
|
|
"multiple permissions to succeed. A privilege is where permissions are\n"
|
|
"combined in order to perform a specific task.\n"
|
|
"\n"
|
|
"For example, adding a user requires the following permissions:\n"
|
|
" * Creating a new user entry\n"
|
|
" * Resetting a user password\n"
|
|
" * Adding the new user to the default IPA users group\n"
|
|
"\n"
|
|
"Combining these three low-level tasks into a higher level task in the\n"
|
|
"form of a privilege named \"Add User\" makes it easier to manage Roles.\n"
|
|
"\n"
|
|
"A privilege may not contain other privileges.\n"
|
|
"\n"
|
|
"See role and permission for additional information.\n"
|
|
msgstr ""
|
|
|
|
msgid "Privilege name"
|
|
msgstr ""
|
|
|
|
msgid "Privilege description"
|
|
msgstr ""
|
|
|
|
msgid "Granting privilege to roles"
|
|
msgstr ""
|
|
|
|
msgid "Add a new privilege."
|
|
msgstr ""
|
|
|
|
msgid "Add members to a privilege."
|
|
msgstr ""
|
|
|
|
msgid "member role"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "No file to read"
|
|
msgid "roles to add"
|
|
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "
|
|
|
|
msgid "Add permissions to a privilege."
|
|
msgstr ""
|
|
|
|
msgid "permission"
|
|
msgstr ""
|
|
|
|
msgid "permissions"
|
|
msgstr ""
|
|
|
|
msgid "Number of permissions added"
|
|
msgstr ""
|
|
|
|
msgid "Delete a privilege."
|
|
msgstr ""
|
|
|
|
msgid "Search for privileges."
|
|
msgstr ""
|
|
|
|
msgid "Modify a privilege."
|
|
msgstr ""
|
|
|
|
msgid "Rename the privilege object"
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a privilege"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "No file to read"
|
|
msgid "roles to remove"
|
|
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "
|
|
|
|
msgid "Remove permissions from a privilege."
|
|
msgstr ""
|
|
|
|
msgid "Number of permissions removed"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a privilege."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Password policy\n"
|
|
"\n"
|
|
"A password policy sets limitations on IPA passwords, including maximum\n"
|
|
"lifetime, minimum lifetime, the number of passwords to save in\n"
|
|
"history, the number of character classes required (for stronger passwords)\n"
|
|
"and the minimum password length.\n"
|
|
"\n"
|
|
"By default there is a single, global policy for all users. You can also\n"
|
|
"create a password policy to apply to a group. Each user is only subject\n"
|
|
"to one password policy, either the group policy or the global policy. A\n"
|
|
"group policy stands alone; it is not a super-set of the global policy plus\n"
|
|
"custom settings.\n"
|
|
"\n"
|
|
"Each group password policy requires a unique priority setting. If a user\n"
|
|
"is in multiple groups that have password policies, this priority determines\n"
|
|
"which password policy is applied. A lower value indicates a higher priority\n"
|
|
"policy.\n"
|
|
"\n"
|
|
"Group password policies are automatically removed when the groups they\n"
|
|
"are associated with are removed.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Modify the global policy:\n"
|
|
" ipa pwpolicy-mod --minlength=10\n"
|
|
"\n"
|
|
" Add a new group password policy:\n"
|
|
" ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --"
|
|
"minlength=8 --priority=10 localadmins\n"
|
|
"\n"
|
|
" Display the global password policy:\n"
|
|
" ipa pwpolicy-show\n"
|
|
"\n"
|
|
" Display a group password policy:\n"
|
|
" ipa pwpolicy-show localadmins\n"
|
|
"\n"
|
|
" Display the policy that would be applied to a given user:\n"
|
|
" ipa pwpolicy-show --user=tuser1\n"
|
|
"\n"
|
|
" Modify a group password policy:\n"
|
|
" ipa pwpolicy-mod --minclasses=2 localadmins\n"
|
|
msgstr ""
|
|
|
|
msgid "Group"
|
|
msgstr ""
|
|
|
|
msgid "Manage password policy for specific group"
|
|
msgstr ""
|
|
|
|
msgid "Max lifetime (days)"
|
|
msgstr ""
|
|
|
|
msgid "Maximum password lifetime (in days)"
|
|
msgstr ""
|
|
|
|
msgid "Min lifetime (hours)"
|
|
msgstr ""
|
|
|
|
msgid "Minimum password lifetime (in hours)"
|
|
msgstr ""
|
|
|
|
msgid "History size"
|
|
msgstr ""
|
|
|
|
msgid "Password history size"
|
|
msgstr ""
|
|
|
|
msgid "Character classes"
|
|
msgstr ""
|
|
|
|
msgid "Minimum number of character classes"
|
|
msgstr ""
|
|
|
|
msgid "Min length"
|
|
msgstr ""
|
|
|
|
msgid "Minimum length of password"
|
|
msgstr ""
|
|
|
|
msgid "Priority of the policy (higher number means lower priority"
|
|
msgstr ""
|
|
|
|
msgid "Max failures"
|
|
msgstr ""
|
|
|
|
msgid "Consecutive failures before lockout"
|
|
msgstr ""
|
|
|
|
msgid "Failure reset interval"
|
|
msgstr ""
|
|
|
|
msgid "Period after which failure count will be reset (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Lockout duration"
|
|
msgstr ""
|
|
|
|
msgid "Period for which lockout is enforced (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"cn\")"
|
|
msgstr ""
|
|
|
|
msgid "Add a new group password policy."
|
|
msgstr ""
|
|
|
|
msgid "Delete a group password policy."
|
|
msgstr ""
|
|
|
|
msgid "Search for group password policies."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"group\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify a group password policy."
|
|
msgstr ""
|
|
|
|
msgid "Display information about password policy."
|
|
msgstr ""
|
|
|
|
msgid "User"
|
|
msgstr ""
|
|
|
|
msgid "Display effective policy for a specific user"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"RADIUS Proxy Servers\n"
|
|
"\n"
|
|
"Manage RADIUS Proxy Servers.\n"
|
|
"\n"
|
|
"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n"
|
|
"authentications. This permits a great deal of flexibility when\n"
|
|
"integrating with third-party authentication services.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new server:\n"
|
|
" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n"
|
|
"\n"
|
|
" Find all servers whose entries include the string \"example.com\":\n"
|
|
" ipa radiusproxy-find example.com\n"
|
|
"\n"
|
|
" Examine the configuration:\n"
|
|
" ipa radiusproxy-show MyRADIUS\n"
|
|
"\n"
|
|
" Change the secret:\n"
|
|
" ipa radiusproxy-mod MyRADIUS --secret\n"
|
|
"\n"
|
|
" Delete a configuration:\n"
|
|
" ipa radiusproxy-del MyRADIUS\n"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS proxy server name"
|
|
msgstr ""
|
|
|
|
msgid "A description of this RADIUS proxy server"
|
|
msgstr ""
|
|
|
|
msgid "Server"
|
|
msgstr ""
|
|
|
|
msgid "The hostname or IP (with or without port)"
|
|
msgstr ""
|
|
|
|
msgid "Secret"
|
|
msgstr ""
|
|
|
|
msgid "The secret used to encrypt data"
|
|
msgstr ""
|
|
|
|
msgid "Timeout"
|
|
msgstr ""
|
|
|
|
msgid "The total timeout across all retries (in seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Retries"
|
|
msgstr ""
|
|
|
|
msgid "The number of times to retry authentication"
|
|
msgstr ""
|
|
|
|
msgid "User attribute"
|
|
msgstr ""
|
|
|
|
msgid "The username attribute on the user object"
|
|
msgstr ""
|
|
|
|
msgid "Add a new RADIUS proxy server."
|
|
msgstr ""
|
|
|
|
msgid "Delete a RADIUS proxy server."
|
|
msgstr ""
|
|
|
|
msgid "Search for RADIUS proxy servers."
|
|
msgstr ""
|
|
|
|
msgid "Modify a RADIUS proxy server."
|
|
msgstr ""
|
|
|
|
msgid "Rename the RADIUS proxy server object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a RADIUS proxy server."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Realm domains\n"
|
|
"\n"
|
|
"Manage the list of domains associated with IPA realm.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Display the current list of realm domains:\n"
|
|
" ipa realmdomains-show\n"
|
|
"\n"
|
|
" Replace the list of realm domains:\n"
|
|
" ipa realmdomains-mod --domain=example.com\n"
|
|
" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
|
|
"\n"
|
|
" Add a domain to the list of realm domains:\n"
|
|
" ipa realmdomains-mod --add-domain=newdomain.com\n"
|
|
"\n"
|
|
" Delete a domain from the list of realm domains:\n"
|
|
" ipa realmdomains-mod --del-domain=olddomain.com\n"
|
|
msgstr ""
|
|
|
|
msgid "Domain"
|
|
msgstr ""
|
|
|
|
msgid "Add domain"
|
|
msgstr ""
|
|
|
|
msgid "Delete domain"
|
|
msgstr ""
|
|
|
|
msgid "Modify realm domains."
|
|
msgstr ""
|
|
|
|
msgid "Force adding domain even if not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Display the list of realm domains."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Roles\n"
|
|
"\n"
|
|
"A role is used for fine-grained delegation. A permission grants the ability\n"
|
|
"to perform given low-level tasks (add a user, modify a group, etc.). A\n"
|
|
"privilege combines one or more permissions into a higher-level abstraction\n"
|
|
"such as useradmin. A useradmin would be able to add, delete and modify "
|
|
"users.\n"
|
|
"\n"
|
|
"Privileges are assigned to Roles.\n"
|
|
"\n"
|
|
"Users, groups, hosts and hostgroups may be members of a Role.\n"
|
|
"\n"
|
|
"Roles can not contain other roles.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new role:\n"
|
|
" ipa role-add --desc=\"Junior-level admin\" junioradmin\n"
|
|
"\n"
|
|
" Add some privileges to this role:\n"
|
|
" ipa role-add-privilege --privileges=addusers junioradmin\n"
|
|
" ipa role-add-privilege --privileges=change_password junioradmin\n"
|
|
" ipa role-add-privilege --privileges=add_user_to_default_group "
|
|
"junioradmin\n"
|
|
"\n"
|
|
" Add a group of users to this role:\n"
|
|
" ipa group-add --desc=\"User admins\" useradmins\n"
|
|
" ipa role-add-member --groups=useradmins junioradmin\n"
|
|
"\n"
|
|
" Display information about a role:\n"
|
|
" ipa role-show junioradmin\n"
|
|
"\n"
|
|
" The result of this is that any users in the group 'junioradmin' can\n"
|
|
" add users, reset passwords or add a user to the default IPA user group.\n"
|
|
msgstr ""
|
|
|
|
msgid "Role name"
|
|
msgstr ""
|
|
|
|
msgid "A description of this role-group"
|
|
msgstr ""
|
|
|
|
msgid "Member users"
|
|
msgstr ""
|
|
|
|
msgid "Member groups"
|
|
msgstr ""
|
|
|
|
msgid "Privileges"
|
|
msgstr ""
|
|
|
|
msgid "Member services"
|
|
msgstr ""
|
|
|
|
msgid "Add a new role."
|
|
msgstr ""
|
|
|
|
msgid "Add members to a role."
|
|
msgstr ""
|
|
|
|
msgid "member service"
|
|
msgstr ""
|
|
|
|
msgid "services to add"
|
|
msgstr ""
|
|
|
|
msgid "Add privileges to a role."
|
|
msgstr ""
|
|
|
|
msgid "privilege"
|
|
msgstr ""
|
|
|
|
msgid "privileges"
|
|
msgstr ""
|
|
|
|
msgid "Number of privileges added"
|
|
msgstr ""
|
|
|
|
msgid "Delete a role."
|
|
msgstr ""
|
|
|
|
msgid "Search for roles."
|
|
msgstr ""
|
|
|
|
msgid "Modify a role."
|
|
msgstr ""
|
|
|
|
msgid "Rename the role object"
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a role."
|
|
msgstr ""
|
|
|
|
msgid "services to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove privileges from a role."
|
|
msgstr ""
|
|
|
|
msgid "Number of privileges removed"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a role."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Self-service Permissions\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of permissions. Access Control\n"
|
|
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
|
|
"given tasks such as adding a user, modifying a group, etc.\n"
|
|
"\n"
|
|
"A Self-service permission defines what an object can change in its own "
|
|
"entry.\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a self-service rule to allow users to manage their address (using Bash\n"
|
|
" brace expansion):\n"
|
|
" ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c,"
|
|
"st} \"Users manage their own address\"\n"
|
|
"\n"
|
|
" When managing the list of attributes you need to include all attributes\n"
|
|
" in the list, including existing ones.\n"
|
|
" Add telephoneNumber to the list (using Bash brace expansion):\n"
|
|
" ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} "
|
|
"\"Users manage their own address\"\n"
|
|
"\n"
|
|
" Display our updated rule:\n"
|
|
" ipa selfservice-show \"Users manage their own address\"\n"
|
|
"\n"
|
|
" Delete a rule:\n"
|
|
" ipa selfservice-del \"Users manage their own address\"\n"
|
|
msgstr ""
|
|
|
|
msgid "Self-service name"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to which the permission applies."
|
|
msgstr ""
|
|
|
|
msgid "Add a new self-service permission."
|
|
msgstr ""
|
|
|
|
msgid "Delete a self-service permission."
|
|
msgstr ""
|
|
|
|
msgid "Search for a self-service permission."
|
|
msgstr ""
|
|
|
|
msgid "Modify a self-service permission."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a self-service permission."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"SELinux User Mapping\n"
|
|
"\n"
|
|
"Map IPA users to SELinux users by host.\n"
|
|
"\n"
|
|
"Hosts, hostgroups, users and groups can be either defined within\n"
|
|
"the rule or it may point to an existing HBAC rule. When using\n"
|
|
"--hbacrule option to selinuxusermap-find an exact match is made on the\n"
|
|
"HBAC rule name, so only one or zero entries will be returned.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a rule, \"test1\", that sets all users to xguest_u:s0 on the host "
|
|
"\"server\":\n"
|
|
" ipa selinuxusermap-add --usercat=all --selinuxuser=xguest_u:s0 test1\n"
|
|
" ipa selinuxusermap-add-host --hosts=server.example.com test1\n"
|
|
"\n"
|
|
" Create a rule, \"test2\", that sets all users to guest_u:s0 and uses an "
|
|
"existing HBAC rule for users and hosts:\n"
|
|
" ipa selinuxusermap-add --usercat=all --hbacrule=webserver --"
|
|
"selinuxuser=guest_u:s0 test2\n"
|
|
"\n"
|
|
" Display the properties of a rule:\n"
|
|
" ipa selinuxusermap-show test2\n"
|
|
"\n"
|
|
" Create a rule for a specific user. This sets the SELinux context for\n"
|
|
" user john to unconfined_u:s0-s0:c0.c1023 on any machine:\n"
|
|
" ipa selinuxusermap-add --hostcat=all --selinuxuser=unconfined_u:s0-s0:c0."
|
|
"c1023 john_unconfined\n"
|
|
" ipa selinuxusermap-add-user --users=john john_unconfined\n"
|
|
"\n"
|
|
" Disable a rule:\n"
|
|
" ipa selinuxusermap-disable test1\n"
|
|
"\n"
|
|
" Enable a rule:\n"
|
|
" ipa selinuxusermap-enable test1\n"
|
|
"\n"
|
|
" Find a rule referencing a specific HBAC rule:\n"
|
|
" ipa selinuxusermap-find --hbacrule=allow_some\n"
|
|
"\n"
|
|
" Remove a rule:\n"
|
|
" ipa selinuxusermap-del john_unconfined\n"
|
|
"\n"
|
|
"SEEALSO:\n"
|
|
"\n"
|
|
" The list controlling the order in which the SELinux user map is applied\n"
|
|
" and the default SELinux user are available in the config-show command.\n"
|
|
msgstr ""
|
|
|
|
msgid "SELinux User"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Rule"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Rule that defines the users, groups and hostgroups"
|
|
msgstr ""
|
|
|
|
msgid "Create a new SELinux User Map."
|
|
msgstr ""
|
|
|
|
msgid "Add target hosts and hostgroups to an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Add users and groups to an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Delete a SELinux User Map."
|
|
msgstr ""
|
|
|
|
msgid "Disable an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Enable an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Search for SELinux User Maps."
|
|
msgstr ""
|
|
|
|
msgid "Modify a SELinux User Map."
|
|
msgstr ""
|
|
|
|
msgid "Remove target hosts and hostgroups from an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Remove users and groups from an SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid "Display the properties of a SELinux User Map rule."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Services\n"
|
|
"\n"
|
|
"A IPA service represents a service that runs on a host. The IPA service\n"
|
|
"record can store a Kerberos principal, an SSL certificate, or both.\n"
|
|
"\n"
|
|
"An IPA service can be managed directly from a machine, provided that\n"
|
|
"machine has been given the correct permission. This is true even for\n"
|
|
"machines other than the one the service is associated with. For example,\n"
|
|
"requesting an SSL certificate using the host service principal credentials\n"
|
|
"of the host. To manage a service using host credentials you need to\n"
|
|
"kinit as the host:\n"
|
|
"\n"
|
|
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
|
|
"\n"
|
|
"Adding an IPA service allows the associated service to request an SSL\n"
|
|
"certificate or keytab, but this is performed as a separate step; they\n"
|
|
"are not produced as a result of adding the service.\n"
|
|
"\n"
|
|
"Only the public aspect of a certificate is stored in a service record;\n"
|
|
"the private key is not stored.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new IPA service:\n"
|
|
" ipa service-add HTTP/web.example.com\n"
|
|
"\n"
|
|
" Allow a host to manage an IPA service certificate:\n"
|
|
" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
|
|
" ipa role-add-member --hosts=web.example.com certadmin\n"
|
|
"\n"
|
|
" Override a default list of supported PAC types for the service:\n"
|
|
" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
|
|
"\n"
|
|
" A typical use case where overriding the PAC type is needed is NFS.\n"
|
|
" Currently the related code in the Linux kernel can only handle Kerberos\n"
|
|
" tickets up to a maximal size. Since the PAC data can become quite large "
|
|
"it\n"
|
|
" is recommended to set --pac-type=NONE for NFS services.\n"
|
|
"\n"
|
|
" Delete an IPA service:\n"
|
|
" ipa service-del HTTP/web.example.com\n"
|
|
"\n"
|
|
" Find all IPA services associated with a host:\n"
|
|
" ipa service-find web.example.com\n"
|
|
"\n"
|
|
" Find all HTTP services:\n"
|
|
" ipa service-find HTTP\n"
|
|
"\n"
|
|
" Disable the service Kerberos key and SSL certificate:\n"
|
|
" ipa service-disable HTTP/web.example.com\n"
|
|
"\n"
|
|
" Request a certificate for an IPA service:\n"
|
|
" ipa cert-request --principal=HTTP/web.example.com example.csr\n"
|
|
"\n"
|
|
" Allow user to create a keytab:\n"
|
|
" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n"
|
|
"\n"
|
|
" Generate and retrieve a keytab for an IPA service:\n"
|
|
" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
|
|
"httpd.keytab\n"
|
|
msgstr ""
|
|
|
|
msgid "Service principal"
|
|
msgstr ""
|
|
|
|
msgid "PAC type"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Override default list of supported PAC types. Use 'NONE' to disable PAC "
|
|
"support for this service, e.g. this might be necessary for NFS services."
|
|
msgstr ""
|
|
|
|
msgid "Add a new IPA new service."
|
|
msgstr ""
|
|
|
|
msgid "force principal name even if not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Add hosts that can manage this service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow users, groups, hosts or host groups to create a keytab of this service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow users, groups, hosts or host groups to retrieve a keytab of this "
|
|
"service."
|
|
msgstr ""
|
|
|
|
msgid "Delete an IPA service."
|
|
msgstr ""
|
|
|
|
msgid "Disable the Kerberos key and SSL certificate of a service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Disallow users, groups, hosts or host groups to create a keytab of this "
|
|
"service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Disallow users, groups, hosts or host groups to retrieve a keytab of this "
|
|
"service."
|
|
msgstr ""
|
|
|
|
msgid "Search for IPA services."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"principal\")"
|
|
msgstr ""
|
|
|
|
msgid "Search for services with these managed by hosts."
|
|
msgstr ""
|
|
|
|
msgid "Search for services without these managed by hosts."
|
|
msgstr ""
|
|
|
|
msgid "Modify an existing IPA service."
|
|
msgstr ""
|
|
|
|
msgid "Remove hosts that can manage this service."
|
|
msgstr ""
|
|
|
|
msgid "Display information about an IPA service."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Session Support for IPA\n"
|
|
"John Dennis <jdennis@redhat.com>\n"
|
|
"\n"
|
|
"Goals\n"
|
|
"=====\n"
|
|
"\n"
|
|
"Provide per-user session data caching which persists between\n"
|
|
"requests. Desired features are:\n"
|
|
"\n"
|
|
"* Integrates cleanly with minimum impact on existing infrastructure.\n"
|
|
"\n"
|
|
"* Provides maximum security balanced against real-world performance\n"
|
|
" demands.\n"
|
|
"\n"
|
|
"* Sessions must be able to be revoked (flushed).\n"
|
|
"\n"
|
|
"* Should be flexible and easy to use for developers.\n"
|
|
"\n"
|
|
"* Should leverage existing technology and code to the maximum extent\n"
|
|
" possible to avoid re-invention, excessive implementation time and to\n"
|
|
" benefit from robustness in field proven components commonly shared\n"
|
|
" in the open source community.\n"
|
|
"\n"
|
|
"* Must support multiple independent processes which share session\n"
|
|
" data.\n"
|
|
"\n"
|
|
"* System must function correctly if session data is available or not.\n"
|
|
"\n"
|
|
"* Must be high performance.\n"
|
|
"\n"
|
|
"* Should not be tied to specific web servers or browsers. Should\n"
|
|
" integrate with our chosen WSGI model.\n"
|
|
"\n"
|
|
"Issues\n"
|
|
"======\n"
|
|
"\n"
|
|
"Cookies\n"
|
|
"-------\n"
|
|
"\n"
|
|
"Most session implementations are based on the use of cookies. Cookies\n"
|
|
"have some inherent problems.\n"
|
|
"\n"
|
|
"* User has the option to disable cookies.\n"
|
|
"\n"
|
|
"* User stored cookie data is not secure. Can be mitigated by setting\n"
|
|
" flags indicating the cookie is only to be used with SSL secured HTTP\n"
|
|
" connections to specific web resources and setting the cookie to\n"
|
|
" expire at session termination. Most modern browsers enforce these.\n"
|
|
"\n"
|
|
"Where to store session data?\n"
|
|
"----------------------------\n"
|
|
"\n"
|
|
"Session data may be stored on either on the client or on the\n"
|
|
"server. Storing session data on the client addresses the problem of\n"
|
|
"session data availability when requests are serviced by independent web\n"
|
|
"servers because the session data travels with the request. However\n"
|
|
"there are data size limitations. Storing session data on the client\n"
|
|
"also exposes sensitive data but this can be mitigated by encrypting\n"
|
|
"the session data such that only the server can decrypt it.\n"
|
|
"\n"
|
|
"The more conventional approach is to bind session data to a unique\n"
|
|
"name, the session ID. The session ID is transmitted to the client and\n"
|
|
"the session data is paired with the session ID on the server in a\n"
|
|
"associative data store. The session data is retrieved by the server\n"
|
|
"using the session ID when the receiving the request. This eliminates\n"
|
|
"exposing sensitive session data on the client along with limitations\n"
|
|
"on data size. It however introduces the issue of session data\n"
|
|
"availability when requests are serviced by more than one server\n"
|
|
"process.\n"
|
|
"\n"
|
|
"Multi-process session data availability\n"
|
|
"---------------------------------------\n"
|
|
"\n"
|
|
"Apache (and other web servers) fork child processes to handle requests\n"
|
|
"in parallel. Also web servers may be deployed in a farm where requests\n"
|
|
"are load balanced in round robin fashion across different nodes. In\n"
|
|
"both cases session data cannot be stored in the memory of a server\n"
|
|
"process because it is not available to other processes, either sibling\n"
|
|
"children of a master server process or server processes on distinct\n"
|
|
"nodes.\n"
|
|
"\n"
|
|
"Typically this is addressed by storing session data in a SQL\n"
|
|
"database. When a request is received by a server process containing a\n"
|
|
"session ID in it's cookie data the session ID is used to perform a SQL\n"
|
|
"query and the resulting data is then attached to the request as it\n"
|
|
"proceeds through the request processing pipeline. This of course\n"
|
|
"introduces coherency issues.\n"
|
|
"\n"
|
|
"For IPA the introduction of a SQL database dependency is undesired and\n"
|
|
"should be avoided.\n"
|
|
"\n"
|
|
"Session data may also be shared by independent processes by storing\n"
|
|
"the session data in files.\n"
|
|
"\n"
|
|
"An alternative solution which has gained considerable popularity\n"
|
|
"recently is the use of a fast memory based caching server. Data is\n"
|
|
"stored in a single process memory and may be queried and set via a\n"
|
|
"light weight protocol using standard socket mechanisms, memcached is\n"
|
|
"one example. A typical use is to optimize SQL queries by storing a SQL\n"
|
|
"result in shared memory cache avoiding the more expensive SQL\n"
|
|
"operation. But the memory cache has distinct advantages in non-SQL\n"
|
|
"situations as well.\n"
|
|
"\n"
|
|
"Possible implementations for use by IPA\n"
|
|
"=======================================\n"
|
|
"\n"
|
|
"Apache Sessions\n"
|
|
"---------------\n"
|
|
"\n"
|
|
"Apache has 2.3 has implemented session support via these modules:\n"
|
|
"\n"
|
|
" mod_session\n"
|
|
" Overarching session support based on cookies.\n"
|
|
"\n"
|
|
" See: http://httpd.apache.org/docs/2.3/mod/mod_session.html\n"
|
|
"\n"
|
|
" mod_session_cookie\n"
|
|
" Stores session data in the client.\n"
|
|
"\n"
|
|
" See: http://httpd.apache.org/docs/2.3/mod/mod_session_cookie.html\n"
|
|
"\n"
|
|
" mod_session_crypto\n"
|
|
" Encrypts session data for security. Encryption key is shared\n"
|
|
" configuration parameter visible to all Apache processes and is\n"
|
|
" stored in a configuration file.\n"
|
|
"\n"
|
|
" See: http://httpd.apache.org/docs/2.3/mod/mod_session_crypto.html\n"
|
|
"\n"
|
|
" mod_session_dbd\n"
|
|
" Stores session data in a SQL database permitting multiple\n"
|
|
" processes to access and share the same session data.\n"
|
|
"\n"
|
|
" See: http://httpd.apache.org/docs/2.3/mod/mod_session_dbd.html\n"
|
|
"\n"
|
|
"Issues with Apache sessions\n"
|
|
"~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
|
|
"\n"
|
|
"Although Apache has implemented generic session support and Apache is\n"
|
|
"our web server of preference it nonetheless introduces issues for IPA.\n"
|
|
"\n"
|
|
" * Session support is only available in httpd >= 2.3 which at the\n"
|
|
" time of this writing is currently only available as a Beta release\n"
|
|
" from upstream. We currently only ship httpd 2.2, the same is true\n"
|
|
" for other distributions.\n"
|
|
"\n"
|
|
" * We could package and ship the sessions modules as a temporary\n"
|
|
" package in httpd 2.2 environments. But this has the following\n"
|
|
" consequences:\n"
|
|
"\n"
|
|
" - The code has to be backported. the module API has changed\n"
|
|
" slightly between httpd 2.2 and 2.3. The backporting is not\n"
|
|
" terribly difficult and a proof of concept has been\n"
|
|
" implemented.\n"
|
|
"\n"
|
|
" - We would then be on the hook to package and maintain a special\n"
|
|
" case Apache package. This is maintenance burden as well as a\n"
|
|
" distribution packaging burden. Both of which would be best\n"
|
|
" avoided if possible.\n"
|
|
"\n"
|
|
" * The design of the Apache session modules is such that they can\n"
|
|
" only be manipulated by other Apache modules. The ability of\n"
|
|
" consumers of the session data to control the session data is\n"
|
|
" simplistic, constrained and static during the period the request\n"
|
|
" is processed. Request handlers which are not native Apache modules\n"
|
|
" (e.g. IPA via WSGI) can only examine the session data\n"
|
|
" via request headers and reset it in response headers.\n"
|
|
"\n"
|
|
" * Shared session data is available exclusively via SQL.\n"
|
|
"\n"
|
|
"However using the 2.3 Apache session modules would give us robust\n"
|
|
"session support implemented in C based on standardized Apache\n"
|
|
"interfaces which are widely used.\n"
|
|
"\n"
|
|
"Python Web Frameworks\n"
|
|
"---------------------\n"
|
|
"\n"
|
|
"Virtually every Python web framework supports cookie based sessions,\n"
|
|
"e.g. Django, Twisted, Zope, Turbogears etc. Early on in IPA we decided\n"
|
|
"to avoid the use of these frameworks. Trying to pull in just one part\n"
|
|
"of these frameworks just to get session support would be problematic\n"
|
|
"because the code does not function outside it's framework.\n"
|
|
"\n"
|
|
"IPA implemented sessions\n"
|
|
"------------------------\n"
|
|
"\n"
|
|
"Originally it was believed the path of least effort was to utilize\n"
|
|
"existing session support, most likely what would be provided by\n"
|
|
"Apache. However there are enough basic modular components available in\n"
|
|
"native Python and other standard packages it should be possible to\n"
|
|
"provide session support meeting the aforementioned goals with a modest\n"
|
|
"implementation effort. Because we're leveraging existing components\n"
|
|
"the implementation difficulties are subsumed by other components which\n"
|
|
"have already been field proven and have community support. This is a\n"
|
|
"smart strategy.\n"
|
|
"\n"
|
|
"Proposed Solution\n"
|
|
"=================\n"
|
|
"\n"
|
|
"Our interface to the web server is via WSGI which invokes a callback\n"
|
|
"per request passing us an environmental context for the request. For\n"
|
|
"this discussion we'll name the WSGI callback \"application()\", a\n"
|
|
"conventional name in WSGI parlance.\n"
|
|
"\n"
|
|
"Shared session data will be handled by memcached. We will create one\n"
|
|
"instance of memcached on each server node dedicated to IPA\n"
|
|
"exclusively. Communication with memcached will be via a UNIX socket\n"
|
|
"located in the file system under /var/run/ipa_memcached. It will be\n"
|
|
"protected by file permissions and optionally SELinux policy.\n"
|
|
"\n"
|
|
"In application() we examine the request cookies and if there is an IPA\n"
|
|
"session cookie with a session ID we retrieve the session data from our\n"
|
|
"memcached instance.\n"
|
|
"\n"
|
|
"The session data will be a Python dict. IPA components will read or\n"
|
|
"write their session information by using a pre-agreed upon name\n"
|
|
"(e.g. key) in the dict. This is a very flexible system and consistent\n"
|
|
"with how we pass data in most parts of IPA.\n"
|
|
"\n"
|
|
"If the session data is not available an empty session data dict will\n"
|
|
"be created.\n"
|
|
"\n"
|
|
"How does this session data travel with the request in the IPA\n"
|
|
"pipeline? In IPA we use the HTTP request/response to implement RPC. In\n"
|
|
"application() we convert the request into a procedure call passing it\n"
|
|
"arguments derived from the HTTP request. The passed parameters are\n"
|
|
"specific to the RPC method being invoked. The context the RPC call is\n"
|
|
"executing in is not passed as an RPC parameter.\n"
|
|
"\n"
|
|
"How would the contextual information such as session data be bound to\n"
|
|
"the request and hence the RPC call?\n"
|
|
"\n"
|
|
"In IPA when a RPC invocation is being prepared from a request we\n"
|
|
"recognize this will only ever be processed serially by one Python\n"
|
|
"thread. A thread local dict called \"context\" is allocated for each\n"
|
|
"thread. The context dict is cleared in between requests (e.g. RPC method\n"
|
|
"invocations). The per-thread context dict is populated during the\n"
|
|
"lifetime of the request and is used as a global data structure unique to\n"
|
|
"the request that various IPA component can read from and write to with\n"
|
|
"the assurance the data is unique to the current request and/or method\n"
|
|
"call.\n"
|
|
"\n"
|
|
"The session data dict will be written into the context dict under the\n"
|
|
"session key before the RPC method begins execution. Thus session data\n"
|
|
"can be read and written by any IPA component by accessing\n"
|
|
"``context.session``.\n"
|
|
"\n"
|
|
"When the RPC method finishes execution the session data bound to the\n"
|
|
"request/method is retrieved from the context and written back to the\n"
|
|
"memcached instance. The session ID is set in the response sent back to\n"
|
|
"the client in the ``Set-Cookie`` header along with the flags\n"
|
|
"controlling it's usage.\n"
|
|
"\n"
|
|
"Issues and details\n"
|
|
"------------------\n"
|
|
"\n"
|
|
"IPA code cannot depend on session data being present, however it\n"
|
|
"should always update session data with the hope it will be available\n"
|
|
"in the future. Session data may not be available because:\n"
|
|
"\n"
|
|
" * This is the first request from the user and no session data has\n"
|
|
" been created yet.\n"
|
|
"\n"
|
|
" * The user may have cookies disabled.\n"
|
|
"\n"
|
|
" * The session data may have been flushed. memcached operates with\n"
|
|
" a fixed memory allocation and will flush entries on a LRU basis,\n"
|
|
" like with any cache there is no guarantee of persistence.\n"
|
|
"\n"
|
|
" Also we may have have deliberately expired or deleted session\n"
|
|
" data, see below.\n"
|
|
"\n"
|
|
"Cookie manipulation is done via the standard Python Cookie module.\n"
|
|
"\n"
|
|
"Session cookies will be set to only persist as long as the browser has\n"
|
|
"the session open. They will be tagged so the browser only returns\n"
|
|
"the session ID on SSL secured HTTP requests. They will not be visible\n"
|
|
"to Javascript in the browser.\n"
|
|
"\n"
|
|
"Session ID's will be created by using 48 bits of random data and\n"
|
|
"converted to 12 hexadecimal digits. Newly generated session ID's will\n"
|
|
"be checked for prior existence to handle the unlikely case the random\n"
|
|
"number repeats.\n"
|
|
"\n"
|
|
"memcached will have significantly higher performance than a SQL or file\n"
|
|
"based storage solution. Communication is effectively though a pipe\n"
|
|
"(UNIX socket) using a very simple protocol and the data is held\n"
|
|
"entirely in process memory. memcached also scales easily, it is easy\n"
|
|
"to add more memcached processes and distribute the load across them.\n"
|
|
"At this point in time we don't anticipate the need for this.\n"
|
|
"\n"
|
|
"A very nice feature of the Python memcached module is that when a data\n"
|
|
"item is written to the cache it is done with standard Python pickling\n"
|
|
"(pickling is a standard Python mechanism to marshal and unmarshal\n"
|
|
"Python objects). We adopt the convention the object written to cache\n"
|
|
"will be a dict to meet our internal data handling conventions. The\n"
|
|
"pickling code will recursively handle nested objects in the dict. Thus\n"
|
|
"we gain a lot of flexibility using standard Python data structures to\n"
|
|
"store and retrieve our session data without having to author and debug\n"
|
|
"code to marshal and unmarshal the data if some other storage mechanism\n"
|
|
"had been used. This is a significant implementation win. Of course\n"
|
|
"some common sense limitations need to observed when deciding on what\n"
|
|
"is written to the session cache keeping in mind the data is shared\n"
|
|
"between processes and it should not be excessively large (a\n"
|
|
"configurable option)\n"
|
|
"\n"
|
|
"We can set an expiration on memcached entries. We may elect to do that\n"
|
|
"to force session data to be refreshed periodically. For example we may\n"
|
|
"wish the client to present fresh credentials on a periodic basis even\n"
|
|
"if the cached credentials are otherwise within their validity period.\n"
|
|
"\n"
|
|
"We can explicitly delete session data if for some reason we believe it\n"
|
|
"is stale, invalid or compromised.\n"
|
|
"\n"
|
|
"memcached also gives us certain facilities to prevent race conditions\n"
|
|
"between different processes utilizing the cache. For example you can\n"
|
|
"check of the entry has been modified since you last read it or use CAS\n"
|
|
"(Check And Set) semantics. What has to be protected in terms of cache\n"
|
|
"coherency will likely have to be determined as the session support is\n"
|
|
"utilized and different data items are added to the cache. This is very\n"
|
|
"much data and context specific. Fortunately memcached operations are\n"
|
|
"atomic.\n"
|
|
"\n"
|
|
"Controlling the memcached process\n"
|
|
"---------------------------------\n"
|
|
"\n"
|
|
"We need a mechanism to start the memcached process and secure it so\n"
|
|
"that only IPA components can access it.\n"
|
|
"\n"
|
|
"Although memcached ships with both an initscript and systemd unit\n"
|
|
"files those are for generic instances. We want a memcached instance\n"
|
|
"dedicated exclusively to IPA usage. To accomplish this we would install\n"
|
|
"a systemd unit file or an SysV initscript to control the IPA specific\n"
|
|
"memcached service. ipactl would be extended to know about this\n"
|
|
"additional service. systemd's cgroup facility would give us additional\n"
|
|
"mechanisms to integrate the IPA memcached service within a larger IPA\n"
|
|
"process group.\n"
|
|
"\n"
|
|
"Protecting the memcached data would be done via file permissions (and\n"
|
|
"optionally SELinux policy) on the UNIX domain socket. Although recent\n"
|
|
"implementations of memcached support authentication via SASL this\n"
|
|
"introduces a performance and complexity burden not warranted when\n"
|
|
"cached is dedicated to our exclusive use and access controlled by OS\n"
|
|
"mechanisms.\n"
|
|
"\n"
|
|
"Conventionally daemons are protected by assigning a system uid and/or\n"
|
|
"gid to the daemon. A daemon launched by root will drop it's privileges\n"
|
|
"by assuming the effective uid:gid assigned to it. File system access\n"
|
|
"is controlled by the OS via the effective identity and SELinux policy\n"
|
|
"can be crafted based on the identity. Thus the memcached UNIX socket\n"
|
|
"would be protected by having it owned by a specific system user and/or\n"
|
|
"membership in a restricted system group (discounting for the moment\n"
|
|
"SELinux).\n"
|
|
"\n"
|
|
"Unfortunately we currently do not have an IPA system uid whose\n"
|
|
"identity our processes operate under nor do we have an IPA system\n"
|
|
"group. IPA does manage a collection of related processes (daemons) and\n"
|
|
"historically each has been assigned their own uid. When these\n"
|
|
"unrelated processes communicate they mutually authenticate via other\n"
|
|
"mechanisms. We do not have much of a history of using shared file\n"
|
|
"system objects across identities. When file objects are created they\n"
|
|
"are typically assigned the identity of daemon needing to access the\n"
|
|
"object and are not accessed by other daemons, or they carry root\n"
|
|
"identity.\n"
|
|
"\n"
|
|
"When our WSGI application runs in Apache it is run as a WSGI\n"
|
|
"daemon. This means when Apache starts up it forks off WSGI processes\n"
|
|
"for us and we are independent of other Apache processes. When WSGI is\n"
|
|
"run in this mode there is the ability to set the uid:gid of the WSGI\n"
|
|
"process hosting us, however we currently do not take advantage of this\n"
|
|
"option. WSGI can be run in other modes as well, only in daemon mode\n"
|
|
"can the uid:gid be independently set from the rest of Apache. All\n"
|
|
"processes started by Apache can be set to a common uid:gid specified\n"
|
|
"in the global Apache configuration, by default it's\n"
|
|
"apache:apache. Thus when our IPA code executes it is running as\n"
|
|
"apache:apache.\n"
|
|
"\n"
|
|
"To protect our memcached UNIX socket we can do one of two things:\n"
|
|
"\n"
|
|
"1. Assign it's uid:gid as apache:apache. This would limit access to\n"
|
|
" our cache only to processes running under httpd. It's somewhat\n"
|
|
" restricted but far from ideal. Any code running in the web server\n"
|
|
" could potentially access our cache. It's difficult to control what the\n"
|
|
" web server runs and admins may not understand the consequences of\n"
|
|
" configuring httpd to serve other things besides IPA.\n"
|
|
"\n"
|
|
"2. Create an IPA specific uid:gid, for example ipa:ipa. We then configure\n"
|
|
" our WSGI application to run as the ipa:ipa user and group. We also\n"
|
|
" configure our memcached instance to run as the ipa:ipa user and\n"
|
|
" group. In this configuration we are now fully protected, only our WSGI\n"
|
|
" code can read & write to our memcached UNIX socket.\n"
|
|
"\n"
|
|
"However there may be unforeseen issues by converting our code to run as\n"
|
|
"something other than apache:apache. This would require some\n"
|
|
"investigation and testing.\n"
|
|
"\n"
|
|
"IPA is dependent on other system daemons, specifically Directory\n"
|
|
"Server (ds) and Certificate Server (cs). Currently we configure ds to\n"
|
|
"run under the dirsrv:dirsrv user and group, an identity of our\n"
|
|
"creation. We allow cs to default to it's pkiuser:pkiuser user and\n"
|
|
"group. Should these other cooperating daemons also run under the\n"
|
|
"common ipa:ipa user and group identities? At first blush there would\n"
|
|
"seem to be an advantage to coalescing all process identities under a\n"
|
|
"common IPA user and group identity. However these other processes do\n"
|
|
"not depend on user and group permissions when working with external\n"
|
|
"agents, processes, etc. Rather they are designed to be stand-alone\n"
|
|
"network services which authenticate their clients via other\n"
|
|
"mechanisms. They do depend on user and group permission to manage\n"
|
|
"their own file system objects. If somehow the ipa user and/or group\n"
|
|
"were compromised or malicious code somehow executed under the ipa\n"
|
|
"identity there would be an advantage in having the cooperating\n"
|
|
"processes cordoned off under their own identities providing one extra\n"
|
|
"layer of protection. (Note, these cooperating daemons may not even be\n"
|
|
"co-located on the same node in which case the issue is moot)\n"
|
|
"\n"
|
|
"The UNIX socket behavior (ldapi) with Directory Server is as follows:\n"
|
|
"\n"
|
|
" * The socket ownership is: root:root\n"
|
|
"\n"
|
|
" * The socket permissions are: 0666\n"
|
|
"\n"
|
|
" * When connecting via ldapi you must authenticate as you would\n"
|
|
" normally with a TCP socket, except ...\n"
|
|
"\n"
|
|
" * If autobind is enabled and the uid:gid is available via\n"
|
|
" SO_PEERCRED and the uid:gid can be found in the set of users known\n"
|
|
" to the Directory Server then that connection will be bound as that\n"
|
|
" user.\n"
|
|
"\n"
|
|
" * Otherwise an anonymous bind will occur.\n"
|
|
"\n"
|
|
"memcached UNIX socket behavior is as follows:\n"
|
|
"\n"
|
|
" * memcached can be invoked with a user argument, no group may be\n"
|
|
" specified. The effective uid is the uid of the user argument and\n"
|
|
" the effective gid is the primary group of the user, let's call\n"
|
|
" this euid:egid\n"
|
|
"\n"
|
|
" * The socket ownership is: euid:egid\n"
|
|
"\n"
|
|
" * The socket permissions are 0700 by default, but this can be\n"
|
|
" modified by the -a mask command line arg which sets the umask\n"
|
|
" (defaults to 0700).\n"
|
|
"\n"
|
|
"Overview of authentication in IPA\n"
|
|
"=================================\n"
|
|
"\n"
|
|
"This describes how we currently authenticate and how we plan to\n"
|
|
"improve authentication performance. First some definitions.\n"
|
|
"\n"
|
|
"There are 4 major players:\n"
|
|
"\n"
|
|
" 1. client\n"
|
|
" 2. mod_auth_kerb (in Apache process)\n"
|
|
" 3. wsgi handler (in IPA wsgi python process)\n"
|
|
" 4. ds (directory server)\n"
|
|
"\n"
|
|
"There are several resources:\n"
|
|
"\n"
|
|
" 1. /ipa/ui (unprotected, web UI static resources)\n"
|
|
" 2. /ipa/xml (protected, xmlrpc RPC used by command line clients)\n"
|
|
" 3. /ipa/json (protected, json RPC used by javascript in web UI)\n"
|
|
" 4. ds (protected, wsgi acts as proxy, our LDAP server)\n"
|
|
"\n"
|
|
"Current Model\n"
|
|
"-------------\n"
|
|
"\n"
|
|
"This describes how things work in our current system for the web UI.\n"
|
|
"\n"
|
|
" 1. Client requests /ipa/ui, this is unprotected, is static and\n"
|
|
" contains no sensitive information. Apache replies with html and\n"
|
|
" javascript. The javascript requests /ipa/json.\n"
|
|
"\n"
|
|
" 2. Client sends post to /ipa/json.\n"
|
|
"\n"
|
|
" 3. mod_auth_kerb is configured to protect /ipa/json, replies 401\n"
|
|
" authenticate negotiate.\n"
|
|
"\n"
|
|
" 4. Client resends with credentials\n"
|
|
"\n"
|
|
" 5. mod_auth_kerb validates credentials\n"
|
|
"\n"
|
|
" a. if invalid replies 403 access denied (stops here)\n"
|
|
"\n"
|
|
" b. if valid creates temporary ccache, adds KRB5CCNAME to request\n"
|
|
" headers\n"
|
|
"\n"
|
|
" 6. Request passed to wsgi handler\n"
|
|
"\n"
|
|
" a. validates request, KRB5CCNAME must be present, referrer, etc.\n"
|
|
"\n"
|
|
" b. ccache saved and used to bind to ds\n"
|
|
"\n"
|
|
" c. routes to specified RPC handler.\n"
|
|
"\n"
|
|
" 7. wsgi handler replies to client\n"
|
|
"\n"
|
|
"Proposed new session based optimization\n"
|
|
"---------------------------------------\n"
|
|
"\n"
|
|
"The round trip negotiate and credential validation in steps 3,4,5 is\n"
|
|
"expensive. This can be avoided if we can cache the client\n"
|
|
"credentials. With client sessions we can store the client credentials\n"
|
|
"in the session bound to the client.\n"
|
|
"\n"
|
|
"A few notes about the session implementation.\n"
|
|
"\n"
|
|
" * based on session cookies, cookies must be enabled\n"
|
|
"\n"
|
|
" * session cookie is secure, only passed on secure connections, only\n"
|
|
" passed to our URL resource, never visible to client javascript\n"
|
|
" etc.\n"
|
|
"\n"
|
|
" * session cookie has a session id which is used by wsgi handler to\n"
|
|
" retrieve client session data from shared multi-process cache.\n"
|
|
"\n"
|
|
"Changes to Apache's resource protection\n"
|
|
"---------------------------------------\n"
|
|
"\n"
|
|
" * /ipa/json is no longer protected by mod_auth_kerb. This is\n"
|
|
" necessary to avoid the negotiate expense in steps 3,4,5\n"
|
|
" above. Instead the /ipa/json resource will be protected in our wsgi\n"
|
|
" handler via the session cookie.\n"
|
|
"\n"
|
|
" * A new protected URI is introduced, /ipa/login. This resource\n"
|
|
" does no serve any data, it is used exclusively for authentication.\n"
|
|
"\n"
|
|
"The new sequence is:\n"
|
|
"\n"
|
|
" 1. Client requests /ipa/ui, this is unprotected. Apache replies with\n"
|
|
" html and javascript. The javascript requests /ipa/json.\n"
|
|
"\n"
|
|
" 2. Client sends post to /ipa/json, which is unprotected.\n"
|
|
"\n"
|
|
" 3. wsgi handler obtains session data from session cookie.\n"
|
|
"\n"
|
|
" a. if ccache is present in session data and is valid\n"
|
|
"\n"
|
|
" - request is further validated\n"
|
|
"\n"
|
|
" - ccache is established for bind to ds\n"
|
|
"\n"
|
|
" - request is routed to RPC handler\n"
|
|
"\n"
|
|
" - wsgi handler eventually replies to client\n"
|
|
"\n"
|
|
" b. if ccache is not present or not valid processing continues ...\n"
|
|
"\n"
|
|
" 4. wsgi handler replies with 401 Unauthorized\n"
|
|
"\n"
|
|
" 5. client sends request to /ipa/login to obtain session credentials\n"
|
|
"\n"
|
|
" 6. mod_auth_kerb replies 401 negotiate on /ipa/login\n"
|
|
"\n"
|
|
" 7. client sends credentials to /ipa/login\n"
|
|
"\n"
|
|
" 8. mod_auth_kerb validates credentials\n"
|
|
"\n"
|
|
" a. if valid\n"
|
|
"\n"
|
|
" - mod_auth_kerb permits access to /ipa/login. wsgi handler is\n"
|
|
" invoked and does the following:\n"
|
|
"\n"
|
|
" * establishes session for client\n"
|
|
"\n"
|
|
" * retrieves the ccache from KRB5CCNAME and stores it\n"
|
|
"\n"
|
|
" a. if invalid\n"
|
|
"\n"
|
|
" - mod_auth_kerb sends 403 access denied (processing stops)\n"
|
|
"\n"
|
|
" 9. client now posts the same data again to /ipa/json including\n"
|
|
" session cookie. Processing repeats starting at step 2 and since\n"
|
|
" the session data now contains a valid ccache step 3a executes, a\n"
|
|
" successful reply is sent to client.\n"
|
|
"\n"
|
|
"Command line client using xmlrpc\n"
|
|
"--------------------------------\n"
|
|
"\n"
|
|
"The above describes the web UI utilizing the json RPC mechanism. The\n"
|
|
"IPA command line tools utilize a xmlrpc RPC mechanism on the same\n"
|
|
"HTTP server. Access to the xmlrpc is via the /ipa/xml URI. The json\n"
|
|
"and xmlrpc API's are the same, they differ only on how their procedure\n"
|
|
"calls are marshalled and unmarshalled.\n"
|
|
"\n"
|
|
"Under the new scheme /ipa/xml will continue to be Kerberos protected\n"
|
|
"at all times. Apache's mod_auth_kerb will continue to require the\n"
|
|
"client provides valid Kerberos credentials.\n"
|
|
"\n"
|
|
"When the WSGI handler routes to /ipa/xml the Kerberos credentials will\n"
|
|
"be extracted from the KRB5CCNAME environment variable as provided by\n"
|
|
"mod_auth_kerb. Everything else remains the same.\n"
|
|
msgstr ""
|
|
|
|
msgid "RPC command used to log the current user out of their session."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo Commands\n"
|
|
"\n"
|
|
"Commands used as building blocks for sudo\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a new command\n"
|
|
" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n"
|
|
"\n"
|
|
" Remove a command\n"
|
|
" ipa sudocmd-del /usr/bin/less\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic or Command"
|
|
msgid "Sudo Command"
|
|
msgstr "विषय किंवा आदेश"
|
|
|
|
msgid "A description of this command"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Command Groups"
|
|
msgstr ""
|
|
|
|
msgid "Create new Sudo Command."
|
|
msgstr ""
|
|
|
|
msgid "Delete Sudo Command."
|
|
msgstr ""
|
|
|
|
msgid "Search for Sudo Commands."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"command\")"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic or Command"
|
|
msgid "Modify Sudo Command."
|
|
msgstr "विषय किंवा आदेश"
|
|
|
|
msgid "Display Sudo Command."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of Sudo Commands\n"
|
|
"\n"
|
|
"Manage groups of Sudo Commands.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
|
|
"\n"
|
|
" Remove a Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-del admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/"
|
|
"vim admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n"
|
|
"\n"
|
|
" Show a Sudo Command Group:\n"
|
|
" ipa group-show localadmins\n"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Command Group"
|
|
msgstr ""
|
|
|
|
msgid "Group description"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Commands"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Member Sudo commands"
|
|
msgstr ""
|
|
|
|
msgid "Create new Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid "Add members to Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid "member sudo command"
|
|
msgstr ""
|
|
|
|
msgid "sudo commands to add"
|
|
msgstr ""
|
|
|
|
msgid "Delete Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid "Search for Sudo Command Groups."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Results should contain primary key attribute only (\"sudocmdgroup-name\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid "Remove members from Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid "sudo commands to remove"
|
|
msgstr ""
|
|
|
|
msgid "Display Sudo Command Group."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo Rules\n"
|
|
"\n"
|
|
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
|
|
"give certain users (or groups of users) the ability to run some (or all)\n"
|
|
"commands as root or another user while providing an audit trail of the\n"
|
|
"commands and their arguments.\n"
|
|
"\n"
|
|
"FreeIPA provides a means to configure the various aspects of Sudo:\n"
|
|
" Users: The user(s)/group(s) allowed to invoke Sudo.\n"
|
|
" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
|
|
"Sudo.\n"
|
|
" Allow Command: The specific command(s) permitted to be run via Sudo.\n"
|
|
" Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
|
|
" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
|
|
"invoked with.\n"
|
|
" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
|
|
" Options: The various Sudoers Options that can modify Sudo's behavior.\n"
|
|
"\n"
|
|
"An order can be added to a sudorule to control the order in which they\n"
|
|
"are evaluated (if the client supports it). This order is an integer and\n"
|
|
"must be unique.\n"
|
|
"\n"
|
|
"FreeIPA provides a designated binddn to use with Sudo located at:\n"
|
|
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
|
|
"\n"
|
|
"To enable the binddn run the following command to set the password:\n"
|
|
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
|
|
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
|
|
"dc=com\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a new rule:\n"
|
|
" ipa sudorule-add readfiles\n"
|
|
"\n"
|
|
" Add sudo command object and add it as allowed command in the rule:\n"
|
|
" ipa sudocmd-add /usr/bin/less\n"
|
|
" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n"
|
|
"\n"
|
|
" Add a host to the rule:\n"
|
|
" ipa sudorule-add-host readfiles --hosts server.example.com\n"
|
|
"\n"
|
|
" Add a user to the rule:\n"
|
|
" ipa sudorule-add-user readfiles --users jsmith\n"
|
|
"\n"
|
|
" Add a special Sudo rule for default Sudo server configuration:\n"
|
|
" ipa sudorule-add defaults\n"
|
|
"\n"
|
|
" Set a default Sudo option:\n"
|
|
" ipa sudorule-add-option defaults --sudooption '!authenticate'\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Command category"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Command category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "RunAs User category"
|
|
msgstr ""
|
|
|
|
msgid "RunAs User category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "RunAs Group category"
|
|
msgstr ""
|
|
|
|
msgid "RunAs Group category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "Sudo order"
|
|
msgstr ""
|
|
|
|
msgid "integer to order the Sudo rules"
|
|
msgstr ""
|
|
|
|
msgid "External User"
|
|
msgstr ""
|
|
|
|
msgid "External User the rule applies to (sudorule-find only)"
|
|
msgstr ""
|
|
|
|
msgid "Host Masks"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic or Command"
|
|
msgid "Sudo Allow Commands"
|
|
msgstr "विषय किंवा आदेश"
|
|
|
|
msgid "Sudo Deny Commands"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Allow Command Groups"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Deny Command Groups"
|
|
msgstr ""
|
|
|
|
msgid "RunAs Users"
|
|
msgstr ""
|
|
|
|
msgid "Run as a user"
|
|
msgstr ""
|
|
|
|
msgid "Groups of RunAs Users"
|
|
msgstr ""
|
|
|
|
msgid "Run as any user within a specified group"
|
|
msgstr ""
|
|
|
|
msgid "RunAs External User"
|
|
msgstr ""
|
|
|
|
msgid "External User the commands can run as (sudorule-find only)"
|
|
msgstr ""
|
|
|
|
msgid "External Groups of RunAs Users"
|
|
msgstr ""
|
|
|
|
msgid "External Groups of users that the command can run as"
|
|
msgstr ""
|
|
|
|
msgid "RunAs Groups"
|
|
msgstr ""
|
|
|
|
msgid "Run with the gid of a specified POSIX group"
|
|
msgstr ""
|
|
|
|
msgid "RunAs External Group"
|
|
msgstr ""
|
|
|
|
msgid "External Group the commands can run as (sudorule-find only)"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Option"
|
|
msgstr ""
|
|
|
|
msgid "Create new Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Add commands and sudo command groups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "member sudo command group"
|
|
msgstr ""
|
|
|
|
msgid "sudo command groups to add"
|
|
msgstr ""
|
|
|
|
msgid "Add hosts and hostgroups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "host masks of allowed hosts"
|
|
msgstr ""
|
|
|
|
msgid "Add an option to the Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Add group for Sudo to execute as."
|
|
msgstr ""
|
|
|
|
msgid "Add users and groups for Sudo to execute as."
|
|
msgstr ""
|
|
|
|
msgid "Add users and groups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Delete Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Disable a Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Enable a Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Search for Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"sudorule-name\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Remove commands and sudo command groups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "sudo command groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove hosts and hostgroups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Remove an option from Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Remove group for Sudo to execute as."
|
|
msgstr ""
|
|
|
|
msgid "Remove users and groups for Sudo to execute as."
|
|
msgstr ""
|
|
|
|
msgid "Remove users and groups affected by Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid "Display Sudo Rule."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Users\n"
|
|
"\n"
|
|
"Manage user entries. All users are POSIX users.\n"
|
|
"\n"
|
|
"IPA supports a wide range of username formats, but you need to be aware of "
|
|
"any\n"
|
|
"restrictions that may apply to your particular environment. For example,\n"
|
|
"usernames that start with a digit or usernames that exceed a certain length\n"
|
|
"may cause problems for some UNIX systems.\n"
|
|
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
|
|
"\n"
|
|
"Disabling a user account prevents that user from obtaining new Kerberos\n"
|
|
"credentials. It does not invalidate any credentials that have already\n"
|
|
"been issued.\n"
|
|
"\n"
|
|
"Password management is not a part of this module. For more information\n"
|
|
"about this topic please see: ipa help passwd\n"
|
|
"\n"
|
|
"Account lockout on password failure happens per IPA master. The user-status\n"
|
|
"command can be used to identify which master the user is locked out on.\n"
|
|
"It is on that master the administrator must unlock the user.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new user:\n"
|
|
" ipa user-add --first=Tim --last=User --password tuser1\n"
|
|
"\n"
|
|
" Find all users whose entries include the string \"Tim\":\n"
|
|
" ipa user-find Tim\n"
|
|
"\n"
|
|
" Find all users with \"Tim\" as the first name:\n"
|
|
" ipa user-find --first=Tim\n"
|
|
"\n"
|
|
" Disable a user account:\n"
|
|
" ipa user-disable tuser1\n"
|
|
"\n"
|
|
" Enable a user account:\n"
|
|
" ipa user-enable tuser1\n"
|
|
"\n"
|
|
" Delete a user:\n"
|
|
" ipa user-del tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid "First name"
|
|
msgstr ""
|
|
|
|
msgid "Last name"
|
|
msgstr ""
|
|
|
|
msgid "Full name"
|
|
msgstr ""
|
|
|
|
msgid "Display name"
|
|
msgstr ""
|
|
|
|
msgid "Initials"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos principal"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos principal expiration"
|
|
msgstr ""
|
|
|
|
msgid "Email address"
|
|
msgstr ""
|
|
|
|
msgid "Prompt to set the user password"
|
|
msgstr ""
|
|
|
|
msgid "Generate a random user password"
|
|
msgstr ""
|
|
|
|
msgid "User ID Number (system will assign one if not provided)"
|
|
msgstr ""
|
|
|
|
msgid "Street address"
|
|
msgstr ""
|
|
|
|
msgid "City"
|
|
msgstr ""
|
|
|
|
msgid "State/Province"
|
|
msgstr ""
|
|
|
|
msgid "ZIP"
|
|
msgstr ""
|
|
|
|
msgid "Telephone Number"
|
|
msgstr ""
|
|
|
|
msgid "Mobile Telephone Number"
|
|
msgstr ""
|
|
|
|
msgid "Pager Number"
|
|
msgstr ""
|
|
|
|
msgid "Fax Number"
|
|
msgstr ""
|
|
|
|
msgid "Org. Unit"
|
|
msgstr ""
|
|
|
|
msgid "Job Title"
|
|
msgstr ""
|
|
|
|
msgid "Car License"
|
|
msgstr ""
|
|
|
|
msgid "Account disabled"
|
|
msgstr ""
|
|
|
|
msgid "User authentication types"
|
|
msgstr ""
|
|
|
|
msgid "Types of supported user authentication"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"User category (semantics placed on this attribute are for local "
|
|
"interpretation)"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS proxy configuration"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS proxy username"
|
|
msgstr ""
|
|
|
|
msgid "Department Number"
|
|
msgstr ""
|
|
|
|
msgid "Employee Number"
|
|
msgstr ""
|
|
|
|
msgid "Employee Type"
|
|
msgstr ""
|
|
|
|
msgid "Preferred Language"
|
|
msgstr ""
|
|
|
|
msgid "Member of groups"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member of group"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos keys available"
|
|
msgstr ""
|
|
|
|
msgid "Add a new user."
|
|
msgstr ""
|
|
|
|
msgid "Don't create user private group"
|
|
msgstr ""
|
|
|
|
msgid "Delete a user."
|
|
msgstr ""
|
|
|
|
msgid "Disable a user account."
|
|
msgstr ""
|
|
|
|
msgid "Enable a user account."
|
|
msgstr ""
|
|
|
|
msgid "Search for users."
|
|
msgstr ""
|
|
|
|
msgid "Self"
|
|
msgstr ""
|
|
|
|
msgid "Display user record for current Kerberos principal"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"login\")"
|
|
msgstr ""
|
|
|
|
msgid "Search for users with these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for users without these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for users with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for users without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for users with these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for users without these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for users with these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for users without these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for users with these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for users without these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify a user."
|
|
msgstr ""
|
|
|
|
msgid "Rename the user object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a user."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Lockout status of a user account\n"
|
|
"\n"
|
|
" An account may become locked if the password is entered incorrectly too\n"
|
|
" many times within a specific time period as controlled by password\n"
|
|
" policy. A locked account is a temporary condition and may be unlocked "
|
|
"by\n"
|
|
" an administrator.\n"
|
|
"\n"
|
|
" This connects to each IPA master and displays the lockout status on\n"
|
|
" each one.\n"
|
|
"\n"
|
|
" To determine whether an account is locked on a given server you need\n"
|
|
" to compare the number of failed logins and the time of the last "
|
|
"failure.\n"
|
|
" For an account to be locked it must exceed the maxfail failures within\n"
|
|
" the failinterval duration as specified in the password policy "
|
|
"associated\n"
|
|
" with the user.\n"
|
|
"\n"
|
|
" The failed login counter is modified only when a user attempts a log in\n"
|
|
" so it is possible that an account may appear locked but the last failed\n"
|
|
" login attempt is older than the lockouttime of the password policy. "
|
|
"This\n"
|
|
" means that the user may attempt a login again.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Unlock a user account\n"
|
|
"\n"
|
|
" An account may become locked if the password is entered incorrectly too\n"
|
|
" many times within a specific time period as controlled by password\n"
|
|
" policy. A locked account is a temporary condition and may be unlocked "
|
|
"by\n"
|
|
" an administrator.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Auto Membership Rule.\n"
|
|
"\n"
|
|
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
|
|
"or exclusive regex patterns, you can automatically assign a new entries "
|
|
"into\n"
|
|
"a group or hostgroup based upon attribute information.\n"
|
|
"\n"
|
|
"A rule is directly associated with a group by name, so you cannot create\n"
|
|
"a rule without an accompanying group or hostgroup.\n"
|
|
"\n"
|
|
"A condition is a regular expression used by 389-ds to match a new incoming\n"
|
|
"entry with an automember rule. If it matches an inclusive rule then the\n"
|
|
"entry is added to the appropriate group or hostgroup.\n"
|
|
"\n"
|
|
"A default group or hostgroup could be specified for entries that do not\n"
|
|
"match any rule. In case of user entries this group will be a fallback group\n"
|
|
"because all users are by default members of group specified in IPA config.\n"
|
|
"\n"
|
|
"The automember-rebuild command can be used to retroactively run automember "
|
|
"rules\n"
|
|
"against existing entries, thus rebuilding their membership.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add the initial group or hostgroup:\n"
|
|
" ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
|
|
" ipa group-add --desc=\"Developers\" devel\n"
|
|
"\n"
|
|
" Add the initial rule:\n"
|
|
" ipa automember-add --type=hostgroup webservers\n"
|
|
" ipa automember-add --type=group devel\n"
|
|
"\n"
|
|
" Add a condition to the rule:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
" ipa automember-add-condition --key=manager --type=group --inclusive-"
|
|
"regex=^uid=mscott devel\n"
|
|
"\n"
|
|
" Add an exclusive condition to the rule to prevent auto assignment:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
|
|
"regex=^web5\\.example\\.com webservers\n"
|
|
"\n"
|
|
" Add a host:\n"
|
|
" ipa host-add web1.example.com\n"
|
|
"\n"
|
|
" Add a user:\n"
|
|
" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
|
|
"\n"
|
|
" Verify automembership:\n"
|
|
" ipa hostgroup-show webservers\n"
|
|
" Host-group: webservers\n"
|
|
" Description: Web Servers\n"
|
|
" Member hosts: web1.example.com\n"
|
|
"\n"
|
|
" ipa group-show devel\n"
|
|
" Group name: devel\n"
|
|
" Description: Developers\n"
|
|
" GID: 1004200000\n"
|
|
" Member users: tuser\n"
|
|
"\n"
|
|
" Remove a condition from the rule:\n"
|
|
" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
"\n"
|
|
" Modify the automember rule:\n"
|
|
" ipa automember-mod\n"
|
|
"\n"
|
|
" Set the default (fallback) target group:\n"
|
|
" ipa automember-default-group-set --default-group=webservers --"
|
|
"type=hostgroup\n"
|
|
" ipa automember-default-group-set --default-group=ipausers --type=group\n"
|
|
"\n"
|
|
" Remove the default (fallback) target group:\n"
|
|
" ipa automember-default-group-remove --type=hostgroup\n"
|
|
" ipa automember-default-group-remove --type=group\n"
|
|
"\n"
|
|
" Show the default (fallback) target group:\n"
|
|
" ipa automember-default-group-show --type=hostgroup\n"
|
|
" ipa automember-default-group-show --type=group\n"
|
|
"\n"
|
|
" Find all of the automember rules:\n"
|
|
" ipa automember-find\n"
|
|
"\n"
|
|
" Display a automember rule:\n"
|
|
" ipa automember-show --type=hostgroup webservers\n"
|
|
" ipa automember-show --type=group devel\n"
|
|
"\n"
|
|
" Delete an automember rule:\n"
|
|
" ipa automember-del --type=hostgroup webservers\n"
|
|
" ipa automember-del --type=group devel\n"
|
|
"\n"
|
|
" Rebuild membership for all users:\n"
|
|
" ipa automember-rebuild --type=group\n"
|
|
"\n"
|
|
" Rebuild membership for all hosts:\n"
|
|
" ipa automember-rebuild --type=hostgroup\n"
|
|
"\n"
|
|
" Rebuild membership for specified users:\n"
|
|
" ipa automember-rebuild --users=tuser1 --users=tuser2\n"
|
|
"\n"
|
|
" Rebuild membership for specified hosts:\n"
|
|
" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example."
|
|
"com\n"
|
|
msgstr ""
|
|
|
|
msgid "A description of this auto member rule"
|
|
msgstr ""
|
|
|
|
msgid "Default (fallback) Group"
|
|
msgstr ""
|
|
|
|
msgid "Default group for entries to land"
|
|
msgstr ""
|
|
|
|
msgid "Add an automember rule."
|
|
msgstr ""
|
|
|
|
msgid "Automember Rule"
|
|
msgstr ""
|
|
|
|
msgid "Grouping Type"
|
|
msgstr ""
|
|
|
|
msgid "Grouping to which the rule applies"
|
|
msgstr ""
|
|
|
|
msgid "Add conditions to an automember rule."
|
|
msgstr ""
|
|
|
|
msgid "Inclusive Regex"
|
|
msgstr ""
|
|
|
|
msgid "Exclusive Regex"
|
|
msgstr ""
|
|
|
|
msgid "Attribute Key"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Attribute to filter via regex. For example fqdn for a host, or manager for a "
|
|
"user"
|
|
msgstr ""
|
|
|
|
msgid "Conditions that could not be added"
|
|
msgstr ""
|
|
|
|
msgid "Number of conditions added"
|
|
msgstr ""
|
|
|
|
msgid "Remove default (fallback) group for all unmatched entries."
|
|
msgstr ""
|
|
|
|
msgid "Set default (fallback) group for all unmatched entries."
|
|
msgstr ""
|
|
|
|
msgid "Default (fallback) group for entries to land"
|
|
msgstr ""
|
|
|
|
msgid "Display information about the default (fallback) automember groups."
|
|
msgstr ""
|
|
|
|
msgid "Delete an automember rule."
|
|
msgstr ""
|
|
|
|
msgid "Search for automember rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify an automember rule."
|
|
msgstr ""
|
|
|
|
msgid "Rebuild auto membership."
|
|
msgstr ""
|
|
|
|
msgid "Rebuild membership for all members of a grouping"
|
|
msgstr ""
|
|
|
|
msgid "Rebuild membership for specified users"
|
|
msgstr ""
|
|
|
|
msgid "Rebuild membership for specified hosts"
|
|
msgstr ""
|
|
|
|
msgid "No wait"
|
|
msgstr ""
|
|
|
|
msgid "Don't wait for rebuilding membership"
|
|
msgstr ""
|
|
|
|
msgid "Remove conditions from an automember rule."
|
|
msgstr ""
|
|
|
|
msgid "Conditions that could not be removed"
|
|
msgstr ""
|
|
|
|
msgid "Number of conditions removed"
|
|
msgstr ""
|
|
|
|
msgid "Display information about an automember rule."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA certificate operations\n"
|
|
"\n"
|
|
"Implements a set of commands for managing server SSL certificates.\n"
|
|
"\n"
|
|
"Certificate requests exist in the form of a Certificate Signing Request "
|
|
"(CSR)\n"
|
|
"in PEM format.\n"
|
|
"\n"
|
|
"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
|
|
"subject to values configured in the server.\n"
|
|
"\n"
|
|
"A certificate is stored with a service principal and a service principal\n"
|
|
"needs a host.\n"
|
|
"\n"
|
|
"In order to request a certificate:\n"
|
|
"\n"
|
|
"* The host must exist\n"
|
|
"* The service must exist (or you use the --add option to automatically add "
|
|
"it)\n"
|
|
"\n"
|
|
"SEARCHING:\n"
|
|
"\n"
|
|
"Certificates may be searched on by certificate subject, serial number,\n"
|
|
"revocation reason, validity dates and the issued date.\n"
|
|
"\n"
|
|
"When searching on dates the _from date does a >= search and the _to date\n"
|
|
"does a <= search. When combined these are done as an AND.\n"
|
|
"\n"
|
|
"Dates are treated as GMT to match the dates in the certificates.\n"
|
|
"\n"
|
|
"The date format is YYYY-mm-dd.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Request a new certificate and add the principal:\n"
|
|
" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
|
|
"\n"
|
|
" Retrieve an existing certificate:\n"
|
|
" ipa cert-show 1032\n"
|
|
"\n"
|
|
" Revoke a certificate (see RFC 5280 for reason details):\n"
|
|
" ipa cert-revoke --revocation-reason=6 1032\n"
|
|
"\n"
|
|
" Remove a certificate from revocation hold status:\n"
|
|
" ipa cert-remove-hold 1032\n"
|
|
"\n"
|
|
" Check the status of a signing request:\n"
|
|
" ipa cert-status 10\n"
|
|
"\n"
|
|
" Search for certificates by hostname:\n"
|
|
" ipa cert-find --subject=ipaserver.example.com\n"
|
|
"\n"
|
|
" Search for revoked certificates by reason:\n"
|
|
" ipa cert-find --revocation-reason=5\n"
|
|
"\n"
|
|
" Search for certificates based on issuance date\n"
|
|
" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
|
|
"\n"
|
|
"IPA currently immediately issues (or declines) all certificate requests so\n"
|
|
"the status of a request is not normally useful. This is for future use\n"
|
|
"or the case where a CA does not immediately issue a certificate.\n"
|
|
"\n"
|
|
"The following revocation reasons are supported:\n"
|
|
"\n"
|
|
" * 0 - unspecified\n"
|
|
" * 1 - keyCompromise\n"
|
|
" * 2 - cACompromise\n"
|
|
" * 3 - affiliationChanged\n"
|
|
" * 4 - superseded\n"
|
|
" * 5 - cessationOfOperation\n"
|
|
" * 6 - certificateHold\n"
|
|
" * 8 - removeFromCRL\n"
|
|
" * 9 - privilegeWithdrawn\n"
|
|
" * 10 - aACompromise\n"
|
|
"\n"
|
|
"Note that reason code 7 is not used. See RFC 5280 for more details:\n"
|
|
"\n"
|
|
"http://www.ietf.org/rfc/rfc5280.txt\n"
|
|
msgstr ""
|
|
|
|
msgid "Checks if any of the servers has the CA service enabled."
|
|
msgstr ""
|
|
|
|
msgid "Search for existing certificates."
|
|
msgstr ""
|
|
|
|
msgid "Match cn attribute in subject"
|
|
msgstr ""
|
|
|
|
msgid "Reason"
|
|
msgstr ""
|
|
|
|
msgid "Reason for revoking the certificate (0-10)"
|
|
msgstr ""
|
|
|
|
msgid "minimum serial number"
|
|
msgstr ""
|
|
|
|
msgid "maximum serial number"
|
|
msgstr ""
|
|
|
|
msgid "match the common name exactly"
|
|
msgstr ""
|
|
|
|
msgid "Valid not after from this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Valid not after to this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Valid not before from this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Valid not before to this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Issued on from this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Issued on to this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Revoked on from this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Revoked on to this date (YYYY-mm-dd)"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of certs returned"
|
|
msgstr ""
|
|
|
|
msgid "Take a revoked certificate off hold."
|
|
msgstr ""
|
|
|
|
msgid "Serial number"
|
|
msgstr ""
|
|
|
|
msgid "Serial number in decimal or if prefixed with 0x in hexadecimal"
|
|
msgstr ""
|
|
|
|
msgid "Submit a certificate signing request."
|
|
msgstr ""
|
|
|
|
msgid "CSR"
|
|
msgstr ""
|
|
|
|
msgid "Service principal for this certificate (e.g. HTTP/test.example.com)"
|
|
msgstr ""
|
|
|
|
msgid "automatically add the principal if it doesn't exist"
|
|
msgstr ""
|
|
|
|
msgid "Revoke a certificate."
|
|
msgstr ""
|
|
|
|
msgid "Retrieve an existing certificate."
|
|
msgstr ""
|
|
|
|
msgid "Output filename"
|
|
msgstr ""
|
|
|
|
msgid "File to store the certificate in."
|
|
msgstr ""
|
|
|
|
msgid "Check the status of a certificate signing request."
|
|
msgstr ""
|
|
|
|
msgid "Request id"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of users\n"
|
|
"\n"
|
|
"Manage groups of users. By default, new groups are POSIX groups. You\n"
|
|
"can add the --nonposix option to the group-add command to mark a new group\n"
|
|
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
|
|
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
|
|
"converted to non-POSIX groups.\n"
|
|
"\n"
|
|
"Every group must have a description.\n"
|
|
"\n"
|
|
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
|
|
"supported but can have an impact on your file permissions. It is not "
|
|
"necessary\n"
|
|
"to supply a GID when creating a group. IPA will generate one automatically\n"
|
|
"if it is not provided.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new group:\n"
|
|
" ipa group-add --desc='local administrators' localadmins\n"
|
|
"\n"
|
|
" Add a new non-POSIX group:\n"
|
|
" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
|
|
"\n"
|
|
" Convert a non-POSIX group to posix:\n"
|
|
" ipa group-mod --posix remoteadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group with a specific Group ID number:\n"
|
|
" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group and let IPA assign a Group ID number:\n"
|
|
" ipa group-add --desc='printer admins' printeradmins\n"
|
|
"\n"
|
|
" Remove a group:\n"
|
|
" ipa group-del unixadmins\n"
|
|
"\n"
|
|
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --groups=remoteadmins localadmins\n"
|
|
"\n"
|
|
" Add multiple users to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --users=test1 --users=test2 localadmins\n"
|
|
"\n"
|
|
" Remove a user from the \"localadmins\" group:\n"
|
|
" ipa group-remove-member --users=test2 localadmins\n"
|
|
"\n"
|
|
" Display information about a named group.\n"
|
|
" ipa group-show localadmins\n"
|
|
"\n"
|
|
"External group membership is designed to allow users from trusted domains\n"
|
|
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
|
|
"External members should be added to groups that specifically created as\n"
|
|
"external and non-POSIX. Such group later should be included into one of "
|
|
"POSIX\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"An external group member is currently a Security Identifier (SID) as defined "
|
|
"by\n"
|
|
"the trusted domain. When adding external group members, it is possible to\n"
|
|
"specify them in either SID, or DOM\\name, or name@domain format. IPA will "
|
|
"attempt\n"
|
|
"to resolve passed name to SID with the use of Global Catalog of the trusted "
|
|
"domain.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local POSIX "
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
|
|
"--external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
|
|
"ad_admins_external\n"
|
|
" group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with ad_admins "
|
|
"POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see their "
|
|
"SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
msgstr ""
|
|
|
|
msgid "GID (use this option to set it manually)"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member users"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member groups"
|
|
msgstr ""
|
|
|
|
msgid "Create a new group."
|
|
msgstr ""
|
|
|
|
msgid "Create as a non-POSIX group"
|
|
msgstr ""
|
|
|
|
msgid "Allow adding external non-IPA members from trusted domains"
|
|
msgstr ""
|
|
|
|
msgid "Add members to a group."
|
|
msgstr ""
|
|
|
|
msgid "External member"
|
|
msgstr ""
|
|
|
|
msgid "Members of a trusted domain in DOM\\name or name@domain form"
|
|
msgstr ""
|
|
|
|
msgid "Delete group."
|
|
msgstr ""
|
|
|
|
msgid "Detach a managed group from a user."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups."
|
|
msgstr ""
|
|
|
|
msgid "search for private groups"
|
|
msgstr ""
|
|
|
|
msgid "search for POSIX groups"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"search for groups with support of external non-IPA members from trusted "
|
|
"domains"
|
|
msgstr ""
|
|
|
|
msgid "search for non-POSIX groups"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"group-name\")"
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member users."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member users."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups with these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for groups without these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify a group."
|
|
msgstr ""
|
|
|
|
msgid "change to a POSIX group"
|
|
msgstr ""
|
|
|
|
msgid "change to support external non-IPA members from trusted domains"
|
|
msgstr ""
|
|
|
|
msgid "Rename the group object"
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a group."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a named group."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Simulate use of Host-based access controls\n"
|
|
"\n"
|
|
"HBAC rules control who can access what services on what hosts.\n"
|
|
"You can use HBAC to control which users or groups can access a service,\n"
|
|
"or group of services, on a target host.\n"
|
|
"\n"
|
|
"Since applying HBAC rules implies use of a production environment,\n"
|
|
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
|
|
"having access to the production environment.\n"
|
|
"\n"
|
|
" Test user coming to a service on a named host against\n"
|
|
" existing enabled rules.\n"
|
|
"\n"
|
|
" ipa hbactest --user= --host= --service=\n"
|
|
" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
|
|
" [--sizelimit= ]\n"
|
|
"\n"
|
|
" --user, --host, and --service are mandatory, others are optional.\n"
|
|
"\n"
|
|
" If --rules is specified simulate enabling of the specified rules and test\n"
|
|
" the login of the user using only these rules.\n"
|
|
"\n"
|
|
" If --enabled is specified, all enabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --disabled is specified, all disabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --nodetail is specified, do not return information about rules matched/"
|
|
"not matched.\n"
|
|
"\n"
|
|
" If both --rules and --enabled are specified, apply simulation to --rules "
|
|
"_and_\n"
|
|
" all IPA enabled rules.\n"
|
|
"\n"
|
|
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
|
|
" By default there is a IPA-wide limit to number of entries fetched, you can "
|
|
"change it\n"
|
|
" with --sizelimit option.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Use all enabled HBAC rules in IPA database to simulate:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 2. Disable detailed summary of how rules were applied:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
"\n"
|
|
" 3. Test explicitly specified HBAC rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
|
|
" --rules=myrule --rules=my-second-rule\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 4. Use all enabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
|
|
" --rules=myrule --rules=my-second-rule --enabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 5. Test all disabled HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: new-rule\n"
|
|
"\n"
|
|
" 6. Test all disabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
|
|
" --rules=myrule --rules=my-second-rule --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
|
|
" --enabled --disabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Not matched rules: new-rule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
"\n"
|
|
"HBACTEST AND TRUSTED DOMAINS\n"
|
|
"\n"
|
|
"When an external trusted domain is configured in IPA, HBAC rules are also "
|
|
"applied\n"
|
|
"on users accessing IPA resources from the trusted domain. Trusted domain "
|
|
"users and\n"
|
|
"groups (and their SIDs) can be then assigned to external groups which can "
|
|
"be\n"
|
|
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
|
|
"allowing\n"
|
|
"access to resources protected by the HBAC system.\n"
|
|
"\n"
|
|
"hbactest plugin is capable of testing access for both local IPA users and "
|
|
"users\n"
|
|
"from the trusted domains, either by a fully qualified user name or by user "
|
|
"SID.\n"
|
|
"Such user names need to have a trusted domain specified as a short name\n"
|
|
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
|
|
"Administrator@ad.test.\n"
|
|
"\n"
|
|
"Please note that hbactest executed with a trusted domain user as --user "
|
|
"parameter\n"
|
|
"can be only run by members of \"trust admins\" group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Test if a user from a trusted domain specified by its shortname "
|
|
"matches any\n"
|
|
" rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 2. Test if a user from a trusted domain specified by its domain name "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 3. Test if a user from a trusted domain specified by its SID matches any "
|
|
"rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
|
|
" --host `hostname` --service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 4. Test if other user from a trusted domain specified by its SID matches "
|
|
"any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
|
|
" --host `hostname` --service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
"\n"
|
|
" 5. Test if other user from a trusted domain specified by its shortname "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
|
|
"sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
msgstr ""
|
|
|
|
msgid "Simulate use of Host-based access controls"
|
|
msgstr ""
|
|
|
|
msgid "Target host"
|
|
msgstr ""
|
|
|
|
msgid "Rules to test. If not specified, --enabled is assumed"
|
|
msgstr ""
|
|
|
|
msgid "Hide details which rules are matched, not matched, or invalid"
|
|
msgstr ""
|
|
|
|
msgid "Include all enabled IPA rules into test [default]"
|
|
msgstr ""
|
|
|
|
msgid "Include all disabled IPA rules into test"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of rules to process when no --rules is specified"
|
|
msgstr ""
|
|
|
|
msgid "Warning"
|
|
msgstr ""
|
|
|
|
msgid "Matched rules"
|
|
msgstr ""
|
|
|
|
msgid "Not matched rules"
|
|
msgstr ""
|
|
|
|
msgid "Non-existent or invalid rules"
|
|
msgstr ""
|
|
|
|
msgid "Result of simulation"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Cross-realm trusts\n"
|
|
"\n"
|
|
"Manage trust relationship between IPA and Active Directory domains.\n"
|
|
"\n"
|
|
"In order to allow users from a remote domain to access resources in IPA\n"
|
|
"domain, trust relationship needs to be established. Currently IPA supports\n"
|
|
"only trusts between IPA and Active Directory domains under control of "
|
|
"Windows\n"
|
|
"Server 2008 or later, with functional level 2008 or later.\n"
|
|
"\n"
|
|
"Please note that DNS on both IPA and Active Directory domain sides should "
|
|
"be\n"
|
|
"configured properly to discover each other. Trust relationship relies on\n"
|
|
"ability to discover special resources in the other domain via DNS records.\n"
|
|
"\n"
|
|
"Examples:\n"
|
|
"\n"
|
|
"1. Establish cross-realm trust with Active Directory using AD administrator\n"
|
|
" credentials:\n"
|
|
"\n"
|
|
" ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
|
|
"password\n"
|
|
"\n"
|
|
"2. List all existing trust relationships:\n"
|
|
"\n"
|
|
" ipa trust-find\n"
|
|
"\n"
|
|
"3. Show details of the specific trust relationship:\n"
|
|
"\n"
|
|
" ipa trust-show <ad.domain>\n"
|
|
"\n"
|
|
"4. Delete existing trust relationship:\n"
|
|
"\n"
|
|
" ipa trust-del <ad.domain>\n"
|
|
"\n"
|
|
"Once trust relationship is established, remote users will need to be mapped\n"
|
|
"to local POSIX groups in order to actually use IPA resources. The mapping "
|
|
"should\n"
|
|
"be done via use of external membership of non-POSIX group and then this "
|
|
"group\n"
|
|
"should be included into one of local POSIX groups.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local POSIX "
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
|
|
"--external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
|
|
"ad_admins_external\n"
|
|
" group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with ad_admins "
|
|
"POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see their "
|
|
"SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
"\n"
|
|
"\n"
|
|
"GLOBAL TRUST CONFIGURATION\n"
|
|
"\n"
|
|
"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n"
|
|
"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
|
|
"identifiers are then used when communicating with a trusted domain of the\n"
|
|
"particular type.\n"
|
|
"\n"
|
|
"1. Show global trust configuration for Active Directory type of trusts:\n"
|
|
"\n"
|
|
" ipa trustconfig-show --type ad\n"
|
|
"\n"
|
|
"2. Modify global configuration for all trusts of Active Directory type and "
|
|
"set\n"
|
|
" a different fallback primary group (fallback primary group GID is used "
|
|
"as\n"
|
|
" a primary user GID if user authenticating to IPA domain does not have any "
|
|
"other\n"
|
|
" primary GID already set):\n"
|
|
"\n"
|
|
" ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
|
|
"group\"\n"
|
|
"\n"
|
|
"3. Change primary fallback group back to default hidden group (any group "
|
|
"with\n"
|
|
" posixGroup object class is allowed):\n"
|
|
"\n"
|
|
" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
|
|
"\"\n"
|
|
msgstr ""
|
|
|
|
msgid "Domain NetBIOS name"
|
|
msgstr ""
|
|
|
|
msgid "Domain Security Identifier"
|
|
msgstr ""
|
|
|
|
msgid "SID blacklist incoming"
|
|
msgstr ""
|
|
|
|
msgid "SID blacklist outgoing"
|
|
msgstr ""
|
|
|
|
msgid "Security Identifier"
|
|
msgstr ""
|
|
|
|
msgid "NetBIOS name"
|
|
msgstr ""
|
|
|
|
msgid "Domain GUID"
|
|
msgstr ""
|
|
|
|
msgid "Fallback primary group"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Domain name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Trusted domain partner"
|
|
msgstr ""
|
|
|
|
msgid "Determine whether ipa-adtrust-install has been run on this system"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Determine whether Schema Compatibility plugin is configured to serve trusted "
|
|
"domain users and groups"
|
|
msgstr ""
|
|
|
|
msgid "Determine whether ipa-adtrust-install has been run with sidgen task"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Add new trust to use.\n"
|
|
"\n"
|
|
"This command establishes trust relationship to another domain\n"
|
|
"which becomes 'trusted'. As result, users of the trusted domain\n"
|
|
"may access resources of this domain.\n"
|
|
"\n"
|
|
"Only trusts to Active Directory domains are supported right now.\n"
|
|
"\n"
|
|
"The command can be safely run multiple times against the same domain,\n"
|
|
"this will cause change to trust relationship credentials on both\n"
|
|
"sides.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Trust type (ad for Active Directory, default)"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory domain administrator"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory domain administrator's password"
|
|
msgstr ""
|
|
|
|
msgid "Domain controller for the Active Directory domain (optional)"
|
|
msgstr ""
|
|
|
|
msgid "Shared secret for the trust"
|
|
msgstr ""
|
|
|
|
msgid "First Posix ID of the range reserved for the trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Size of the ID range reserved for the trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Range type"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust"
|
|
msgstr ""
|
|
|
|
msgid "Delete a trust."
|
|
msgstr ""
|
|
|
|
msgid "Refresh list of the domains associated with the trust"
|
|
msgstr ""
|
|
|
|
msgid "Search for trusts."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"realm\")"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Modify a trust (for future use).\n"
|
|
"\n"
|
|
" Currently only the default option to modify the LDAP attributes is\n"
|
|
" available. More specific options will be added in coming releases.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Resolve security identifiers of users and groups in trusted domains"
|
|
msgstr ""
|
|
|
|
msgid "Security Identifiers (SIDs)"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a trust."
|
|
msgstr ""
|
|
|
|
msgid "Modify global trust configuration."
|
|
msgstr ""
|
|
|
|
msgid "Show global trust configuration."
|
|
msgstr ""
|
|
|
|
msgid "Allow access from the trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Remove information about the domain associated with the trust."
|
|
msgstr ""
|
|
|
|
msgid "Disable use of IPA resources by the domain of the trust"
|
|
msgstr ""
|
|
|
|
msgid "Allow use of IPA resources by the domain of the trust"
|
|
msgstr ""
|
|
|
|
msgid "Search domains of the trust"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"domain\")"
|
|
msgstr ""
|
|
|
|
msgid "Modify trustdomain of the trust"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ID ranges\n"
|
|
"\n"
|
|
"Manage ID ranges used to map Posix IDs to SIDs and back.\n"
|
|
"\n"
|
|
"There are two type of ID ranges which are both handled by this utility:\n"
|
|
"\n"
|
|
" - the ID ranges of the local domain\n"
|
|
" - the ID ranges of trusted remote domains\n"
|
|
"\n"
|
|
"Both types have the following attributes in common:\n"
|
|
"\n"
|
|
" - base-id: the first ID of the Posix ID range\n"
|
|
" - range-size: the size of the range\n"
|
|
"\n"
|
|
"With those two attributes a range object can reserve the Posix IDs starting\n"
|
|
"with base-id up to but not including base-id+range-size exclusively.\n"
|
|
"\n"
|
|
"Additionally an ID range of the local domain may set\n"
|
|
" - rid-base: the first RID(*) of the corresponding RID range\n"
|
|
" - secondary-rid-base: first RID of the secondary RID range\n"
|
|
"\n"
|
|
"and an ID range of a trusted domain must set\n"
|
|
" - rid-base: the first RID of the corresponding RID range\n"
|
|
" - sid: domain SID of the trusted domain\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for a trusted domain\n"
|
|
"\n"
|
|
"Since there might be more than one trusted domain the domain SID must be "
|
|
"given\n"
|
|
"while creating the ID range.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
|
|
"\n"
|
|
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
|
|
"assign Posix UIDs to users from the trusted domain.\n"
|
|
"\n"
|
|
"If e.g. a range for a trusted domain is configured with the following "
|
|
"values:\n"
|
|
" base-id = 1200000\n"
|
|
" range-size = 200000\n"
|
|
" rid-base = 0\n"
|
|
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
|
|
"So\n"
|
|
"RID 1000 <-> Posix ID 1201000\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for the local domain\n"
|
|
"\n"
|
|
"To create an ID range for the local domain it is not necessary to specify a\n"
|
|
"domain SID. But since it is possible that a user and a group can have the "
|
|
"same\n"
|
|
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=1000 --secondary-rid-base=1000000 local_range\n"
|
|
"\n"
|
|
"The data from the ID ranges of the local domain are used by the IPA server\n"
|
|
"internally to assign SIDs to IPA users and groups. The SID will then be "
|
|
"stored\n"
|
|
"in the user or group objects.\n"
|
|
"\n"
|
|
"If e.g. the ID range for the local domain is configured with the values "
|
|
"from\n"
|
|
"the example above then a new user with the UID 1200007 will get the RID "
|
|
"1007.\n"
|
|
"If this RID is already used by a group the RID will be 1000007. This can "
|
|
"only\n"
|
|
"happen if a user or a group object was created with a fixed ID because the\n"
|
|
"automatic assignment will not assign the same ID twice. Since there are "
|
|
"only\n"
|
|
"users and groups sharing the same ID namespace it is sufficient to have "
|
|
"only\n"
|
|
"one fallback range to handle conflicts.\n"
|
|
"\n"
|
|
"To find the Posix ID for a given RID from the local domain it has to be\n"
|
|
"checked first if the RID falls in the primary or secondary RID range and\n"
|
|
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
|
|
"and the base-id has to be added to get the Posix ID.\n"
|
|
"\n"
|
|
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
|
|
"must not be used at all. The ID range for the local domain will be created\n"
|
|
"during installation or upgrade from an older version. The ID range for a\n"
|
|
"trusted domain will be created together with the trust by 'ipa trust-"
|
|
"add ...'.\n"
|
|
"\n"
|
|
"USE CASES:\n"
|
|
"\n"
|
|
" Add an ID range from a transitively trusted domain\n"
|
|
"\n"
|
|
" If the trusted domain (A) trusts another domain (B) as well and this "
|
|
"trust\n"
|
|
" is transitive 'ipa trust-add domain-A' will only create a range for\n"
|
|
" domain A. The ID range for domain B must be added manually.\n"
|
|
"\n"
|
|
" Add an additional ID range for the local domain\n"
|
|
"\n"
|
|
" If the ID range of the local domain is exhausted, i.e. no new IDs can "
|
|
"be\n"
|
|
" assigned to Posix users or groups by the DNA plugin, a new range has to "
|
|
"be\n"
|
|
" created to allow new users and groups to be added. (Currently there is "
|
|
"no\n"
|
|
" connection between this range CLI and the DNA plugin, but a future "
|
|
"version\n"
|
|
" might be able to modify the configuration of the DNS plugin as well)\n"
|
|
"\n"
|
|
"In general it is not necessary to modify or delete ID ranges. If there is "
|
|
"no\n"
|
|
"other way to achieve a certain configuration than to modify or delete an ID\n"
|
|
"range it should be done with great care. Because UIDs are stored in the "
|
|
"file\n"
|
|
"system and are used for access control it might be possible that users are\n"
|
|
"allowed to access files of other users if an ID range got deleted and "
|
|
"reused\n"
|
|
"for a different domain.\n"
|
|
"\n"
|
|
"(*) The RID is typically the last integer of a user or group SID which "
|
|
"follows\n"
|
|
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
|
|
"from\n"
|
|
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
|
|
"the\n"
|
|
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Range name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "First Posix ID of the range"
|
|
msgstr ""
|
|
|
|
msgid "Number of IDs in the range"
|
|
msgstr ""
|
|
|
|
msgid "First RID of the corresponding RID range"
|
|
msgstr ""
|
|
|
|
msgid "First RID of the secondary RID range"
|
|
msgstr ""
|
|
|
|
msgid "Domain SID of the trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Name of the trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Add new ID range.\n"
|
|
"\n"
|
|
" To add a new ID range you always have to specify\n"
|
|
"\n"
|
|
" --base-id\n"
|
|
" --range-size\n"
|
|
"\n"
|
|
" Additionally\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --secondary-rid-base\n"
|
|
"\n"
|
|
" may be given for a new ID range for the local domain while\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --dom-sid\n"
|
|
"\n"
|
|
" must be given to add a new range for a trusted AD domain.\n"
|
|
"\n"
|
|
" WARNING:\n"
|
|
"\n"
|
|
" DNA plugin in 389-ds will allocate IDs based on the ranges configured "
|
|
"for the\n"
|
|
" local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
" on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
" Manual configuration change has to be done in the DNA plugin "
|
|
"configuration for\n"
|
|
" the new local range. Specifically, The dnaNextRange attribute of "
|
|
"'cn=Posix\n"
|
|
" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
|
|
"to be\n"
|
|
" modified to match the new range.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Delete an ID range."
|
|
msgstr ""
|
|
|
|
msgid "Search for ranges."
|
|
msgstr ""
|
|
|
|
msgid "Modify ID range."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a range."
|
|
msgstr ""
|
|
|
|
msgid "Time limit of search in seconds (0 is unlimited)"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of entries returned (0 is unlimited)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage CA ACL rules.\n"
|
|
"\n"
|
|
"This plugin is used to define rules governing which principals are\n"
|
|
"permitted to have certificates issued using a given certificate\n"
|
|
"profile.\n"
|
|
"\n"
|
|
"PROFILE ID SYNTAX:\n"
|
|
"\n"
|
|
"A Profile ID is a string without spaces or punctuation starting with a "
|
|
"letter\n"
|
|
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a CA ACL \"test\" that grants all users access to the\n"
|
|
" \"UserCert\" profile:\n"
|
|
" ipa caacl-add test --usercat=all\n"
|
|
" ipa caacl-add-profile test --certprofiles UserCert\n"
|
|
"\n"
|
|
" Display the properties of a named CA ACL:\n"
|
|
" ipa caacl-show test\n"
|
|
"\n"
|
|
" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile:\n"
|
|
" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n"
|
|
" ipa caacl-add-user alice_dnp3 --user=alice\n"
|
|
"\n"
|
|
" Disable a CA ACL:\n"
|
|
" ipa caacl-disable test\n"
|
|
"\n"
|
|
" Remove a CA ACL:\n"
|
|
" ipa caacl-del test\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "ACL name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Profile category"
|
|
msgstr ""
|
|
|
|
msgid "Profile category the ACL applies to"
|
|
msgstr ""
|
|
|
|
msgid "User category the ACL applies to"
|
|
msgstr ""
|
|
|
|
msgid "Host category the ACL applies to"
|
|
msgstr ""
|
|
|
|
msgid "Service category the ACL applies to"
|
|
msgstr ""
|
|
|
|
msgid "Profiles"
|
|
msgstr ""
|
|
|
|
msgid "Create a new CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Add target hosts and hostgroups to a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Add profiles to a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "member Certificate Profile"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Profiles to add"
|
|
msgstr ""
|
|
|
|
msgid "Add services to a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Add users and groups to a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Delete a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Disable a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Enable a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Search for CA ACLs."
|
|
msgstr ""
|
|
|
|
msgid "Modify a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Remove target hosts and hostgroups from a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Remove profiles from a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Certificate Profiles to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove services from a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Remove users and groups from a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid "Display the properties of a CA ACL."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage Certificate Profiles\n"
|
|
"\n"
|
|
"Certificate Profiles are used by Certificate Authority (CA) in the signing "
|
|
"of\n"
|
|
"certificates to determine if a Certificate Signing Request (CSR) is "
|
|
"acceptable,\n"
|
|
"and if so what features and extensions will be present on the certificate.\n"
|
|
"\n"
|
|
"The Certificate Profile format is the property-list format understood by "
|
|
"the\n"
|
|
"Dogtag or Red Hat Certificate System CA.\n"
|
|
"\n"
|
|
"PROFILE ID SYNTAX:\n"
|
|
"\n"
|
|
"A Profile ID is a string without spaces or punctuation starting with a "
|
|
"letter\n"
|
|
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Import a profile that will not store issued certificates:\n"
|
|
" ipa certprofile-import ShortLivedUserCert --file UserCert.profile "
|
|
"--desc \"User Certificates\" --store=false\n"
|
|
"\n"
|
|
" Delete a certificate profile:\n"
|
|
" ipa certprofile-del ShortLivedUserCert\n"
|
|
"\n"
|
|
" Show information about a profile:\n"
|
|
" ipa certprofile-show ShortLivedUserCert\n"
|
|
"\n"
|
|
" Save profile configuration to a file:\n"
|
|
" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n"
|
|
"\n"
|
|
" Search for profiles that do not store certificates:\n"
|
|
" ipa certprofile-find --store=false\n"
|
|
"\n"
|
|
"PROFILE CONFIGURATION FORMAT:\n"
|
|
"\n"
|
|
"The profile configuration format is the raw property-list format\n"
|
|
"used by Dogtag Certificate System. The XML format is not supported.\n"
|
|
"\n"
|
|
"The following restrictions apply to profiles managed by FreeIPA:\n"
|
|
"\n"
|
|
"- When importing a profile the \"profileId\" field, if present, must\n"
|
|
" match the ID given on the command line.\n"
|
|
"\n"
|
|
"- The \"classId\" field must be set to \"caEnrollImpl\"\n"
|
|
"\n"
|
|
"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n"
|
|
"\n"
|
|
"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n"
|
|
" class must be used.\n"
|
|
msgstr ""
|
|
|
|
msgid "Profile ID for referring to this profile"
|
|
msgstr ""
|
|
|
|
msgid "Profile description"
|
|
msgstr ""
|
|
|
|
msgid "Brief description of this profile"
|
|
msgstr ""
|
|
|
|
msgid "Store issued certificates"
|
|
msgstr ""
|
|
|
|
msgid "Whether to store certs issued using this profile"
|
|
msgstr ""
|
|
|
|
msgid "Delete a Certificate Profile."
|
|
msgstr ""
|
|
|
|
msgid "Search for Certificate Profiles."
|
|
msgstr ""
|
|
|
|
msgid "Import a Certificate Profile."
|
|
msgstr ""
|
|
|
|
msgid "Filename of a raw profile. The XML format is not supported."
|
|
msgstr ""
|
|
|
|
msgid "Modify Certificate Profile configuration."
|
|
msgstr ""
|
|
|
|
msgid "File containing profile configuration"
|
|
msgstr ""
|
|
|
|
msgid "Display the properties of a Certificate Profile."
|
|
msgstr ""
|
|
|
|
msgid "Write profile configuration to file"
|
|
msgstr ""
|
|
|
|
msgid "Maximum amount of time (seconds) for a search (-1 or 0 is unlimited)"
|
|
msgstr ""
|
|
|
|
msgid "Maximum number of records to search (-1 or 0 is unlimited)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Raise the IPA Domain Level.\n"
|
|
msgstr ""
|
|
|
|
msgid "Query current Domain Level."
|
|
msgstr ""
|
|
|
|
msgid "Current domain level:"
|
|
msgstr ""
|
|
|
|
msgid "Change current Domain Level."
|
|
msgstr ""
|
|
|
|
msgid "Domain Level"
|
|
msgstr ""
|
|
|
|
msgid "Add certificates to host entry"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificates from host entry"
|
|
msgstr ""
|
|
|
|
msgid "Fallback to AD DC LDAP"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Allow falling back to AD DC LDAP when resolving AD trusted objects. For two-"
|
|
"way trusts only."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Applies ID View to specified hosts or current members of specified "
|
|
"hostgroups. If any other ID View is applied to the host, it is overridden."
|
|
msgstr ""
|
|
|
|
msgid "Add to default group"
|
|
msgstr ""
|
|
|
|
msgid "Add migrated users without a group to a default group (default: true)"
|
|
msgstr ""
|
|
|
|
msgid "Search scope"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"LDAP search scope for users and groups: base, onelevel, or subtree. Defaults "
|
|
"to onelevel"
|
|
msgstr ""
|
|
|
|
msgid "Remove users that can manage this token."
|
|
msgstr ""
|
|
|
|
msgid "Target DN subtree"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Optional DN subtree where an entry can be moved to (must be in the subtree, "
|
|
"but may not yet exist)"
|
|
msgstr ""
|
|
|
|
msgid "Origin DN subtree"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Optional DN subtree from where an entry can be moved (must be in the "
|
|
"subtree, but may not yet exist)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA servers\n"
|
|
"\n"
|
|
"Get information about installed IPA servers.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Find all servers:\n"
|
|
" ipa server-find\n"
|
|
"\n"
|
|
" Show specific server:\n"
|
|
" ipa server-show ipa.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid "Server name"
|
|
msgstr ""
|
|
|
|
msgid "IPA server hostname"
|
|
msgstr ""
|
|
|
|
msgid "Managed suffix"
|
|
msgstr ""
|
|
|
|
msgid "Min domain level"
|
|
msgstr ""
|
|
|
|
msgid "Minimum domain level"
|
|
msgstr ""
|
|
|
|
msgid "Max domain level"
|
|
msgstr ""
|
|
|
|
msgid "Maximum domain level"
|
|
msgstr ""
|
|
|
|
msgid "Delete IPA server."
|
|
msgstr ""
|
|
|
|
msgid "Search for IPA servers."
|
|
msgstr ""
|
|
|
|
msgid "Show IPA server."
|
|
msgstr ""
|
|
|
|
msgid "Add new certificates to a service"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificates from a service"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Service Constrained Delegation\n"
|
|
"\n"
|
|
"Manage rules to allow constrained delegation of credentials so\n"
|
|
"that a service can impersonate a user when communicating with another\n"
|
|
"service without requiring the user to actually forward their TGT.\n"
|
|
"This makes for a much better method of delegating credentials as it\n"
|
|
"prevents exposure of the short term secret of the user.\n"
|
|
"\n"
|
|
"The naming convention is to append the word \"target\" or \"targets\" to\n"
|
|
"a matching rule name. This is not mandatory but helps conceptually\n"
|
|
"to associate rules and targets.\n"
|
|
"\n"
|
|
"A rule consists of two things:\n"
|
|
" - A list of targets the rule applies to\n"
|
|
" - A list of memberPrincipals that are allowed to delegate for\n"
|
|
" those targets\n"
|
|
"\n"
|
|
"A target consists of a list of principals that can be delegated.\n"
|
|
"\n"
|
|
"In English, a rule says that this principal can delegate as this\n"
|
|
"list of principals, as defined by these targets.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new constrained delegation rule:\n"
|
|
" ipa servicedelegationrule-add ftp-delegation\n"
|
|
"\n"
|
|
" Add a new constrained delegation target:\n"
|
|
" ipa servicedelegationtarget-add ftp-delegation-target\n"
|
|
"\n"
|
|
" Add a principal to the rule:\n"
|
|
" ipa servicedelegationrule-add-member --principals=ftp/ipa.example."
|
|
"com ftp-delegation\n"
|
|
"\n"
|
|
" Add our target to the rule:\n"
|
|
" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-"
|
|
"delegation-target ftp-delegation\n"
|
|
"\n"
|
|
" Add a principal to the target:\n"
|
|
" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example."
|
|
"com ftp-delegation-target\n"
|
|
"\n"
|
|
" Display information about a named delegation rule and target:\n"
|
|
" ipa servicedelegationrule_show ftp-delegation\n"
|
|
" ipa servicedelegationtarget_show ftp-delegation-target\n"
|
|
"\n"
|
|
" Remove a constrained delegation:\n"
|
|
" ipa servicedelegationrule-del ftp-delegation-target\n"
|
|
" ipa servicedelegationtarget-del ftp-delegation\n"
|
|
"\n"
|
|
"In this example the ftp service can get a TGT for the ldap service on\n"
|
|
"the bound user's behalf.\n"
|
|
"\n"
|
|
"It is strongly discouraged to modify the delegations that ship with\n"
|
|
"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n"
|
|
"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n"
|
|
"to delegate, causing the framework to stop functioning.\n"
|
|
msgstr ""
|
|
|
|
msgid "Allowed Target"
|
|
msgstr ""
|
|
|
|
msgid "Create a new service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "Add member to a named service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "member principal"
|
|
msgstr ""
|
|
|
|
msgid "principal to add"
|
|
msgstr ""
|
|
|
|
msgid "Add target to a named service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "member service delegation target"
|
|
msgstr ""
|
|
|
|
msgid "service delegation targets to add"
|
|
msgstr ""
|
|
|
|
msgid "Delete service delegation."
|
|
msgstr ""
|
|
|
|
msgid "Search for service delegations rule."
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"delegation-name\")"
|
|
msgstr ""
|
|
|
|
msgid "Remove member from a named service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "principal to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove target from a named service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "service delegation targets to remove"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a named service delegation rule."
|
|
msgstr ""
|
|
|
|
msgid "Create a new service delegation target."
|
|
msgstr ""
|
|
|
|
msgid "Add member to a named service delegation target."
|
|
msgstr ""
|
|
|
|
msgid "Delete service delegation target."
|
|
msgstr ""
|
|
|
|
msgid "Search for service delegation target."
|
|
msgstr ""
|
|
|
|
msgid "Remove member from a named service delegation target."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a named service delegation target."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Stageusers\n"
|
|
"\n"
|
|
"Manage stage user entries.\n"
|
|
"\n"
|
|
"Stage user entries are directly under the container: \"cn=stage users,\n"
|
|
"cn=accounts, cn=provisioning, SUFFIX\".\n"
|
|
"User can not authenticate with those entries (even if the entries\n"
|
|
"contain credentials) and are candidate to become Active entries.\n"
|
|
"\n"
|
|
"Active user entries are Posix users directly under the container: "
|
|
"\"cn=accounts, SUFFIX\".\n"
|
|
"User can authenticate with Active entries, at the condition they have\n"
|
|
"credentials\n"
|
|
"\n"
|
|
"Delete user entries are Posix users directly under the container: "
|
|
"\"cn=deleted users,\n"
|
|
"cn=accounts, cn=provisioning, SUFFIX\".\n"
|
|
"User can not authenticate with those entries (even if the entries contain "
|
|
"credentials)\n"
|
|
"\n"
|
|
"The stage user container contains entries\n"
|
|
" - created by 'stageuser-add' commands that are Posix users\n"
|
|
" - created by external provisioning system\n"
|
|
"\n"
|
|
"A valid stage user entry MUST:\n"
|
|
" - entry RDN is 'uid'\n"
|
|
" - ipaUniqueID is 'autogenerate'\n"
|
|
"\n"
|
|
"IPA supports a wide range of username formats, but you need to be aware of "
|
|
"any\n"
|
|
"restrictions that may apply to your particular environment. For example,\n"
|
|
"usernames that start with a digit or usernames that exceed a certain length\n"
|
|
"may cause problems for some UNIX systems.\n"
|
|
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new stageuser:\n"
|
|
" ipa stageuser-add --first=Tim --last=User --password tuser1\n"
|
|
"\n"
|
|
" Add a stageuser from the Delete container\n"
|
|
" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid "Activate a stage user."
|
|
msgstr ""
|
|
|
|
msgid "Add a new stage user."
|
|
msgstr ""
|
|
|
|
msgid "Create Stage user in from a delete user"
|
|
msgstr ""
|
|
|
|
msgid "Delete a stage user."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users with these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users without these member of groups."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users with these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users without these member of netgroups."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users with these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users without these member of roles."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users with these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users without these member of HBAC rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users with these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Search for stage users without these member of sudo rules."
|
|
msgstr ""
|
|
|
|
msgid "Modify a stage user."
|
|
msgstr ""
|
|
|
|
msgid "Rename the stage user object"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a stage user."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Topology\n"
|
|
"\n"
|
|
"Management of a replication topology.\n"
|
|
"\n"
|
|
"Requires minimum domain level 1.\n"
|
|
msgstr ""
|
|
|
|
msgid "Segment name"
|
|
msgstr ""
|
|
|
|
msgid "Arbitrary string identifying the segment"
|
|
msgstr ""
|
|
|
|
msgid "Left node"
|
|
msgstr ""
|
|
|
|
msgid "Left replication node - an IPA server"
|
|
msgstr ""
|
|
|
|
msgid "Right node"
|
|
msgstr ""
|
|
|
|
msgid "Right replication node - an IPA server"
|
|
msgstr ""
|
|
|
|
msgid "Connectivity"
|
|
msgstr ""
|
|
|
|
msgid "Direction of replication between left and right replication node"
|
|
msgstr ""
|
|
|
|
msgid "Attributes to strip"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"A space separated list of attributes which are removed from replication "
|
|
"updates."
|
|
msgstr ""
|
|
|
|
msgid "Attributes to replicate"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Attributes that are not replicated to a consumer server during a fractional "
|
|
"update. E.g., `(objectclass=*) $ EXCLUDE accountlockout memberof"
|
|
msgstr ""
|
|
|
|
msgid "Attributes for total update"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Attributes that are not replicated to a consumer server during a total "
|
|
"update. E.g. (objectclass=*) $ EXCLUDE accountlockout"
|
|
msgstr ""
|
|
|
|
msgid "Session timeout"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Number of seconds outbound LDAP operations waits for a response from the "
|
|
"remote replica before timing out and failing"
|
|
msgstr ""
|
|
|
|
msgid "Replication agreement enabled"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Whether a replication agreement is active, meaning whether replication is "
|
|
"occurring per that agreement"
|
|
msgstr ""
|
|
|
|
msgid "Suffix name"
|
|
msgstr ""
|
|
|
|
msgid "LDAP suffix to be managed"
|
|
msgstr ""
|
|
|
|
msgid "Add a new segment."
|
|
msgstr ""
|
|
|
|
msgid "Delete a segment."
|
|
msgstr ""
|
|
|
|
msgid "Search for topology segments."
|
|
msgstr ""
|
|
|
|
msgid "Modify a segment."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Request a full re-initialization of the node retrieving data from the other "
|
|
"node."
|
|
msgstr ""
|
|
|
|
msgid "Initialize left node"
|
|
msgstr ""
|
|
|
|
msgid "Initialize right node"
|
|
msgstr ""
|
|
|
|
msgid "Stop already started refresh of chosen node(s)"
|
|
msgstr ""
|
|
|
|
msgid "Display a segment."
|
|
msgstr ""
|
|
|
|
msgid "Add a new topology suffix to be managed."
|
|
msgstr ""
|
|
|
|
msgid "Delete a topology suffix."
|
|
msgstr ""
|
|
|
|
msgid "Search for topology suffices."
|
|
msgstr ""
|
|
|
|
msgid "Modify a topology suffix."
|
|
msgstr ""
|
|
|
|
msgid "Show managed suffix."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Verify replication topology for suffix.\n"
|
|
"\n"
|
|
"Checks done:\n"
|
|
" 1. check if a topology is not disconnected. In other words if there are\n"
|
|
" replication paths between all servers.\n"
|
|
" 2. check if servers don't have more than the recommended number of\n"
|
|
" replication agreements\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Preserved user"
|
|
msgstr ""
|
|
|
|
msgid "Add one or more certificates to the user entry"
|
|
msgstr ""
|
|
|
|
msgid "Remove one or more certificates to the user entry"
|
|
msgstr ""
|
|
|
|
msgid "Move deleted user into staged area"
|
|
msgstr ""
|
|
|
|
msgid "Undelete a delete user account."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Vaults\n"
|
|
"\n"
|
|
"Manage vaults.\n"
|
|
"\n"
|
|
"Vault is a secure place to store a secret.\n"
|
|
"\n"
|
|
"Based on the ownership there are three vault categories:\n"
|
|
"* user/private vault\n"
|
|
"* service vault\n"
|
|
"* shared vault\n"
|
|
"\n"
|
|
"User vaults are vaults owned used by a particular user. Private\n"
|
|
"vaults are vaults owned the current user. Service vaults are\n"
|
|
"vaults owned by a service. Shared vaults are owned by the admin\n"
|
|
"but they can be used by other users or services.\n"
|
|
"\n"
|
|
"Based on the security mechanism there are three types of\n"
|
|
"vaults:\n"
|
|
"* standard vault\n"
|
|
"* symmetric vault\n"
|
|
"* asymmetric vault\n"
|
|
"\n"
|
|
"Standard vault uses a secure mechanism to transport and\n"
|
|
"store the secret. The secret can only be retrieved by users\n"
|
|
"that have access to the vault.\n"
|
|
"\n"
|
|
"Symmetric vault is similar to the standard vault, but it\n"
|
|
"pre-encrypts the secret using a password before transport.\n"
|
|
"The secret can only be retrieved using the same password.\n"
|
|
"\n"
|
|
"Asymmetric vault is similar to the standard vault, but it\n"
|
|
"pre-encrypts the secret using a public key before transport.\n"
|
|
"The secret can only be retrieved using the private key.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" List vaults:\n"
|
|
" ipa vault-find\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
"\n"
|
|
" Add a standard vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type standard\n"
|
|
"\n"
|
|
" Add a symmetric vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type symmetric --password-file password.txt\n"
|
|
"\n"
|
|
" Add an asymmetric vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type asymmetric --public-key-file public.pem\n"
|
|
"\n"
|
|
" Show a vault:\n"
|
|
" ipa vault-show <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
"\n"
|
|
" Modify vault description:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --desc <description>\n"
|
|
"\n"
|
|
" Modify vault type:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type <type>\n"
|
|
" [old password/private key]\n"
|
|
" [new password/public key]\n"
|
|
"\n"
|
|
" Modify symmetric vault password:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --change-password\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --old-password <old password>\n"
|
|
" --new-password <new password>\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --old-password-file <old password file>\n"
|
|
" --new-password-file <new password file>\n"
|
|
"\n"
|
|
" Modify asymmetric vault keys:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --private-key-file <old private key file>\n"
|
|
" --public-key-file <new public key file>\n"
|
|
"\n"
|
|
" Delete a vault:\n"
|
|
" ipa vault-del <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
"\n"
|
|
" Display vault configuration:\n"
|
|
" ipa vaultconfig-show\n"
|
|
"\n"
|
|
" Archive data into standard vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
"\n"
|
|
" Archive data into symmetric vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
" --password-file password.txt\n"
|
|
"\n"
|
|
" Archive data into asymmetric vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
"\n"
|
|
" Retrieve data from standard vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file>\n"
|
|
"\n"
|
|
" Retrieve data from symmetric vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file>\n"
|
|
" --password-file password.txt\n"
|
|
"\n"
|
|
" Retrieve data from asymmetric vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file> --private-key-file private.pem\n"
|
|
"\n"
|
|
" Add vault owners:\n"
|
|
" ipa vault-add-owner <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
"\n"
|
|
" Delete vault owners:\n"
|
|
" ipa vault-remove-owner <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
"\n"
|
|
" Add vault members:\n"
|
|
" ipa vault-add-member <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
"\n"
|
|
" Delete vault members:\n"
|
|
" ipa vault-remove-member <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
msgstr ""
|
|
|
|
msgid "Vault name"
|
|
msgstr ""
|
|
|
|
msgid "Vault description"
|
|
msgstr ""
|
|
|
|
msgid "Vault type"
|
|
msgstr ""
|
|
|
|
msgid "Salt"
|
|
msgstr ""
|
|
|
|
msgid "Vault salt"
|
|
msgstr ""
|
|
|
|
msgid "Public key"
|
|
msgstr ""
|
|
|
|
msgid "Vault public key"
|
|
msgstr ""
|
|
|
|
msgid "Owner users"
|
|
msgstr ""
|
|
|
|
msgid "Owner groups"
|
|
msgstr ""
|
|
|
|
msgid "Owner services"
|
|
msgstr ""
|
|
|
|
msgid "Failed owners"
|
|
msgstr ""
|
|
|
|
msgid "Vault service"
|
|
msgstr ""
|
|
|
|
msgid "Shared vault"
|
|
msgstr ""
|
|
|
|
msgid "Vault user"
|
|
msgstr ""
|
|
|
|
msgid "Transport Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Service name of the service vault"
|
|
msgstr ""
|
|
|
|
msgid "Username of the user vault"
|
|
msgstr ""
|
|
|
|
msgid "Add members to a vault."
|
|
msgstr ""
|
|
|
|
msgid "Add owners to a vault."
|
|
msgstr ""
|
|
|
|
msgid "owner user"
|
|
msgstr ""
|
|
|
|
msgid "owner group"
|
|
msgstr ""
|
|
|
|
msgid "owner service"
|
|
msgstr ""
|
|
|
|
msgid "Owners that could not be added"
|
|
msgstr ""
|
|
|
|
msgid "Number of owners added"
|
|
msgstr ""
|
|
|
|
msgid "Session key wrapped with transport certificate"
|
|
msgstr ""
|
|
|
|
msgid "Vault data encrypted with session key"
|
|
msgstr ""
|
|
|
|
msgid "Nonce"
|
|
msgstr ""
|
|
|
|
msgid "Delete a vault."
|
|
msgstr ""
|
|
|
|
msgid "Search for vaults."
|
|
msgstr ""
|
|
|
|
msgid "List all service vaults"
|
|
msgstr ""
|
|
|
|
msgid "List all user vaults"
|
|
msgstr ""
|
|
|
|
msgid "Remove members from a vault."
|
|
msgstr ""
|
|
|
|
msgid "Remove owners from a vault."
|
|
msgstr ""
|
|
|
|
msgid "Owners that could not be removed"
|
|
msgstr ""
|
|
|
|
msgid "Number of owners removed"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a vault."
|
|
msgstr ""
|
|
|
|
msgid "Show vault configuration."
|
|
msgstr ""
|
|
|
|
msgid "Output file to store the transport certificate"
|
|
msgstr ""
|
|
|
|
msgid "Add owners to a vault container."
|
|
msgstr ""
|
|
|
|
msgid "Delete a vault container."
|
|
msgstr ""
|
|
|
|
msgid "Remove owners from a vault container."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a vault container."
|
|
msgstr ""
|
|
|
|
msgid "Certificate Profile to use"
|
|
msgstr ""
|
|
|
|
msgid "Two-way trust"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Establish bi-directional trust. By default trust is inbound one-way only."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ID ranges\n"
|
|
"\n"
|
|
"Manage ID ranges used to map Posix IDs to SIDs and back.\n"
|
|
"\n"
|
|
"There are two type of ID ranges which are both handled by this utility:\n"
|
|
"\n"
|
|
" - the ID ranges of the local domain\n"
|
|
" - the ID ranges of trusted remote domains\n"
|
|
"\n"
|
|
"Both types have the following attributes in common:\n"
|
|
"\n"
|
|
" - base-id: the first ID of the Posix ID range\n"
|
|
" - range-size: the size of the range\n"
|
|
"\n"
|
|
"With those two attributes a range object can reserve the Posix IDs starting\n"
|
|
"with base-id up to but not including base-id+range-size exclusively.\n"
|
|
"\n"
|
|
"Additionally an ID range of the local domain may set\n"
|
|
" - rid-base: the first RID(*) of the corresponding RID range\n"
|
|
" - secondary-rid-base: first RID of the secondary RID range\n"
|
|
"\n"
|
|
"and an ID range of a trusted domain must set\n"
|
|
" - rid-base: the first RID of the corresponding RID range\n"
|
|
" - sid: domain SID of the trusted domain\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for a trusted domain\n"
|
|
"\n"
|
|
"Since there might be more than one trusted domain the domain SID must be "
|
|
"given\n"
|
|
"while creating the ID range.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
|
|
"\n"
|
|
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
|
|
"assign Posix UIDs to users from the trusted domain.\n"
|
|
"\n"
|
|
"If e.g. a range for a trusted domain is configured with the following "
|
|
"values:\n"
|
|
" base-id = 1200000\n"
|
|
" range-size = 200000\n"
|
|
" rid-base = 0\n"
|
|
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
|
|
"So\n"
|
|
"RID 1000 <-> Posix ID 1201000\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for the local domain\n"
|
|
"\n"
|
|
"To create an ID range for the local domain it is not necessary to specify a\n"
|
|
"domain SID. But since it is possible that a user and a group can have the "
|
|
"same\n"
|
|
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=1000 --secondary-rid-base=1000000 local_range\n"
|
|
"\n"
|
|
"The data from the ID ranges of the local domain are used by the IPA server\n"
|
|
"internally to assign SIDs to IPA users and groups. The SID will then be "
|
|
"stored\n"
|
|
"in the user or group objects.\n"
|
|
"\n"
|
|
"If e.g. the ID range for the local domain is configured with the values "
|
|
"from\n"
|
|
"the example above then a new user with the UID 1200007 will get the RID "
|
|
"1007.\n"
|
|
"If this RID is already used by a group the RID will be 1000007. This can "
|
|
"only\n"
|
|
"happen if a user or a group object was created with a fixed ID because the\n"
|
|
"automatic assignment will not assign the same ID twice. Since there are "
|
|
"only\n"
|
|
"users and groups sharing the same ID namespace it is sufficient to have "
|
|
"only\n"
|
|
"one fallback range to handle conflicts.\n"
|
|
"\n"
|
|
"To find the Posix ID for a given RID from the local domain it has to be\n"
|
|
"checked first if the RID falls in the primary or secondary RID range and\n"
|
|
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
|
|
"and the base-id has to be added to get the Posix ID.\n"
|
|
"\n"
|
|
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
|
|
"must not be used at all. The ID range for the local domain will be created\n"
|
|
"during installation or upgrade from an older version. The ID range for a\n"
|
|
"trusted domain will be created together with the trust by 'ipa trust-"
|
|
"add ...'.\n"
|
|
"\n"
|
|
"USE CASES:\n"
|
|
"\n"
|
|
" Add an ID range from a transitively trusted domain\n"
|
|
"\n"
|
|
" If the trusted domain (A) trusts another domain (B) as well and this "
|
|
"trust\n"
|
|
" is transitive 'ipa trust-add domain-A' will only create a range for\n"
|
|
" domain A. The ID range for domain B must be added manually.\n"
|
|
"\n"
|
|
" Add an additional ID range for the local domain\n"
|
|
"\n"
|
|
" If the ID range of the local domain is exhausted, i.e. no new IDs can "
|
|
"be\n"
|
|
" assigned to Posix users or groups by the DNA plugin, a new range has to "
|
|
"be\n"
|
|
" created to allow new users and groups to be added. (Currently there is "
|
|
"no\n"
|
|
" connection between this range CLI and the DNA plugin, but a future "
|
|
"version\n"
|
|
" might be able to modify the configuration of the DNS plugin as well)\n"
|
|
"\n"
|
|
"In general it is not necessary to modify or delete ID ranges. If there is "
|
|
"no\n"
|
|
"other way to achieve a certain configuration than to modify or delete an ID\n"
|
|
"range it should be done with great care. Because UIDs are stored in the "
|
|
"file\n"
|
|
"system and are used for access control it might be possible that users are\n"
|
|
"allowed to access files of other users if an ID range got deleted and "
|
|
"reused\n"
|
|
"for a different domain.\n"
|
|
"\n"
|
|
"(*) The RID is typically the last integer of a user or group SID which "
|
|
"follows\n"
|
|
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
|
|
"from\n"
|
|
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
|
|
"the\n"
|
|
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"=======\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
"=======\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Add new ID range.\n"
|
|
"\n"
|
|
" To add a new ID range you always have to specify\n"
|
|
"\n"
|
|
" --base-id\n"
|
|
" --range-size\n"
|
|
"\n"
|
|
" Additionally\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --secondary-rid-base\n"
|
|
"\n"
|
|
" may be given for a new ID range for the local domain while\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --dom-sid\n"
|
|
"\n"
|
|
" must be given to add a new range for a trusted AD domain.\n"
|
|
"\n"
|
|
"=======\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
"=======\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Modify ID range.\n"
|
|
"\n"
|
|
"=======\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
"=======\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Resolve a host name in DNS. (Deprecated)"
|
|
msgstr ""
|
|
|
|
msgid "Hostname (FQDN)"
|
|
msgstr ""
|
|
|
|
msgid "Force DNS zone creation even if it will overlap with an existing zone."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Force DNS zone creation even if nameserver is not resolvable. (Deprecated)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of users\n"
|
|
"\n"
|
|
"Manage groups of users. By default, new groups are POSIX groups. You\n"
|
|
"can add the --nonposix option to the group-add command to mark a new group\n"
|
|
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
|
|
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
|
|
"converted to non-POSIX groups.\n"
|
|
"\n"
|
|
"Every group must have a description.\n"
|
|
"\n"
|
|
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
|
|
"supported but can have an impact on your file permissions. It is not "
|
|
"necessary\n"
|
|
"to supply a GID when creating a group. IPA will generate one automatically\n"
|
|
"if it is not provided.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new group:\n"
|
|
" ipa group-add --desc='local administrators' localadmins\n"
|
|
"\n"
|
|
" Add a new non-POSIX group:\n"
|
|
" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
|
|
"\n"
|
|
" Convert a non-POSIX group to posix:\n"
|
|
" ipa group-mod --posix remoteadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group with a specific Group ID number:\n"
|
|
" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group and let IPA assign a Group ID number:\n"
|
|
" ipa group-add --desc='printer admins' printeradmins\n"
|
|
"\n"
|
|
" Remove a group:\n"
|
|
" ipa group-del unixadmins\n"
|
|
"\n"
|
|
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --groups=remoteadmins localadmins\n"
|
|
"\n"
|
|
" Add multiple users to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --users=test1 --users=test2 localadmins\n"
|
|
"\n"
|
|
" Remove a user from the \"localadmins\" group:\n"
|
|
" ipa group-remove-member --users=test2 localadmins\n"
|
|
"\n"
|
|
" Display information about a named group.\n"
|
|
" ipa group-show localadmins\n"
|
|
"\n"
|
|
"External group membership is designed to allow users from trusted domains\n"
|
|
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
|
|
"External members should be added to groups that specifically created as\n"
|
|
"external and non-POSIX. Such group later should be included into one of "
|
|
"POSIX\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"An external group member is currently a Security Identifier (SID) as defined "
|
|
"by\n"
|
|
"the trusted domain. When adding external group members, it is possible to\n"
|
|
"specify them in either SID, or DOM\n"
|
|
"ame, or name@domain format. IPA will attempt\n"
|
|
"to resolve passed name to SID with the use of Global Catalog of the trusted "
|
|
"domain.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local POSIX "
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
|
|
"--external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
|
|
"ad_admins_external\n"
|
|
" group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with ad_admins "
|
|
"POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see their "
|
|
"SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Simulate use of Host-based access controls\n"
|
|
"\n"
|
|
"HBAC rules control who can access what services on what hosts.\n"
|
|
"You can use HBAC to control which users or groups can access a service,\n"
|
|
"or group of services, on a target host.\n"
|
|
"\n"
|
|
"Since applying HBAC rules implies use of a production environment,\n"
|
|
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
|
|
"having access to the production environment.\n"
|
|
"\n"
|
|
" Test user coming to a service on a named host against\n"
|
|
" existing enabled rules.\n"
|
|
"\n"
|
|
" ipa hbactest --user= --host= --service=\n"
|
|
" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
|
|
" [--sizelimit= ]\n"
|
|
"\n"
|
|
" --user, --host, and --service are mandatory, others are optional.\n"
|
|
"\n"
|
|
" If --rules is specified simulate enabling of the specified rules and test\n"
|
|
" the login of the user using only these rules.\n"
|
|
"\n"
|
|
" If --enabled is specified, all enabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --disabled is specified, all disabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --nodetail is specified, do not return information about rules matched/"
|
|
"not matched.\n"
|
|
"\n"
|
|
" If both --rules and --enabled are specified, apply simulation to --rules "
|
|
"_and_\n"
|
|
" all IPA enabled rules.\n"
|
|
"\n"
|
|
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
|
|
" By default there is a IPA-wide limit to number of entries fetched, you can "
|
|
"change it\n"
|
|
" with --sizelimit option.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Use all enabled HBAC rules in IPA database to simulate:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 2. Disable detailed summary of how rules were applied:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
"\n"
|
|
" 3. Test explicitly specified HBAC rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --"
|
|
"rules=myrule --rules=my-second-rule\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 4. Use all enabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --"
|
|
"rules=myrule --rules=my-second-rule --enabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 5. Test all disabled HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: new-rule\n"
|
|
"\n"
|
|
" 6. Test all disabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --"
|
|
"rules=myrule --rules=my-second-rule --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled "
|
|
"--disabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Not matched rules: new-rule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
"\n"
|
|
"HBACTEST AND TRUSTED DOMAINS\n"
|
|
"\n"
|
|
"When an external trusted domain is configured in IPA, HBAC rules are also "
|
|
"applied\n"
|
|
"on users accessing IPA resources from the trusted domain. Trusted domain "
|
|
"users and\n"
|
|
"groups (and their SIDs) can be then assigned to external groups which can "
|
|
"be\n"
|
|
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
|
|
"allowing\n"
|
|
"access to resources protected by the HBAC system.\n"
|
|
"\n"
|
|
"hbactest plugin is capable of testing access for both local IPA users and "
|
|
"users\n"
|
|
"from the trusted domains, either by a fully qualified user name or by user "
|
|
"SID.\n"
|
|
"Such user names need to have a trusted domain specified as a short name\n"
|
|
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
|
|
"Administrator@ad.test.\n"
|
|
"\n"
|
|
"Please note that hbactest executed with a trusted domain user as --user "
|
|
"parameter\n"
|
|
"can be only run by members of \"trust admins\" group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Test if a user from a trusted domain specified by its shortname "
|
|
"matches any\n"
|
|
" rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 2. Test if a user from a trusted domain specified by its domain name "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 3. Test if a user from a trusted domain specified by its SID matches any "
|
|
"rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user "
|
|
"S-1-5-21-3035198329-144811719-1378114514-500 --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 4. Test if other user from a trusted domain specified by its SID matches "
|
|
"any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user "
|
|
"S-1-5-21-3035198329-144811719-1378114514-1203 --host `hostname` "
|
|
"--service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
"\n"
|
|
" 5. Test if other user from a trusted domain specified by its shortname "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
|
|
"sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
msgstr ""
|
|
|
|
msgid "Managed suffixes"
|
|
msgstr ""
|
|
|
|
msgid "Check connection to remote IPA server."
|
|
msgstr ""
|
|
|
|
msgid "Remote server name"
|
|
msgstr ""
|
|
|
|
msgid "Remote IPA server hostname"
|
|
msgstr ""
|
|
|
|
msgid "suffix"
|
|
msgstr ""
|
|
|
|
msgid "Search for servers with these managed suffixes."
|
|
msgstr ""
|
|
|
|
msgid "Search for servers without these managed suffixes."
|
|
msgstr ""
|
|
|
|
msgid "Add a manager to the stage user entry"
|
|
msgstr ""
|
|
|
|
msgid "Remove a manager to the stage user entry"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Topology\n"
|
|
"\n"
|
|
"Management of a replication topology at domain level 1.\n"
|
|
"\n"
|
|
"IPA server's data is stored in LDAP server in two suffixes:\n"
|
|
"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related "
|
|
"data\n"
|
|
"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n"
|
|
" contains data for Certificate Server component\n"
|
|
"\n"
|
|
"Data stored on IPA servers is replicated to other IPA servers. The way it "
|
|
"is\n"
|
|
"replicated is defined by replication agreements. Replication agreements "
|
|
"needs\n"
|
|
"to be set for both suffixes separately. On domain level 0 they are managed\n"
|
|
"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level "
|
|
"1\n"
|
|
"they are managed centrally using `ipa topology*` commands.\n"
|
|
"\n"
|
|
"Agreements are represented by topology segments. By default topology "
|
|
"segment\n"
|
|
"represents 2 replication agreements - one for each direction, e.g., A to B "
|
|
"and\n"
|
|
"B to A. Creation of unidirectional segments is not allowed.\n"
|
|
"\n"
|
|
"To verify that no server is disconnected in the topology of the given "
|
|
"suffix,\n"
|
|
"use:\n"
|
|
" ipa topologysuffix-verify $suffix\n"
|
|
"\n"
|
|
"\n"
|
|
"Examples:\n"
|
|
" Find all IPA servers:\n"
|
|
" ipa server-find\n"
|
|
"\n"
|
|
" Find all suffixes:\n"
|
|
" ipa topologysuffix-find\n"
|
|
"\n"
|
|
" Add topology segment to 'domain' suffix:\n"
|
|
" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n"
|
|
"\n"
|
|
" Add topology segment to 'ca' suffix:\n"
|
|
" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n"
|
|
"\n"
|
|
" List all topology segments in 'domain' suffix:\n"
|
|
" ipa topologysegment-find domain\n"
|
|
"\n"
|
|
" List all topology segments in 'ca' suffix:\n"
|
|
" ipa topologysegment-find ca\n"
|
|
"\n"
|
|
" Delete topology segment in 'domain' suffix:\n"
|
|
" ipa topologysegment-del domain segment_name\n"
|
|
"\n"
|
|
" Delete topology segment in 'ca' suffix:\n"
|
|
" ipa topologysegment-del ca segment_name\n"
|
|
"\n"
|
|
" Verify topology of 'domain' suffix:\n"
|
|
" ipa topologysuffix-verify domain\n"
|
|
"\n"
|
|
" Verify topology of 'ca' suffix:\n"
|
|
" ipa topologysuffix-verify ca\n"
|
|
msgstr ""
|
|
|
|
msgid "Managed LDAP suffix DN"
|
|
msgstr ""
|
|
|
|
msgid "Search for topology suffixes."
|
|
msgstr ""
|
|
|
|
msgid "Add a manager to the user entry"
|
|
msgstr ""
|
|
|
|
msgid "Remove a manager to the user entry"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Directory Server Access Control Instructions (ACIs)\n"
|
|
"\n"
|
|
"ACIs are used to allow or deny access to information. This module is\n"
|
|
"currently designed to allow, not deny, access.\n"
|
|
"\n"
|
|
"The aci commands are designed to grant permissions that allow updating\n"
|
|
"existing entries or adding or deleting new ones. The goal of the ACIs\n"
|
|
"that ship with IPA is to provide a set of low-level permissions that\n"
|
|
"grant access to special groups called taskgroups. These low-level\n"
|
|
"permissions can be combined into roles that grant broader access. These\n"
|
|
"roles are another type of group, roles.\n"
|
|
"\n"
|
|
"For example, if you have taskgroups that allow adding and modifying users "
|
|
"you\n"
|
|
"could create a role, useradmin. You would assign users to the useradmin\n"
|
|
"role to allow them to do the operations defined by the taskgroups.\n"
|
|
"\n"
|
|
"You can create ACIs that delegate permission so users in group A can write\n"
|
|
"attributes on group B.\n"
|
|
"\n"
|
|
"The type option is a map that applies to all entries in the users, groups "
|
|
"or\n"
|
|
"host location. It is primarily designed to be used when granting add\n"
|
|
"permissions (to write new entries).\n"
|
|
"\n"
|
|
"An ACI consists of three parts:\n"
|
|
"1. target\n"
|
|
"2. permissions\n"
|
|
"3. bind rules\n"
|
|
"\n"
|
|
"The target is a set of rules that define which LDAP objects are being\n"
|
|
"targeted. This can include a list of attributes, an area of that LDAP\n"
|
|
"tree or an LDAP filter.\n"
|
|
"\n"
|
|
"The targets include:\n"
|
|
"- attrs: list of attributes affected\n"
|
|
"- type: an object type (user, group, host, service, etc)\n"
|
|
"- memberof: members of a group\n"
|
|
"- targetgroup: grant access to modify a specific group. This is primarily\n"
|
|
" designed to enable users to add or remove members of a specific group.\n"
|
|
"- filter: A legal LDAP filter used to narrow the scope of the target.\n"
|
|
"- subtree: Used to apply a rule across an entire set of objects. For "
|
|
"example,\n"
|
|
" to allow adding users you need to grant \"add\" permission to the subtree\n"
|
|
" ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option\n"
|
|
" is a fail-safe for objects that may not be covered by the type option.\n"
|
|
"\n"
|
|
"The permissions define what the ACI is allowed to do, and are one or\n"
|
|
"more of:\n"
|
|
"1. write - write one or more attributes\n"
|
|
"2. read - read one or more attributes\n"
|
|
"3. add - add a new entry to the tree\n"
|
|
"4. delete - delete an existing entry\n"
|
|
"5. all - all permissions are granted\n"
|
|
"\n"
|
|
"Note the distinction between attributes and entries. The permissions are\n"
|
|
"independent, so being able to add a user does not mean that the user will\n"
|
|
"be editable.\n"
|
|
"\n"
|
|
"The bind rule defines who this ACI grants permissions to. The LDAP server\n"
|
|
"allows this to be any valid LDAP entry but we encourage the use of\n"
|
|
"taskgroups so that the rights can be easily shared through roles.\n"
|
|
"\n"
|
|
"For a more thorough description of access controls see\n"
|
|
"http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control."
|
|
"html\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
"NOTE: ACIs are now added via the permission plugin. These examples are to\n"
|
|
"demonstrate how the various options work but this is done via the "
|
|
"permission\n"
|
|
"command-line now (see last example).\n"
|
|
"\n"
|
|
" Add an ACI so that the group \"secretaries\" can update the address on any "
|
|
"user:\n"
|
|
" ipa group-add --desc=\"Office secretaries\" secretaries\n"
|
|
" ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries "
|
|
"--permissions=write --prefix=none \"Secretaries write addresses\"\n"
|
|
"\n"
|
|
" Show the new ACI:\n"
|
|
" ipa aci-show --prefix=none \"Secretaries write addresses\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the \"addusers\" permission to add new "
|
|
"users:\n"
|
|
" ipa aci-add --type=user --permission=addusers --permissions=add --"
|
|
"prefix=none \"Add new users\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the editors manage members of the admins "
|
|
"group:\n"
|
|
" ipa aci-add --permissions=write --attrs=member --targetgroup=admins --"
|
|
"group=editors --prefix=none \"Editors manage admins\"\n"
|
|
"\n"
|
|
" Add an ACI that allows members of the admins group to manage the street and "
|
|
"zip code of those in the editors group:\n"
|
|
" ipa aci-add --permissions=write --memberof=editors --group=admins --"
|
|
"attrs=street,postalcode --prefix=none \"admins edit the address of editors"
|
|
"\"\n"
|
|
"\n"
|
|
" Add an ACI that allows the admins group manage the street and zipcode of "
|
|
"those who work for the boss:\n"
|
|
" ipa aci-add --permissions=write --group=admins --attrs=street,postalcode "
|
|
"--filter=\"(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)\" --"
|
|
"prefix=none \"Edit the address of those who work for the boss\"\n"
|
|
"\n"
|
|
" Add an entirely new kind of record to IPA that isn't covered by any of the "
|
|
"--type options, creating a permission:\n"
|
|
" ipa permission-add --permissions=add --subtree=\"cn=*,cn=orange,"
|
|
"cn=accounts,dc=example,dc=com\" --desc=\"Add Orange Entries\" add_orange\n"
|
|
"\n"
|
|
"\n"
|
|
"The show command shows the raw 389-ds ACI.\n"
|
|
"\n"
|
|
"IMPORTANT: When modifying the target attributes of an existing ACI you\n"
|
|
"must include all existing attributes as well. When doing an aci-mod the\n"
|
|
"targetattr REPLACES the current attributes, it does not add to them.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"comma-separated list of permissions to grant(read, write, add, delete, all)"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of attributes"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Auto Membership Rule.\n"
|
|
"\n"
|
|
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
|
|
"or exclusive regex patterns, you can automatically assign a new entries "
|
|
"into\n"
|
|
"a group or hostgroup based upon attribute information.\n"
|
|
"\n"
|
|
"A rule is directly associated with a group by name, so you cannot create\n"
|
|
"a rule without an accompanying group or hostgroup.\n"
|
|
"\n"
|
|
"A condition is a regular expression used by 389-ds to match a new incoming\n"
|
|
"entry with an automember rule. If it matches an inclusive rule then the\n"
|
|
"entry is added to the appropriate group or hostgroup.\n"
|
|
"\n"
|
|
"A default group or hostgroup could be specified for entries that do not\n"
|
|
"match any rule. In case of user entries this group will be a fallback group\n"
|
|
"because all users are by default members of group specified in IPA config.\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add the initial group or hostgroup:\n"
|
|
" ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
|
|
" ipa group-add --desc=\"Developers\" devel\n"
|
|
"\n"
|
|
" Add the initial rule:\n"
|
|
" ipa automember-add --type=hostgroup webservers\n"
|
|
" ipa automember-add --type=group devel\n"
|
|
"\n"
|
|
" Add a condition to the rule:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
" ipa automember-add-condition --key=manager --type=group --inclusive-"
|
|
"regex=^uid=mscott devel\n"
|
|
"\n"
|
|
" Add an exclusive condition to the rule to prevent auto assignment:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
|
|
"regex=^web5\\.example\\.com webservers\n"
|
|
"\n"
|
|
" Add a host:\n"
|
|
" ipa host-add web1.example.com\n"
|
|
"\n"
|
|
" Add a user:\n"
|
|
" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
|
|
"\n"
|
|
" Verify automembership:\n"
|
|
" ipa hostgroup-show webservers\n"
|
|
" Host-group: webservers\n"
|
|
" Description: Web Servers\n"
|
|
" Member hosts: web1.example.com\n"
|
|
"\n"
|
|
" ipa group-show devel\n"
|
|
" Group name: devel\n"
|
|
" Description: Developers\n"
|
|
" GID: 1004200000\n"
|
|
" Member users: tuser\n"
|
|
"\n"
|
|
" Remove a condition from the rule:\n"
|
|
" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
"\n"
|
|
" Modify the automember rule:\n"
|
|
" ipa automember-mod\n"
|
|
"\n"
|
|
" Set the default (fallback) target group:\n"
|
|
" ipa automember-default-group-set --default-group=webservers --"
|
|
"type=hostgroup\n"
|
|
" ipa automember-default-group-set --default-group=ipausers --type=group\n"
|
|
"\n"
|
|
" Remove the default (fallback) target group:\n"
|
|
" ipa automember-default-group-remove --type=hostgroup\n"
|
|
" ipa automember-default-group-remove --type=group\n"
|
|
"\n"
|
|
" Show the default (fallback) target group:\n"
|
|
" ipa automember-default-group-show --type=hostgroup\n"
|
|
" ipa automember-default-group-show --type=group\n"
|
|
"\n"
|
|
" Find all of the automember rules:\n"
|
|
" ipa automember-find\n"
|
|
"\n"
|
|
" Display a automember rule:\n"
|
|
" ipa automember-show --type=hostgroup webservers\n"
|
|
" ipa automember-show --type=group devel\n"
|
|
"\n"
|
|
" Delete an automember rule:\n"
|
|
" ipa automember-del --type=hostgroup webservers\n"
|
|
" ipa automember-del --type=group devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA certificate operations\n"
|
|
"\n"
|
|
"Implements a set of commands for managing server SSL certificates.\n"
|
|
"\n"
|
|
"Certificate requests exist in the form of a Certificate Signing Request "
|
|
"(CSR)\n"
|
|
"in PEM format.\n"
|
|
"\n"
|
|
"If using the selfsign back end then the subject in the CSR needs to match\n"
|
|
"the subject configured in the server. The dogtag CA uses just the CN\n"
|
|
"value of the CSR and forces the rest of the subject.\n"
|
|
"\n"
|
|
"A certificate is stored with a service principal and a service principal\n"
|
|
"needs a host.\n"
|
|
"\n"
|
|
"In order to request a certificate:\n"
|
|
"\n"
|
|
"* The host must exist\n"
|
|
"* The service must exist (or you use the --add option to automatically add "
|
|
"it)\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Request a new certificate and add the principal:\n"
|
|
" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
|
|
"\n"
|
|
" Retrieve an existing certificate:\n"
|
|
" ipa cert-show 1032\n"
|
|
"\n"
|
|
" Revoke a certificate (see RFC 5280 for reason details):\n"
|
|
" ipa cert-revoke --revocation-reason=6 1032\n"
|
|
"\n"
|
|
" Remove a certificate from revocation hold status:\n"
|
|
" ipa cert-remove-hold 1032\n"
|
|
"\n"
|
|
" Check the status of a signing request:\n"
|
|
" ipa cert-status 10\n"
|
|
"\n"
|
|
"IPA currently immediately issues (or declines) all certificate requests so\n"
|
|
"the status of a request is not normally useful. This is for future use\n"
|
|
"or the case where a CA does not immediately issue a certificate.\n"
|
|
"\n"
|
|
"The following revocation reasons are supported:\n"
|
|
"\n"
|
|
" * 0 - unspecified\n"
|
|
" * 1 - keyCompromise\n"
|
|
" * 2 - cACompromise\n"
|
|
" * 3 - affiliationChanged\n"
|
|
" * 4 - superseded\n"
|
|
" * 5 - cessationOfOperation\n"
|
|
" * 6 - certificateHold\n"
|
|
" * 8 - removeFromCRL\n"
|
|
" * 9 - privilegeWithdrawn\n"
|
|
" * 10 - aACompromise\n"
|
|
"\n"
|
|
"Note that reason code 7 is not used. See RFC 5280 for more details:\n"
|
|
"\n"
|
|
"http://www.ietf.org/rfc/rfc5280.txt\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Group to Group Delegation\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of permissions. Access Control\n"
|
|
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
|
|
"given tasks such as adding a user, modifying a group, etc.\n"
|
|
"\n"
|
|
"Group to Group Delegations grants the members of one group to update a set\n"
|
|
"of attributes of members of another group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a delegation rule to allow managers to edit employee's addresses:\n"
|
|
" ipa delegation-add --attrs=street --group=managers --"
|
|
"membergroup=employees \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" When managing the list of attributes you need to include all attributes\n"
|
|
" in the list, including existing ones. Add postalCode to the list:\n"
|
|
" ipa delegation-mod --attrs=street,postalCode --group=managers --"
|
|
"membergroup=employees \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" Display our updated rule:\n"
|
|
" ipa delegation-show \"managers edit employees' street\"\n"
|
|
"\n"
|
|
" Delete a rule:\n"
|
|
" ipa delegation-del \"managers edit employees' street\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of permissions to grant (read, write). Default is write."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Domain Name System (DNS)\n"
|
|
"\n"
|
|
"Manage DNS zone and resource records.\n"
|
|
"\n"
|
|
"\n"
|
|
"USING STRUCTURED PER-TYPE OPTIONS\n"
|
|
"\n"
|
|
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
|
|
"is not just a scalar value, for example an IP address or a domain name, but\n"
|
|
"a data structure which may be often complex. A good example is a LOC record\n"
|
|
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
|
|
"minutes, seconds of latitude and longitude, altitude or precision).\n"
|
|
"\n"
|
|
"It may be difficult to manipulate such DNS records without making a mistake\n"
|
|
"and entering an invalid value. DNS module provides an abstraction over "
|
|
"these\n"
|
|
"raw records and allows to manipulate each RR type with specific options. "
|
|
"For\n"
|
|
"each supported RR type, DNS module provides a standard option to manipulate\n"
|
|
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
|
|
"options\n"
|
|
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
|
|
"--mx-preference and --mx-exchanger.\n"
|
|
"\n"
|
|
"When adding a record, either RR specific options or standard option for a "
|
|
"raw\n"
|
|
"value can be used, they just should not be combined in one add operation. "
|
|
"When\n"
|
|
"modifying an existing entry, new RR specific options can be used to change\n"
|
|
"one part of a DNS record, where the standard option for raw value is used\n"
|
|
"to specify the modified value. The following example demonstrates\n"
|
|
"a modification of MX record preference from 0 to 1 in a record without\n"
|
|
"modifying the exchanger:\n"
|
|
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add new zone:\n"
|
|
" ipa dnszone-add example.com --name-"
|
|
"server=ns --admin-email=admin@example."
|
|
"com --ip-address=10.0.0.1\n"
|
|
"\n"
|
|
" Add system permission that can be used for per-zone privilege delegation:\n"
|
|
" ipa dnszone-add-permission example.com\n"
|
|
"\n"
|
|
" Modify the zone to allow dynamic updates for hosts own records in realm "
|
|
"EXAMPLE.COM:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE\n"
|
|
"\n"
|
|
" This is the equivalent of:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE --update-policy="
|
|
"\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant "
|
|
"EXAMPLE.COM krb5-self * SSHFP;\"\n"
|
|
"\n"
|
|
" Modify the zone to allow zone transfers for local network only:\n"
|
|
" ipa dnszone-mod example.com --allow-transfer=10.0.0.0/8\n"
|
|
"\n"
|
|
" Add new reverse zone specified by network IP address:\n"
|
|
" ipa dnszone-add --name-from-ip=80.142.15.0/24 --name-"
|
|
"server=ns.example.com.\n"
|
|
"\n"
|
|
" Add second nameserver for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
|
|
"\n"
|
|
" Add a mail server for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
|
|
"\n"
|
|
" Add another record using MX record specific options:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
|
|
"\n"
|
|
" Add another record using interactive mode (started when dnsrecord-add, "
|
|
"dnsrecord-mod,\n"
|
|
" or dnsrecord-del are executed with no options):\n"
|
|
" ipa dnsrecord-add example.com @\n"
|
|
" Please choose a type of DNS resource record to be added\n"
|
|
" The most common types for this type of zone are: NS, MX, LOC\n"
|
|
"\n"
|
|
" DNS resource record type: MX\n"
|
|
" MX Preference: 30\n"
|
|
" MX Exchanger: mail3\n"
|
|
" Record name: example.com\n"
|
|
" MX record: 10 mail1, 20 mail2, 30 mail3\n"
|
|
" NS record: nameserver.example.com., nameserver2.example.com.\n"
|
|
"\n"
|
|
" Delete previously added nameserver from example.com:\n"
|
|
" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
|
|
"\n"
|
|
" Add LOC record for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
|
|
"227.64m\"\n"
|
|
"\n"
|
|
" Add new A record for www.example.com. Create a reverse record in "
|
|
"appropriate\n"
|
|
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
|
|
"example.com\n"
|
|
" will be created in zone 15.142.80.in-addr.arpa.\n"
|
|
" ipa dnsrecord-add example.com www --a-rec=80.142.15.2 --a-create-reverse\n"
|
|
"\n"
|
|
" Add new PTR record for www.example.com\n"
|
|
" ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
|
|
"\n"
|
|
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
|
|
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
|
|
" is available, switch to backup.example.com.\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
|
|
"example.com\"\n"
|
|
"\n"
|
|
" The interactive mode can be used for easy modification:\n"
|
|
" ipa dnsrecord-mod example.com _ldap._tcp\n"
|
|
" No option to modify specific record provided.\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
|
|
"backup.example.com\n"
|
|
"\n"
|
|
" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
|
|
" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
|
|
" SRV Priority [0]: (keep the default value)\n"
|
|
" SRV Weight [1]: 2 (modified value)\n"
|
|
" SRV Port [389]: (keep the default value)\n"
|
|
" SRV Target [slow.example.com]: (keep the default value)\n"
|
|
" 1 SRV record skipped. Only one value per DNS record type can be modified "
|
|
"at one time.\n"
|
|
" Record name: _ldap._tcp\n"
|
|
" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
|
|
"389 slow.example.com\n"
|
|
"\n"
|
|
" After this modification, three fifths of the requests should go to\n"
|
|
" fast.example.com and two fifths to slow.example.com.\n"
|
|
"\n"
|
|
" An example of the interactive mode for dnsrecord-del command:\n"
|
|
" ipa dnsrecord-del example.com www\n"
|
|
" No option to delete specific record provided.\n"
|
|
" Delete all? Yes/No (default No): (do not delete all records)\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" A record: 1.2.3.4, 11.22.33.44\n"
|
|
"\n"
|
|
" Delete A record '1.2.3.4'? Yes/No (default No):\n"
|
|
" Delete A record '11.22.33.44'? Yes/No (default No): y\n"
|
|
" Record name: www\n"
|
|
" A record: 1.2.3.4 (A record 11.22.33.44 has been "
|
|
"deleted)\n"
|
|
"\n"
|
|
" Show zone example.com:\n"
|
|
" ipa dnszone-show example.com\n"
|
|
"\n"
|
|
" Find zone with \"example\" in its domain name:\n"
|
|
" ipa dnszone-find example\n"
|
|
"\n"
|
|
" Find records for resources with \"www\" in their name in zone example.com:\n"
|
|
" ipa dnsrecord-find example.com www\n"
|
|
"\n"
|
|
" Find A records with value 10.10.0.1 in zone example.com\n"
|
|
" ipa dnsrecord-find example.com --a-rec=10.10.0.1\n"
|
|
"\n"
|
|
" Show records for resource www in zone example.com\n"
|
|
" ipa dnsrecord-show example.com www\n"
|
|
"\n"
|
|
" Delegate zone sub.example to another nameserver:\n"
|
|
" ipa dnsrecord-add example.com ns.sub --a-rec=10.0.100.5\n"
|
|
" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
|
|
"\n"
|
|
" If global forwarder is configured, all requests to sub.example.com will be\n"
|
|
" routed through the global forwarder. To change the behavior for example."
|
|
"com\n"
|
|
" zone only and forward the request directly to ns.sub.example.com., global\n"
|
|
" forwarding may be disabled per-zone:\n"
|
|
" ipa dnszone-mod example.com --forward-policy=none\n"
|
|
"\n"
|
|
" Forward all requests for the zone external.com to another nameserver using\n"
|
|
" a \"first\" policy (it will send the queries to the selected forwarder and "
|
|
"if\n"
|
|
" not answered it will use global resolvers):\n"
|
|
" ipa dnszone-add external.com\n"
|
|
" ipa dnszone-mod external.com --"
|
|
"forwarder=10.20.0.1 --forward-policy=first\n"
|
|
"\n"
|
|
" Delete zone example.com with all resource records:\n"
|
|
" ipa dnszone-del example.com\n"
|
|
"\n"
|
|
" Resolve a host name to see if it exists (will add default IPA domain\n"
|
|
" if one is not included):\n"
|
|
" ipa dns-resolve www.example.com\n"
|
|
" ipa dns-resolve www\n"
|
|
"\n"
|
|
"\n"
|
|
"GLOBAL DNS CONFIGURATION\n"
|
|
"\n"
|
|
"DNS configuration passed to command line install script is stored in a "
|
|
"local\n"
|
|
"configuration file on each IPA server where DNS service is configured. "
|
|
"These\n"
|
|
"local settings can be overridden with a common configuration stored in LDAP\n"
|
|
"server:\n"
|
|
"\n"
|
|
" Show global DNS configuration:\n"
|
|
" ipa dnsconfig-show\n"
|
|
"\n"
|
|
" Modify global DNS configuration and set a list of global forwarders:\n"
|
|
" ipa dnsconfig-mod --forwarder=10.0.0.1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"A list of global forwarders. A custom port can be specified for each "
|
|
"forwarder using a standard format \"IP_ADDRESS port PORT\""
|
|
msgstr ""
|
|
|
|
msgid "An interval between regular polls of the name server for new DNS zones"
|
|
msgstr ""
|
|
|
|
msgid "DNS class"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw A records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw AAAA records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw A6 records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw AFSDB records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw APL records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw CERT records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw CNAME records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw DHCID records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw DLV records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw DNAME records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw DNSKEY records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw DS records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw HIP records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw IPSECKEY records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw KEY records"
|
|
msgstr ""
|
|
|
|
msgid "KEY Flags"
|
|
msgstr ""
|
|
|
|
msgid "KEY Protocol"
|
|
msgstr ""
|
|
|
|
msgid "Protocol"
|
|
msgstr ""
|
|
|
|
msgid "KEY Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "KEY Public Key"
|
|
msgstr ""
|
|
|
|
msgid "Public Key"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw KX records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw LOC records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw MX records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw NAPTR records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw NS records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw NSEC records"
|
|
msgstr ""
|
|
|
|
msgid "NSEC Next Domain Name"
|
|
msgstr ""
|
|
|
|
msgid "Next Domain Name"
|
|
msgstr ""
|
|
|
|
msgid "NSEC Type Map"
|
|
msgstr ""
|
|
|
|
msgid "Type Map"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw NSEC3 records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw NSEC3PARAM records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw PTR records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw RRSIG records"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Type Covered"
|
|
msgstr ""
|
|
|
|
msgid "Type Covered"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Labels"
|
|
msgstr ""
|
|
|
|
msgid "Labels"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Original TTL"
|
|
msgstr ""
|
|
|
|
msgid "Original TTL"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Signature Expiration"
|
|
msgstr ""
|
|
|
|
msgid "Signature Expiration"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Signature Inception"
|
|
msgstr ""
|
|
|
|
msgid "Signature Inception"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Signer's Name"
|
|
msgstr ""
|
|
|
|
msgid "Signer's Name"
|
|
msgstr ""
|
|
|
|
msgid "RRSIG Signature"
|
|
msgstr ""
|
|
|
|
msgid "Signature"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw RP records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw SIG records"
|
|
msgstr ""
|
|
|
|
msgid "SIG Type Covered"
|
|
msgstr ""
|
|
|
|
msgid "SIG Algorithm"
|
|
msgstr ""
|
|
|
|
msgid "SIG Labels"
|
|
msgstr ""
|
|
|
|
msgid "SIG Original TTL"
|
|
msgstr ""
|
|
|
|
msgid "SIG Signature Expiration"
|
|
msgstr ""
|
|
|
|
msgid "SIG Signature Inception"
|
|
msgstr ""
|
|
|
|
msgid "SIG Key Tag"
|
|
msgstr ""
|
|
|
|
msgid "SIG Signer's Name"
|
|
msgstr ""
|
|
|
|
msgid "SIG Signature"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw SPF records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw SRV records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw SSHFP records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw TA records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw TKEY records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw TSIG records"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of raw TXT records"
|
|
msgstr ""
|
|
|
|
msgid "SOA time to live"
|
|
msgstr ""
|
|
|
|
msgid "SOA record time to live"
|
|
msgstr ""
|
|
|
|
msgid "SOA class"
|
|
msgstr ""
|
|
|
|
msgid "SOA record class"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"A list of per-zone forwarders. A custom port can be specified for each "
|
|
"forwarder using a standard format \"IP_ADDRESS port PORT\""
|
|
msgstr ""
|
|
|
|
msgid "Add forward record for nameserver located in the created zone"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Entitlements\n"
|
|
"\n"
|
|
"Manage entitlements for client machines\n"
|
|
"\n"
|
|
"Entitlements can be managed either by registering with an entitlement\n"
|
|
"server with a username and password or by manually importing entitlement\n"
|
|
"certificates. An entitlement certificate contains embedded information\n"
|
|
"such as the product being entitled, the quantity and the validity dates.\n"
|
|
"\n"
|
|
"An entitlement server manages the number of client entitlements available.\n"
|
|
"To mark these entitlements as used by the IPA server you provide a quantity\n"
|
|
"and they are marked as consumed on the entitlement server.\n"
|
|
"\n"
|
|
" Register with an entitlement server:\n"
|
|
" ipa entitle-register consumer\n"
|
|
"\n"
|
|
" Import an entitlement certificate:\n"
|
|
" ipa entitle-import /home/user/ipaclient.pem\n"
|
|
"\n"
|
|
" Display current entitlements:\n"
|
|
" ipa entitle-status\n"
|
|
"\n"
|
|
" Retrieve details on entitlement certificates:\n"
|
|
" ipa entitle-get\n"
|
|
"\n"
|
|
" Consume some entitlements from the entitlement server:\n"
|
|
" ipa entitle-consume 50\n"
|
|
"\n"
|
|
"The registration ID is a Unique Identifier (UUID). This ID will be\n"
|
|
"IMPORTED if you have used entitle-import.\n"
|
|
"\n"
|
|
"Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service.\n"
|
|
msgstr ""
|
|
|
|
msgid "Consume an entitlement."
|
|
msgstr ""
|
|
|
|
msgid "Quantity"
|
|
msgstr ""
|
|
|
|
msgid "Search for entitlement accounts."
|
|
msgstr ""
|
|
|
|
msgid "Retrieve the entitlement certs."
|
|
msgstr ""
|
|
|
|
msgid "Import an entitlement certificate."
|
|
msgstr ""
|
|
|
|
msgid "UUID"
|
|
msgstr ""
|
|
|
|
msgid "Enrollment UUID"
|
|
msgstr ""
|
|
|
|
msgid "Register to the entitlement system."
|
|
msgstr ""
|
|
|
|
msgid "Username"
|
|
msgstr ""
|
|
|
|
msgid "Enrollment UUID (not implemented)"
|
|
msgstr ""
|
|
|
|
msgid "Registration password"
|
|
msgstr ""
|
|
|
|
msgid "Display current entitlements."
|
|
msgstr ""
|
|
|
|
msgid "Re-sync the local entitlement cache with the entitlement server."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of users\n"
|
|
"\n"
|
|
"Manage groups of users. By default, new groups are POSIX groups. You\n"
|
|
"can add the --nonposix option to the group-add command to mark a new group\n"
|
|
"as non-POSIX. You can use the --posix argument with the group-mod command\n"
|
|
"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
|
|
"converted to non-POSIX groups.\n"
|
|
"\n"
|
|
"Every group must have a description.\n"
|
|
"\n"
|
|
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
|
|
"supported but can have an impact on your file permissions. It is not "
|
|
"necessary\n"
|
|
"to supply a GID when creating a group. IPA will generate one automatically\n"
|
|
"if it is not provided.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new group:\n"
|
|
" ipa group-add --desc='local administrators' localadmins\n"
|
|
"\n"
|
|
" Add a new non-POSIX group:\n"
|
|
" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
|
|
"\n"
|
|
" Convert a non-POSIX group to posix:\n"
|
|
" ipa group-mod --posix remoteadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group with a specific Group ID number:\n"
|
|
" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group and let IPA assign a Group ID number:\n"
|
|
" ipa group-add --desc='printer admins' printeradmins\n"
|
|
"\n"
|
|
" Remove a group:\n"
|
|
" ipa group-del unixadmins\n"
|
|
"\n"
|
|
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --groups=remoteadmins localadmins\n"
|
|
"\n"
|
|
" Add a list of users to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --users=test1,test2 localadmins\n"
|
|
"\n"
|
|
" Remove a user from the \"localadmins\" group:\n"
|
|
" ipa group-remove-member --users=test2 localadmins\n"
|
|
"\n"
|
|
" Display information about a named group.\n"
|
|
" ipa group-show localadmins\n"
|
|
"\n"
|
|
"External group membership is designed to allow users from trusted domains\n"
|
|
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
|
|
"External members should be added to groups that specifically created as\n"
|
|
"external and non-POSIX. Such group later should be included into one of "
|
|
"POSIX\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"An external group member is currently a Security Identifier (SID) as defined "
|
|
"by\n"
|
|
"the trusted domain. When adding external group members, it is possible to\n"
|
|
"specify them in either SID, or DOM\n"
|
|
"ame, or name@domain format. IPA will attempt\n"
|
|
"to resolve passed name to SID with the use of Global Catalog of the trusted "
|
|
"domain.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local POSIX "
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
|
|
"--external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
|
|
"ad_admins_external\n"
|
|
" group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with ad_admins "
|
|
"POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see their "
|
|
"SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"comma-separated list of members of a trusted domain in DOM\\name or "
|
|
"name@domain form"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of users to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of groups to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of users to remove"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of groups to remove"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Host-based access control\n"
|
|
"\n"
|
|
"Control who can access what services on what hosts and from where. You\n"
|
|
"can use HBAC to control which users or groups on a source host can\n"
|
|
"access a service, or group of services, on a target host.\n"
|
|
"\n"
|
|
"You can also specify a category of users, target hosts, and source\n"
|
|
"hosts. This is currently limited to \"all\", but might be expanded in the\n"
|
|
"future.\n"
|
|
"\n"
|
|
"Target hosts and source hosts in HBAC rules must be hosts managed by IPA.\n"
|
|
"\n"
|
|
"The available services and groups of services are controlled by the\n"
|
|
"hbacsvc and hbacsvcgroup plug-ins respectively.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a rule, \"test1\", that grants all users access to the host \"server"
|
|
"\" from\n"
|
|
" anywhere:\n"
|
|
" ipa hbacrule-add --usercat=all --srchostcat=all test1\n"
|
|
" ipa hbacrule-add-host --hosts=server.example.com test1\n"
|
|
"\n"
|
|
" Display the properties of a named HBAC rule:\n"
|
|
" ipa hbacrule-show test1\n"
|
|
"\n"
|
|
" Create a rule for a specific service. This lets the user john access\n"
|
|
" the sshd service on any machine from any machine:\n"
|
|
" ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd\n"
|
|
" ipa hbacrule-add-user --users=john john_sshd\n"
|
|
" ipa hbacrule-add-service --hbacsvcs=sshd john_sshd\n"
|
|
"\n"
|
|
" Create a rule for a new service group. This lets the user john access\n"
|
|
" the FTP service on any machine from any machine:\n"
|
|
" ipa hbacsvcgroup-add ftpers\n"
|
|
" ipa hbacsvc-add sftp\n"
|
|
" ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers\n"
|
|
" ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp\n"
|
|
" ipa hbacrule-add-user --users=john john_ftp\n"
|
|
" ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp\n"
|
|
"\n"
|
|
" Disable a named HBAC rule:\n"
|
|
" ipa hbacrule-disable test1\n"
|
|
"\n"
|
|
" Remove a named HBAC rule:\n"
|
|
" ipa hbacrule-del allow_server\n"
|
|
msgstr ""
|
|
|
|
msgid "Source host category"
|
|
msgstr ""
|
|
|
|
msgid "Source host category the rule applies to"
|
|
msgstr ""
|
|
|
|
msgid "Source Hosts"
|
|
msgstr ""
|
|
|
|
msgid "Source Host Groups"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of hosts to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of host groups to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of HBAC services to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of HBAC service groups to add"
|
|
msgstr ""
|
|
|
|
msgid "Add source hosts and hostgroups from a HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of hosts to remove"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of host groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of HBAC services to remove"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of HBAC service groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Remove source hosts and hostgroups from an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"HBAC Service Groups\n"
|
|
"\n"
|
|
"HBAC service groups can contain any number of individual services,\n"
|
|
"or \"members\". Every group must have a description.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new HBAC service group:\n"
|
|
" ipa hbacsvcgroup-add --desc=\"login services\" login\n"
|
|
"\n"
|
|
" Add members to an HBAC service group:\n"
|
|
" ipa hbacsvcgroup-add-member --hbacsvcs=sshd,login login\n"
|
|
"\n"
|
|
" Display information about a named group:\n"
|
|
" ipa hbacsvcgroup-show login\n"
|
|
"\n"
|
|
" Add a new group to the \"login\" group:\n"
|
|
" ipa hbacsvcgroup-add --desc=\"switch users\" login\n"
|
|
" ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l login\n"
|
|
"\n"
|
|
" Delete an HBAC service group:\n"
|
|
" ipa hbacsvcgroup-del login\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Simulate use of Host-based access controls\n"
|
|
"\n"
|
|
"HBAC rules control who can access what services on what hosts and from "
|
|
"where.\n"
|
|
"You can use HBAC to control which users or groups can access a service,\n"
|
|
"or group of services, on a target host.\n"
|
|
"\n"
|
|
"Since applying HBAC rules implies use of a production environment,\n"
|
|
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
|
|
"having access to the production environment.\n"
|
|
"\n"
|
|
" Test user coming to a service on a named host against\n"
|
|
" existing enabled rules.\n"
|
|
"\n"
|
|
" ipa hbactest --user= --host= --service=\n"
|
|
" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
|
|
" [--srchost= ] [--sizelimit= ]\n"
|
|
"\n"
|
|
" --user, --host, and --service are mandatory, others are optional.\n"
|
|
"\n"
|
|
" If --rules is specified simulate enabling of the specified rules and test\n"
|
|
" the login of the user using only these rules.\n"
|
|
"\n"
|
|
" If --enabled is specified, all enabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --disabled is specified, all disabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --nodetail is specified, do not return information about rules matched/"
|
|
"not matched.\n"
|
|
"\n"
|
|
" If both --rules and --enabled are specified, apply simulation to --rules "
|
|
"_and_\n"
|
|
" all IPA enabled rules.\n"
|
|
"\n"
|
|
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
|
|
" By default there is a IPA-wide limit to number of entries fetched, you can "
|
|
"change it\n"
|
|
" with --sizelimit option.\n"
|
|
"\n"
|
|
" If --srchost is specified, it will be ignored. It is left because of "
|
|
"compatibility reasons only.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Use all enabled HBAC rules in IPA database to simulate:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" notmatched: my-second-rule\n"
|
|
" notmatched: my-third-rule\n"
|
|
" notmatched: myrule\n"
|
|
" matched: allow_all\n"
|
|
"\n"
|
|
" 2. Disable detailed summary of how rules were applied:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
"\n"
|
|
" 3. Test explicitly specified HBAC rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-"
|
|
"second-rule,myrule\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" notmatched: my-second-rule\n"
|
|
" notmatched: myrule\n"
|
|
"\n"
|
|
" 4. Use all enabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-"
|
|
"second-rule,myrule --enabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" notmatched: my-second-rule\n"
|
|
" notmatched: my-third-rule\n"
|
|
" notmatched: myrule\n"
|
|
" matched: allow_all\n"
|
|
"\n"
|
|
" 5. Test all disabled HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" notmatched: new-rule\n"
|
|
"\n"
|
|
" 6. Test all disabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --rules=my-"
|
|
"second-rule,myrule --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" notmatched: my-second-rule\n"
|
|
" notmatched: my-third-rule\n"
|
|
" notmatched: myrule\n"
|
|
"\n"
|
|
" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --enabled "
|
|
"--disabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" notmatched: my-second-rule\n"
|
|
" notmatched: my-third-rule\n"
|
|
" notmatched: myrule\n"
|
|
" notmatched: new-rule\n"
|
|
" matched: allow_all\n"
|
|
msgstr ""
|
|
|
|
msgid "Source host"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Hosts/Machines\n"
|
|
"\n"
|
|
"A host represents a machine. It can be used in a number of contexts:\n"
|
|
"- service entries are associated with a host\n"
|
|
"- a host stores the host/ service principal\n"
|
|
"- a host can be used in Host-based Access Control (HBAC) rules\n"
|
|
"- every enrolled client generates a host entry\n"
|
|
"\n"
|
|
"ENROLLMENT:\n"
|
|
"\n"
|
|
"There are three enrollment scenarios when enrolling a new client:\n"
|
|
"\n"
|
|
"1. You are enrolling as a full administrator. The host entry may exist\n"
|
|
" or not. A full administrator is a member of the hostadmin role\n"
|
|
" or the admins group.\n"
|
|
"2. You are enrolling as a limited administrator. The host must already\n"
|
|
" exist. A limited administrator is a member a role with the\n"
|
|
" Host Enrollment privilege.\n"
|
|
"3. The host has been created with a one-time password.\n"
|
|
"\n"
|
|
"A host can only be enrolled once. If a client has enrolled and needs to\n"
|
|
"be re-enrolled, the host entry must be removed and re-created. Note that\n"
|
|
"re-creating the host entry will result in all services for the host being\n"
|
|
"removed, and all SSL certificates associated with those services being\n"
|
|
"revoked.\n"
|
|
"\n"
|
|
"A host can optionally store information such as where it is located,\n"
|
|
"the OS that it runs, etc.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new host:\n"
|
|
" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
|
|
"com\n"
|
|
"\n"
|
|
" Delete a host:\n"
|
|
" ipa host-del test.example.com\n"
|
|
"\n"
|
|
" Add a new host with a one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
|
|
"\n"
|
|
" Add a new host with a random one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --random test.example.com\n"
|
|
"\n"
|
|
" Modify information about a host:\n"
|
|
" ipa host-mod --os='Fedora 12' test.example.com\n"
|
|
"\n"
|
|
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
|
|
" ipa host-mod --sshpubkey= --updatedns test.example.com\n"
|
|
"\n"
|
|
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
|
|
" ipa host-disable test.example.com\n"
|
|
"\n"
|
|
" Add a host that can manage this host's keytab and certificate:\n"
|
|
" ipa host-add-managedby --hosts=test2 test\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of hosts.\n"
|
|
"\n"
|
|
"Manage groups of hosts. This is useful for applying access control to a\n"
|
|
"number of hosts by using Host-based Access Control.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
|
|
"\n"
|
|
" Add another new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
|
|
"\n"
|
|
" Add members to the hostgroup:\n"
|
|
" ipa hostgroup-add-member --hosts=box1,box2,box3 baltimore\n"
|
|
"\n"
|
|
" Add a hostgroup as a member of another hostgroup:\n"
|
|
" ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
|
|
"\n"
|
|
" Remove a host from the hostgroup:\n"
|
|
" ipa hostgroup-remove-member --hosts=box2 baltimore\n"
|
|
"\n"
|
|
" Display a host group:\n"
|
|
" ipa hostgroup-show baltimore\n"
|
|
"\n"
|
|
" Delete a hostgroup:\n"
|
|
" ipa hostgroup-del baltimore\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of objectclasses used to search for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of objectclasses used to search for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of objectclasses to be ignored for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "Comma-separated list of attributes to be ignored for user entries in DS"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of objectclasses to be ignored for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of attributes to be ignored for group entries in DS"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of groups to exclude from migration"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of users to exclude from migration"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Netgroups\n"
|
|
"\n"
|
|
"A netgroup is a group used for permission checking. It can contain both\n"
|
|
"user and host values.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new netgroup:\n"
|
|
" ipa netgroup-add --desc=\"NFS admins\" admins\n"
|
|
"\n"
|
|
" Add members to the netgroup:\n"
|
|
" ipa netgroup-add-member --users=tuser1,tuser2 admins\n"
|
|
"\n"
|
|
" Remove a member from the netgroup:\n"
|
|
" ipa netgroup-remove-member --users=tuser2 admins\n"
|
|
"\n"
|
|
" Display information about a netgroup:\n"
|
|
" ipa netgroup-show admins\n"
|
|
"\n"
|
|
" Delete a netgroup:\n"
|
|
" ipa netgroup-del admins\n"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of netgroups to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of netgroups to remove"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Permissions\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of rights. A permission is\n"
|
|
"a human-readable form of a 389-ds Access Control Rule, or instruction "
|
|
"(ACI).\n"
|
|
"A permission grants the right to perform a specific task such as adding a\n"
|
|
"user, modifying a group, etc.\n"
|
|
"\n"
|
|
"A permission may not contain other permissions.\n"
|
|
"\n"
|
|
"* A permission grants access to read, write, add or delete.\n"
|
|
"* A privilege combines similar permissions (for example all the permissions\n"
|
|
" needed to add a user).\n"
|
|
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
|
|
"\n"
|
|
"A permission is made up of a number of different parts:\n"
|
|
"\n"
|
|
"1. The name of the permission.\n"
|
|
"2. The target of the permission.\n"
|
|
"3. The rights granted by the permission.\n"
|
|
"\n"
|
|
"Rights define what operations are allowed, and may be one or more\n"
|
|
"of the following:\n"
|
|
"1. write - write one or more attributes\n"
|
|
"2. read - read one or more attributes\n"
|
|
"3. add - add a new entry to the tree\n"
|
|
"4. delete - delete an existing entry\n"
|
|
"5. all - all permissions are granted\n"
|
|
"\n"
|
|
"Read permission is granted for most attributes by default so the read\n"
|
|
"permission is not expected to be used very often.\n"
|
|
"\n"
|
|
"Note the distinction between attributes and entries. The permissions are\n"
|
|
"independent, so being able to add a user does not mean that the user will\n"
|
|
"be editable.\n"
|
|
"\n"
|
|
"There are a number of allowed targets:\n"
|
|
"1. type: a type of object (user, group, etc).\n"
|
|
"2. memberof: a member of a group or hostgroup\n"
|
|
"3. filter: an LDAP filter\n"
|
|
"4. subtree: an LDAP filter specifying part of the LDAP DIT. This is a\n"
|
|
" super-set of the \"type\" target.\n"
|
|
"5. targetgroup: grant access to modify a specific group (such as granting\n"
|
|
" the rights to manage group membership)\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a permission that grants the creation of users:\n"
|
|
" ipa permission-add --type=user --permissions=add \"Add Users\"\n"
|
|
"\n"
|
|
" Add a permission that grants the ability to manage group membership:\n"
|
|
" ipa permission-add --attrs=member --permissions=write --type=group "
|
|
"\"Manage Group Members\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Comma-separated list of permissions to grant (read, write, add, delete, all)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)"
|
|
msgstr ""
|
|
|
|
msgid "Target members of a group"
|
|
msgstr ""
|
|
|
|
msgid "User group to apply permissions to"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of privileges to add"
|
|
msgstr ""
|
|
|
|
msgid "Add a system permission without an ACI"
|
|
msgstr ""
|
|
|
|
msgid "Permission type"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of privileges to remove"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Ping the remote IPA server to ensure it is running.\n"
|
|
"\n"
|
|
"The ping command sends an echo request to an IPA server. The server\n"
|
|
"returns its version information. This is used by an IPA client\n"
|
|
"to confirm that the server is available and accepting requests.\n"
|
|
"\n"
|
|
"The server from xmlrpc_uri in /etc/ipa/default.conf is contacted first.\n"
|
|
"If it does not respond then the client will contact any servers defined\n"
|
|
"by ldap SRV records in DNS.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Ping an IPA server:\n"
|
|
" ipa ping\n"
|
|
" ------------------------------------------\n"
|
|
" IPA server version 2.1.9. API version 2.20\n"
|
|
" ------------------------------------------\n"
|
|
"\n"
|
|
" Ping an IPA server verbosely:\n"
|
|
" ipa -v ping\n"
|
|
" ipa: INFO: trying https://ipa.example.com/ipa/xml\n"
|
|
" ipa: INFO: Forwarding 'ping' to server u'https://ipa.example.com/ipa/"
|
|
"xml'\n"
|
|
" -----------------------------------------------------\n"
|
|
" IPA server version 2.1.9. API version 2.20\n"
|
|
" -----------------------------------------------------\n"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of roles to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of permissions"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of roles to remove"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of privileges"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Self-service Permissions\n"
|
|
"\n"
|
|
"A permission enables fine-grained delegation of permissions. Access Control\n"
|
|
"Rules, or instructions (ACIs), grant permission to permissions to perform\n"
|
|
"given tasks such as adding a user, modifying a group, etc.\n"
|
|
"\n"
|
|
"A Self-service permission defines what an object can change in its own "
|
|
"entry.\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a self-service rule to allow users to manage their address:\n"
|
|
" ipa selfservice-add --permissions=write --attrs=street,postalCode,l,c,st "
|
|
"\"Users manage their own address\"\n"
|
|
"\n"
|
|
" When managing the list of attributes you need to include all attributes\n"
|
|
" in the list, including existing ones. Add telephoneNumber to the list:\n"
|
|
" ipa selfservice-mod --attrs=street,postalCode,l,c,st,telephoneNumber "
|
|
"\"Users manage their own address\"\n"
|
|
"\n"
|
|
" Display our updated rule:\n"
|
|
" ipa selfservice-show \"Users manage their own address\"\n"
|
|
"\n"
|
|
" Delete a rule:\n"
|
|
" ipa selfservice-del \"Users manage their own address\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Services\n"
|
|
"\n"
|
|
"A IPA service represents a service that runs on a host. The IPA service\n"
|
|
"record can store a Kerberos principal, an SSL certificate, or both.\n"
|
|
"\n"
|
|
"An IPA service can be managed directly from a machine, provided that\n"
|
|
"machine has been given the correct permission. This is true even for\n"
|
|
"machines other than the one the service is associated with. For example,\n"
|
|
"requesting an SSL certificate using the host service principal credentials\n"
|
|
"of the host. To manage a service using host credentials you need to\n"
|
|
"kinit as the host:\n"
|
|
"\n"
|
|
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
|
|
"\n"
|
|
"Adding an IPA service allows the associated service to request an SSL\n"
|
|
"certificate or keytab, but this is performed as a separate step; they\n"
|
|
"are not produced as a result of adding the service.\n"
|
|
"\n"
|
|
"Only the public aspect of a certificate is stored in a service record;\n"
|
|
"the private key is not stored.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new IPA service:\n"
|
|
" ipa service-add HTTP/web.example.com\n"
|
|
"\n"
|
|
" Allow a host to manage an IPA service certificate:\n"
|
|
" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
|
|
" ipa role-add-member --hosts=web.example.com certadmin\n"
|
|
"\n"
|
|
" Override a default list of supported PAC types for the service:\n"
|
|
" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
|
|
"\n"
|
|
" Delete an IPA service:\n"
|
|
" ipa service-del HTTP/web.example.com\n"
|
|
"\n"
|
|
" Find all IPA services associated with a host:\n"
|
|
" ipa service-find web.example.com\n"
|
|
"\n"
|
|
" Find all HTTP services:\n"
|
|
" ipa service-find HTTP\n"
|
|
"\n"
|
|
" Disable the service Kerberos key and SSL certificate:\n"
|
|
" ipa service-disable HTTP/web.example.com\n"
|
|
"\n"
|
|
" Request a certificate for an IPA service:\n"
|
|
" ipa cert-request --principal=HTTP/web.example.com example.csr\n"
|
|
"\n"
|
|
" Generate and retrieve a keytab for an IPA service:\n"
|
|
" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
|
|
"httpd.keytab\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Override default list of supported PAC types. Use 'NONE' to disable PAC "
|
|
"support for this service"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of Sudo Commands\n"
|
|
"\n"
|
|
"Manage groups of Sudo Commands.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
|
|
"\n"
|
|
" Remove a Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-del admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less,/usr/bin/vim "
|
|
"admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa group-remove-member --sudocmds=/usr/bin/less admincmds\n"
|
|
"\n"
|
|
" Show a Sudo Command Group:\n"
|
|
" ipa group-show localadmins\n"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of sudo commands to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of sudo commands to remove"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo Rules\n"
|
|
"\n"
|
|
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
|
|
"give certain users (or groups of users) the ability to run some (or all)\n"
|
|
"commands as root or another user while providing an audit trail of the\n"
|
|
"commands and their arguments.\n"
|
|
"\n"
|
|
"FreeIPA provides a means to configure the various aspects of Sudo:\n"
|
|
" Users: The user(s)/group(s) allowed to invoke Sudo.\n"
|
|
" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
|
|
"Sudo.\n"
|
|
" Allow Command: The specific command(s) permitted to be run via Sudo.\n"
|
|
" Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
|
|
" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
|
|
"invoked with.\n"
|
|
" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
|
|
" Options: The various Sudoers Options that can modify Sudo's behavior.\n"
|
|
"\n"
|
|
"An order can be added to a sudorule to control the order in which they\n"
|
|
"are evaluated (if the client supports it). This order is an integer and\n"
|
|
"must be unique.\n"
|
|
"\n"
|
|
"FreeIPA provides a designated binddn to use with Sudo located at:\n"
|
|
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
|
|
"\n"
|
|
"To enable the binddn run the following command to set the password:\n"
|
|
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
|
|
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
|
|
"dc=com\n"
|
|
"\n"
|
|
"For more information, see the FreeIPA Documentation to Sudo.\n"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of sudo command groups to add"
|
|
msgstr ""
|
|
|
|
msgid "comma-separated list of sudo command groups to remove"
|
|
msgstr ""
|
|
|
|
msgid "Active directory domain administrator's password"
|
|
msgstr ""
|
|
|
|
msgid "GECOS field"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ID ranges\n"
|
|
"\n"
|
|
"Manage ID ranges used to map Posix IDs to SIDs and back.\n"
|
|
"\n"
|
|
"There are two type of ID ranges which are both handled by this utility:\n"
|
|
"\n"
|
|
" - the ID ranges of the local domain\n"
|
|
" - the ID ranges of trusted remote domains\n"
|
|
"\n"
|
|
"Both types have the following attributes in common:\n"
|
|
"\n"
|
|
" - base-id: the first ID of the Posix ID range\n"
|
|
" - range-size: the size of the range\n"
|
|
"\n"
|
|
"With those two attributes a range object can reserve the Posix IDs starting\n"
|
|
"with base-id up to but not including base-id+range-size exclusively.\n"
|
|
"\n"
|
|
"Additionally an ID range of the local domain may set\n"
|
|
" - rid-base: the first RID(*) of the corresponding RID range\n"
|
|
" - secondary-rid-base: first RID of the secondary RID range\n"
|
|
"\n"
|
|
"and an ID range of a trusted domain must set\n"
|
|
" - rid-base: the first RID of the corresponding RID range\n"
|
|
" - dom_sid: domain SID of the trusted domain\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for a trusted domain\n"
|
|
"\n"
|
|
"Since there might be more than one trusted domain the domain SID must be "
|
|
"given\n"
|
|
"while creating the ID range.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=0 --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
|
|
"\n"
|
|
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
|
|
"assign Posix UIDs to users from the trusted domain.\n"
|
|
"\n"
|
|
"If e.g. a range for a trusted domain is configured with the following "
|
|
"values:\n"
|
|
" base-id = 1200000\n"
|
|
" range-size = 200000\n"
|
|
" rid-base = 0\n"
|
|
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
|
|
"So\n"
|
|
"RID 1000 <-> Posix ID 1201000\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for the local domain\n"
|
|
"\n"
|
|
"To create an ID range for the local domain it is not necessary to specify a\n"
|
|
"domain SID. But since it is possible that a user and a group can have the "
|
|
"same\n"
|
|
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-"
|
|
"base=1000 --secondary-rid-base=1000000 local_range\n"
|
|
"\n"
|
|
"The data from the ID ranges of the local domain are used by the IPA server\n"
|
|
"internally to assign SIDs to IPA users and groups. The SID will then be "
|
|
"stored\n"
|
|
"in the user or group objects.\n"
|
|
"\n"
|
|
"If e.g. the ID range for the local domain is configured with the values "
|
|
"from\n"
|
|
"the example above then a new user with the UID 1200007 will get the RID "
|
|
"1007.\n"
|
|
"If this RID is already used by a group the RID will be 1000007. This can "
|
|
"only\n"
|
|
"happen if a user or a group object was created with a fixed ID because the\n"
|
|
"automatic assignment will not assign the same ID twice. Since there are "
|
|
"only\n"
|
|
"users and groups sharing the same ID namespace it is sufficient to have "
|
|
"only\n"
|
|
"one fallback range to handle conflicts.\n"
|
|
"\n"
|
|
"To find the Posix ID for a given RID from the local domain it has to be\n"
|
|
"checked first if the RID falls in the primary or secondary RID range and\n"
|
|
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
|
|
"and the base-id has to be added to get the Posix ID.\n"
|
|
"\n"
|
|
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
|
|
"must not be used at all. The ID range for the local domain will be created\n"
|
|
"during installation or upgrade from an older version. The ID range for a\n"
|
|
"trusted domain will be created together with the trust by 'ipa trust-"
|
|
"add ...'.\n"
|
|
"\n"
|
|
"USE CASES:\n"
|
|
"\n"
|
|
" Add an ID range from a transitively trusted domain\n"
|
|
"\n"
|
|
" If the trusted domain (A) trusts another domain (B) as well and this "
|
|
"trust\n"
|
|
" is transitive 'ipa trust-add domain-A' will only create a range for\n"
|
|
" domain A. The ID range for domain B must be added manually.\n"
|
|
"\n"
|
|
" Add an additional ID range for the local domain\n"
|
|
"\n"
|
|
" If the ID range of the local domain is exhausted, i.e. no new IDs can "
|
|
"be\n"
|
|
" assigned to Posix users or groups by the DNA plugin, a new range has to "
|
|
"be\n"
|
|
" created to allow new users and groups to be added. (Currently there is "
|
|
"no\n"
|
|
" connection between this range CLI and the DNA plugin, but a future "
|
|
"version\n"
|
|
" might be able to modify the configuration of the DNS plugin as well)\n"
|
|
"\n"
|
|
"In general it is not necessary to modify or delete ID ranges. If there is "
|
|
"no\n"
|
|
"other way to achieve a certain configuration than to modify or delete an ID\n"
|
|
"range it should be done with great care. Because UIDs are stored in the "
|
|
"file\n"
|
|
"system and are used for access control it might be possible that users are\n"
|
|
"allowed to access files of other users if an ID range got deleted and "
|
|
"reused\n"
|
|
"for a different domain.\n"
|
|
"\n"
|
|
"(*) The RID is typically the last integer of a user or group SID which "
|
|
"follows\n"
|
|
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
|
|
"from\n"
|
|
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
|
|
"the\n"
|
|
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Add new ID range.\n"
|
|
"\n"
|
|
" To add a new ID range you always have to specify\n"
|
|
"\n"
|
|
" --base-id\n"
|
|
" --range-size\n"
|
|
"\n"
|
|
" Additionally\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --secondary-rid-base\n"
|
|
"\n"
|
|
" may be given for a new ID range for the local domain while\n"
|
|
"\n"
|
|
" --rid-bas\n"
|
|
" --dom-sid\n"
|
|
"\n"
|
|
" must be given to add a new range for a trusted AD domain.\n"
|
|
"\n"
|
|
" WARNING:\n"
|
|
"\n"
|
|
" DNA plugin in 389-ds will allocate IDs based on the ranges configured "
|
|
"for the\n"
|
|
" local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
" on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
" Manual configuration change has to be done in the DNA plugin "
|
|
"configuration for\n"
|
|
" the new local range. Specifically, The dnaNextRange attribute of "
|
|
"'cn=Posix\n"
|
|
" IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
|
|
"to be\n"
|
|
" modified to match the new range.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Failed members"
|
|
msgstr ""
|
|
|
|
msgid "Failed source hosts/hostgroups"
|
|
msgstr ""
|
|
|
|
msgid "Failed hosts/hostgroups"
|
|
msgstr ""
|
|
|
|
msgid "Failed users/groups"
|
|
msgstr ""
|
|
|
|
msgid "Failed service/service groups"
|
|
msgstr ""
|
|
|
|
msgid "Failed to remove"
|
|
msgstr ""
|
|
|
|
msgid "Failed RunAs"
|
|
msgstr ""
|
|
|
|
msgid "Failed RunAsGroup"
|
|
msgstr ""
|
|
|
|
msgid "Failed profiles"
|
|
msgstr ""
|
|
|
|
msgid "Failed CAs"
|
|
msgstr ""
|
|
|
|
msgid "Failed member manager"
|
|
msgstr ""
|
|
|
|
msgid "Failed managedby"
|
|
msgstr ""
|
|
|
|
msgid "Failed allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
msgid "Failed allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Failed targets"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Routines for constructing certificate signing requests using IPA data and\n"
|
|
"stored templates.\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Required CSR generation rule %(name)s is missing data"
|
|
msgstr ""
|
|
|
|
msgid "Template error when formatting certificate data"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "No generation rule %(rulename)s found."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Generation rule \"%(rulename)s\" is missing the \"rule\" key"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "No CSR generation rules are defined for profile %(profile_id)s"
|
|
msgstr ""
|
|
|
|
msgid "any of the configured servers"
|
|
msgstr ""
|
|
|
|
msgid "Exceeded number of tries to forward a request."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d variables"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d plugin loaded"
|
|
msgid_plural "%(count)d plugins loaded"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "incorrect type"
|
|
msgstr ""
|
|
|
|
msgid "Only one value is allowed"
|
|
msgstr ""
|
|
|
|
msgid "this option is deprecated"
|
|
msgstr ""
|
|
|
|
msgid "must be True or False"
|
|
msgstr ""
|
|
|
|
msgid "must be an integer"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be at least %(minvalue)d"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "can be at most %(maxvalue)d"
|
|
msgstr ""
|
|
|
|
msgid "must be a decimal number"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be at least %(minvalue)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "can be at most %(maxvalue)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"number class '%(cls)s' is not included in a list of allowed number classes: "
|
|
"%(allowed)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must match pattern \"%(pattern)s\""
|
|
msgstr ""
|
|
|
|
msgid "must be binary data"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be at least %(minlength)d bytes"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "can be at most %(maxlength)d bytes"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be exactly %(length)d bytes"
|
|
msgstr ""
|
|
|
|
msgid "must be a certificate"
|
|
msgstr ""
|
|
|
|
msgid "must be a certificate signing request"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Failure decoding Certificate Signing Request: %s"
|
|
msgstr ""
|
|
|
|
msgid "must be Unicode text"
|
|
msgstr ""
|
|
|
|
msgid "Leading and trailing spaces are not allowed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be at least %(minlength)d characters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "can be at most %(maxlength)d characters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be exactly %(length)d characters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The character %(char)r is not allowed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be '%(value)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be one of %(values)s"
|
|
msgstr ""
|
|
|
|
msgid "must be datetime value"
|
|
msgstr ""
|
|
|
|
msgid "does not match any of accepted formats: "
|
|
msgstr ""
|
|
|
|
msgid "incomplete time value"
|
|
msgstr ""
|
|
|
|
msgid "must be DNS name"
|
|
msgstr ""
|
|
|
|
msgid "must be absolute"
|
|
msgstr ""
|
|
|
|
msgid "must be relative"
|
|
msgstr ""
|
|
|
|
msgid "must be dictionary"
|
|
msgstr ""
|
|
|
|
msgid "must be Kerberos principal"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Malformed principal: '%(value)s'"
|
|
msgstr ""
|
|
|
|
msgid "Service principal is required"
|
|
msgstr ""
|
|
|
|
msgid "A dictionary representing an LDAP entry"
|
|
msgstr ""
|
|
|
|
msgid "A list of LDAP entries"
|
|
msgstr ""
|
|
|
|
msgid "All commands should at least have a result"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enter %(label)s again to verify: "
|
|
msgstr "सत्यापित करण्यासाठी आपण पुन्हा %(label)s प्रविष्ट करा:"
|
|
|
|
msgid "Passwords do not match!"
|
|
msgstr "पासवर्ड जुळत नाही!"
|
|
|
|
msgid "No matching entries found"
|
|
msgstr "कोणतेही जुळणारे नोंदी आढळले"
|
|
|
|
msgid "Topic or Command"
|
|
msgstr "विषय किंवा आदेश"
|
|
|
|
msgid "The topic or command name."
|
|
msgstr "विषय किंवा आदेशाचे नाव"
|
|
|
|
msgid "Topic commands:"
|
|
msgstr "विषय आदेश:"
|
|
|
|
msgid "To get command help, use:"
|
|
msgstr "आदेशा संबधित मिळवण्यासाठी, वापरा:"
|
|
|
|
msgid " ipa <command> --help"
|
|
msgstr " ipa <command> --help"
|
|
|
|
msgid "Command name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Positional arguments"
|
|
msgstr "positional वितर्क"
|
|
|
|
#, python-format
|
|
msgid "Same as --%s"
|
|
msgstr "--%s सारखा"
|
|
|
|
msgid "Deprecated options"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "No file to read"
|
|
msgstr "कोणतीही फाइल वाचण्यासाठी नाही "
|
|
|
|
#, python-format
|
|
msgid "%(cver)s client incompatible with %(sver)s server at '%(server)s'"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "error on server '%(server)s': %(error)s"
|
|
msgid "unknown error %(code)d from %(server)s: %(error)s"
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
msgid "an internal error has occurred"
|
|
msgstr "एक अंतर्गत त्रुटी आली आहे"
|
|
|
|
#, python-format
|
|
msgid "an internal error has occurred on server at '%(server)s'"
|
|
msgstr "एक अंतर्गत त्रुटी '%(server)s' वरील सर्व्हर वर आली आहे "
|
|
|
|
#, python-format
|
|
msgid "unknown command '%(name)s'"
|
|
msgstr "अनोळखी आदेश '%(name)s'"
|
|
|
|
#, python-format
|
|
msgid "error on server '%(server)s': %(error)s"
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
#, python-format
|
|
msgid "cannot connect to '%(uri)s': %(error)s"
|
|
msgstr "'%(uri)s' ला जोडणी अपयशी : %(error)s"
|
|
|
|
#, python-format
|
|
msgid "Invalid JSON-RPC request: %(error)s"
|
|
msgstr "अवैध JSON-RPC विनंती : %(error)s"
|
|
|
|
#, python-format
|
|
msgid "error marshalling data for XML-RPC transport: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Missing or invalid HTTP Referer, %(referer)s"
|
|
msgstr "न आढळलेले किंवा अवैध HTTP Referer, %(referer)s"
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"System encoding must be UTF-8, '%(encoding)s' is not supported. Set LC_ALL="
|
|
"\"C.UTF-8\", or LC_ALL=\"\" and LC_CTYPE=\"C.UTF-8\"."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Kerberos error: %(major)s/%(minor)s"
|
|
msgstr "Kerberos त्रुटी: %(major)s/%(minor)s"
|
|
|
|
msgid "did not receive Kerberos credentials"
|
|
msgstr "Kerberos credentials प्राप्त झाले नाहीत"
|
|
|
|
#, python-format
|
|
msgid "Service '%(service)s' not found in Kerberos database"
|
|
msgstr "सेवा '%(service)s' Kerberos माहितीकोष आढली नाही"
|
|
|
|
msgid "No credentials cache found"
|
|
msgstr ""
|
|
|
|
msgid "Ticket expired"
|
|
msgstr ""
|
|
|
|
msgid "Credentials cache permissions incorrect"
|
|
msgstr ""
|
|
|
|
msgid "Bad format in credentials cache"
|
|
msgstr ""
|
|
|
|
msgid "Cannot resolve KDC for requested realm"
|
|
msgstr ""
|
|
|
|
msgid "Session error"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Principal %(principal)s cannot be authenticated: %(message)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Insufficient access: %(info)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "command '%(name)s' takes no arguments"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "command '%(name)s' takes at most %(count)d argument"
|
|
msgid_plural "command '%(name)s' takes at most %(count)d arguments"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "overlapping arguments and options: %(names)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(name)s' is required"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "Invalid JSON-RPC request: %(error)s"
|
|
msgid "invalid '%(name)s': %(error)s"
|
|
msgstr "अवैध JSON-RPC विनंती : %(error)s"
|
|
|
|
#, python-format
|
|
msgid "api has no such namespace: '%(name)s'"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Passwords do not match!"
|
|
msgid "Passwords do not match"
|
|
msgstr "पासवर्ड जुळत नाही!"
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Command not implemented"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Client is not configured. Run ipa-client-install."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Could not get %(name)s interactively"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Command '%(name)s' has been deprecated"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Domain '%(domain)s' is not a root domain for forest '%(forest)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(reason)s"
|
|
msgstr ""
|
|
|
|
msgid "This entry already exists"
|
|
msgstr ""
|
|
|
|
msgid "You must enroll a host in order to create a host service"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Service principal is not of the form: service/fully-qualified host name: "
|
|
"%(reason)s"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The realm for the principal does not match the realm for this IPA server"
|
|
msgstr ""
|
|
|
|
msgid "This command requires root access"
|
|
msgstr ""
|
|
|
|
msgid "This is already a posix group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Principal is not of the form user@REALM: '%(principal)s'"
|
|
msgstr ""
|
|
|
|
msgid "This entry is already enabled"
|
|
msgstr ""
|
|
|
|
msgid "This entry is already disabled"
|
|
msgstr ""
|
|
|
|
msgid "This entry cannot be enabled or disabled"
|
|
msgstr ""
|
|
|
|
msgid "This entry is not a member"
|
|
msgstr ""
|
|
|
|
msgid "A group may not be a member of itself"
|
|
msgstr ""
|
|
|
|
msgid "This entry is already a member"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Base64 decoding failed: %(reason)s"
|
|
msgstr ""
|
|
|
|
msgid "A group may not be added as a member of itself"
|
|
msgstr ""
|
|
|
|
msgid "The default users group cannot be removed"
|
|
msgstr ""
|
|
|
|
msgid "Deleting a managed group is not allowed. It must be detached first."
|
|
msgstr ""
|
|
|
|
msgid "A managed group cannot have a password policy."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(entry)s' doesn't have a certificate."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Unable to create private group. A group '%(group)s' already exists."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"A problem was encountered when verifying that all members were %(verb)s: "
|
|
"%(exc)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(attr)s does not contain '%(value)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The search criteria was not specific enough. Expected 1 and found %(found)d."
|
|
msgstr ""
|
|
|
|
msgid "This group already allows external members"
|
|
msgstr ""
|
|
|
|
msgid "This group cannot be posix because it is external"
|
|
msgstr ""
|
|
|
|
msgid "This is already a posix group and cannot be converted to external one"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Server removal aborted: %(reason)s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(operation)s is not supported for %(principal_type)s principals"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Request failed with status %(status)s: %(reason)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Mapping ruleset \"%(ruleset)s\" has more than one rule for the %(helper)s "
|
|
"helper"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(attr)s' already contains one or more values"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "no command nor help topic '%(topic)s'"
|
|
msgstr ""
|
|
|
|
msgid "change collided with another change"
|
|
msgstr ""
|
|
|
|
msgid "no modifications to be performed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(desc)s: %(info)s"
|
|
msgstr ""
|
|
|
|
msgid "limits exceeded for this query"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(info)s"
|
|
msgstr ""
|
|
|
|
msgid "modifying primary key is not allowed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(attr)s: Only one value allowed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(attr)s: Invalid syntax."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Bad search filter %(info)s"
|
|
msgstr ""
|
|
|
|
msgid "Not allowed on non-leaf entry"
|
|
msgstr ""
|
|
|
|
msgid "LDAP timeout"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(task)s LDAP task timeout, Task DN: '%(task_dn)s'"
|
|
msgstr ""
|
|
|
|
msgid "Configured time limit exceeded"
|
|
msgstr ""
|
|
|
|
msgid "Configured size limit exceeded"
|
|
msgstr ""
|
|
|
|
msgid "Configured administrative server limit exceeded"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Certificate operation cannot be completed: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Certificate format error: %(error)s"
|
|
msgstr ""
|
|
|
|
msgid "Already registered"
|
|
msgstr ""
|
|
|
|
msgid "Not registered yet"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(key)s cannot be deleted because %(label)s %(dependent)s requires it"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"%(key)s cannot be deleted or disabled because it is the last member of "
|
|
"%(label)s %(container)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(label)s %(key)s cannot be deleted/modified: %(reason)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(name)s certificate is not valid"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Schema is up to date (FP '%(fingerprint)s', TTL %(ttl)s s)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Host '%(hostname)s' does not have corresponding DNS A/AAAA record"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "DNS check failed: Expected {%(expected)s} got {%(got)s}"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(exception)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Forest '%(forest)s' has existing trust to forest(s) %(domains)s which "
|
|
"prevents a trust to '%(conflict)s'"
|
|
msgstr ""
|
|
|
|
msgid "Results are truncated, try a more specific search"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Unknown option: %(option)s"
|
|
msgstr ""
|
|
|
|
msgid "Client version. Used to determine if server will accept request."
|
|
msgstr ""
|
|
|
|
msgid "Additional instructions:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"API Version number was not sent, forward compatibility not guaranteed. "
|
|
"Assuming server's API version, %(server_version)s"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"DNS forwarder semantics changed since IPA 4.0.\n"
|
|
"You may want to use forward zones (dnsforwardzone-*) instead.\n"
|
|
"For more details read the docs."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNSSEC support is experimental.\n"
|
|
"%(additional_info)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(option)s' option is deprecated. %(additional_info)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Semantic of %(label)s was changed. %(current_behavior)s\n"
|
|
"%(hint)s"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "error on server '%(server)s': %(error)s"
|
|
msgid "DNS server %(server)s: %(error)s."
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNS server %(server)s does not support DNSSEC: %(error)s.\n"
|
|
"If DNSSEC validation is enabled on IPA server(s), please disable it."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"forward zone \"%(fwzone)s\" is not effective because of missing proper NS "
|
|
"delegation in authoritative zone \"%(authzone)s\". Please add NS record "
|
|
"\"%(ns_rec)s\" to parent zone \"%(authzone)s\"."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNS server %(server)s does not support EDNS0 (RFC 6891): %(error)s.\n"
|
|
"If DNSSEC validation is enabled on IPA server(s), please disable it."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNSSEC validation failed: %(error)s.\n"
|
|
"Please verify your DNSSEC configuration or disable DNSSEC validation on all "
|
|
"IPA servers."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The _kerberos TXT record from domain %(domain)s could not be created "
|
|
"(%(error)s).\n"
|
|
"This can happen if the zone is not managed by IPA. Please create the record "
|
|
"manually, containing the following value: '%(realm)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The _kerberos TXT record from domain %(domain)s could not be removed "
|
|
"(%(error)s).\n"
|
|
"This can happen if the zone is not managed by IPA. Please remove the record "
|
|
"manually."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"No DNSSEC key master is installed. DNSSEC zone signing will not work until "
|
|
"the DNSSEC key master is installed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Relative record name '%(record)s' contains the zone name '%(zone)s' as a "
|
|
"suffix, which results in FQDN '%(fqdn)s'. This is usually a mistake caused "
|
|
"by a missing dot at the end of the name specification."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(command)s' is deprecated. %(additional_info)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(line)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Search result has been truncated: %(reason)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Your trust to %(domain)s is broken. Please re-create it by running 'ipa "
|
|
"trust-add' again."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "DNS record(s) of host %(host)s could not be removed. (%(reason)s)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Forwarding policy conflicts with some automatic empty zones. Queries for "
|
|
"zones specified by RFC 6303 will ignore forwarding and recursion and always "
|
|
"result in NXDOMAIN answers. To override this behavior use forward policy "
|
|
"'only'."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Update of system record '%(record)s' failed with error: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"IPA does not manage the zone %(zone)s, please add records to your DNS server "
|
|
"manually"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Automatic update of DNS system records failed. Please re-run update of "
|
|
"system records manually to get list of missing records."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Service %(service)s requires restart on IPA server %(server)s to apply "
|
|
"configuration changes."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"No DNS servers in IPA location %(location)s. Without DNS servers location is "
|
|
"not working as expected."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(subject)s: Malformed certificate. %(reason)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The host was added but the DNS update failed with: %(reason)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The certificate for %(ca)s is not available on this server."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(filename)s: file not found"
|
|
msgstr ""
|
|
|
|
msgid "Filename is empty"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Permission denied: %(file)s"
|
|
msgstr ""
|
|
|
|
msgid "empty DNS label"
|
|
msgstr ""
|
|
|
|
msgid "DNS label cannot be longer that 63 characters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"only letters, numbers, %(chars)s are allowed. DNS label may not start or end "
|
|
"with %(chars2)s"
|
|
msgstr ""
|
|
|
|
msgid "single label {}s are not supported"
|
|
msgstr ""
|
|
|
|
msgid "too many '@' characters"
|
|
msgstr ""
|
|
|
|
msgid "cannot be longer that {} characters"
|
|
msgstr ""
|
|
|
|
msgid "hostname contains empty label (consecutive dots)"
|
|
msgstr ""
|
|
|
|
msgid "not fully qualified"
|
|
msgstr ""
|
|
|
|
msgid "invalid SSH public key"
|
|
msgstr ""
|
|
|
|
msgid "options are not allowed"
|
|
msgstr ""
|
|
|
|
msgid "invalid hostmask"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "error on server '%(server)s': %(error)s"
|
|
msgid "query '%(owner)s %(rtype)s': %(error)s"
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
#, python-format
|
|
msgid "query '%(owner)s %(rtype)s' with EDNS0: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"answer to query '%(owner)s %(rtype)s' is missing DNSSEC signatures (no RRSIG "
|
|
"data)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "record '%(owner)s %(rtype)s' failed DNSSEC validation on server %(ip)s"
|
|
msgstr ""
|
|
|
|
msgid "invalid escape code in domain name"
|
|
msgstr ""
|
|
|
|
msgid "domain name cannot be longer than 255 characters"
|
|
msgstr ""
|
|
|
|
msgid "DNS label cannot be longer than 63 characters"
|
|
msgstr ""
|
|
|
|
msgid "invalid domain name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "domain name '%(domain)s' should be normalized to: %(normalized)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "invalid domain-name: %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!"
|
|
msgstr ""
|
|
|
|
msgid "invalid IP address format"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(port)s is not a valid port"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"at least one value equal to the canonical principal name must be present"
|
|
msgstr ""
|
|
|
|
msgid "realm or UPN suffix overlaps with trusted domain namespace"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Retrieving CA cert chain failed: %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "request failed with HTTP status %d"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Retrieving CA status failed: %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Retrieving CA status failed with status %d"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "objectclass %s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Unable to communicate with CMS (status %d)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Replication agreement for %(hostname)s not found"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo Rules\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
|
|
"give certain users (or groups of users) the ability to run some (or all)\n"
|
|
"commands as root or another user while providing an audit trail of the\n"
|
|
"commands and their arguments.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"FreeIPA provides a means to configure the various aspects of Sudo:\n"
|
|
" Users: The user(s)/group(s) allowed to invoke Sudo.\n"
|
|
" Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
|
|
"Sudo.\n"
|
|
" Allow Command: The specific command(s) permitted to be run via Sudo.\n"
|
|
" Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
|
|
" RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
|
|
"invoked with.\n"
|
|
" RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
|
|
" Options: The various Sudoers Options that can modify Sudo's behavior.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"An order can be added to a sudorule to control the order in which they\n"
|
|
"are evaluated (if the client supports it). This order is an integer and\n"
|
|
"must be unique.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"FreeIPA provides a designated binddn to use with Sudo located at:\n"
|
|
"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"To enable the binddn run the following command to set the password:\n"
|
|
"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
|
|
"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
|
|
"dc=com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Create a new rule:\n"
|
|
" ipa sudorule-add readfiles\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add sudo command object and add it as allowed command in the rule:\n"
|
|
" ipa sudocmd-add /usr/bin/less\n"
|
|
" ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a host to the rule:\n"
|
|
" ipa sudorule-add-host readfiles --hosts server.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a user to the rule:\n"
|
|
" ipa sudorule-add-user readfiles --users jsmith\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a special Sudo rule for default Sudo server configuration:\n"
|
|
" ipa sudorule-add defaults\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Set a default Sudo option:\n"
|
|
" ipa sudorule-add-option defaults --sudooption '!authenticate'\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Set SELinux type and role transitions on a rule:\n"
|
|
" ipa sudorule-add-option sysadmin_sudo --sudooption type=unconfined_t\n"
|
|
" ipa sudorule-add-option sysadmin_sudo --sudooption role=unconfined_r\n"
|
|
msgstr ""
|
|
|
|
msgid "this option has been deprecated."
|
|
msgstr ""
|
|
|
|
msgid "sudo rules"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Rules"
|
|
msgstr ""
|
|
|
|
msgid "Sudo Rule"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "order must be a unique value (%(order)d already used by %(rule)s)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added Sudo Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted Sudo Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified Sudo Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"%(type)s category cannot be set to 'all' while there are allowed %(objects)s"
|
|
msgstr ""
|
|
|
|
msgid "users"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic commands:"
|
|
msgid "command"
|
|
msgstr "विषय आदेश:"
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic commands:"
|
|
msgid "commands"
|
|
msgstr "विषय आदेश:"
|
|
|
|
msgid "runAs user"
|
|
msgstr ""
|
|
|
|
msgid "runAs users"
|
|
msgstr ""
|
|
|
|
msgid "group runAs"
|
|
msgstr ""
|
|
|
|
msgid "runAs groups"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d Sudo Rule matched"
|
|
msgid_plural "%(count)d Sudo Rules matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "commands cannot be added when command category='all'"
|
|
msgstr ""
|
|
|
|
msgid "users cannot be added when user category='all'"
|
|
msgstr ""
|
|
|
|
msgid "hosts cannot be added when host category='all'"
|
|
msgstr ""
|
|
|
|
msgid "users cannot be added when runAs user or runAs group category='all'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "RunAsUser does not accept '%(name)s' as a user name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "RunAsUser does not accept '%(name)s' as a group name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "RunAsGroup does not accept '%(name)s' as a group name"
|
|
msgstr ""
|
|
|
|
msgid "automount location"
|
|
msgstr ""
|
|
|
|
msgid "automount locations"
|
|
msgstr ""
|
|
|
|
msgid "Automount Locations"
|
|
msgstr ""
|
|
|
|
msgid "Automount Location"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added automount location \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted automount location \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d automount location matched"
|
|
msgid_plural "%(count)d automount locations matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "automount map"
|
|
msgstr ""
|
|
|
|
msgid "automount maps"
|
|
msgstr ""
|
|
|
|
msgid "Automount Maps"
|
|
msgstr ""
|
|
|
|
msgid "Automount Map"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added automount map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted automount map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified automount map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d automount map matched"
|
|
msgid_plural "%(count)d automount maps matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Automount key object."
|
|
msgstr ""
|
|
|
|
msgid "automount key"
|
|
msgstr ""
|
|
|
|
msgid "automount keys"
|
|
msgstr ""
|
|
|
|
msgid "Automount Keys"
|
|
msgstr ""
|
|
|
|
msgid "Automount Key"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The key,info pair must be unique. A key named %(key)s with info %(info)s "
|
|
"already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "key named %(key)s already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The automount key %(key)s with info %(info)s does not exist"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"More than one entry with key %(key)s found, use --info to select specific "
|
|
"entry."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added automount key \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added automount indirect map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "mount point is relative to parent map, cannot begin with /"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted automount key \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified automount key \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d automount key matched"
|
|
msgid_plural "%(count)d automount keys matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Hosts/Machines\n"
|
|
"\n"
|
|
"A host represents a machine. It can be used in a number of contexts:\n"
|
|
"- service entries are associated with a host\n"
|
|
"- a host stores the host/ service principal\n"
|
|
"- a host can be used in Host-based Access Control (HBAC) rules\n"
|
|
"- every enrolled client generates a host entry\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ENROLLMENT:\n"
|
|
"\n"
|
|
"There are three enrollment scenarios when enrolling a new client:\n"
|
|
"\n"
|
|
"1. You are enrolling as a full administrator. The host entry may exist\n"
|
|
" or not. A full administrator is a member of the hostadmin role\n"
|
|
" or the admins group.\n"
|
|
"2. You are enrolling as a limited administrator. The host must already\n"
|
|
" exist. A limited administrator is a member a role with the\n"
|
|
" Host Enrollment privilege.\n"
|
|
"3. The host has been created with a one-time password.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"RE-ENROLLMENT:\n"
|
|
"\n"
|
|
"Host that has been enrolled at some point, and lost its configuration (e.g. "
|
|
"VM\n"
|
|
"destroyed) can be re-enrolled.\n"
|
|
"\n"
|
|
"For more information, consult the manual pages for ipa-client-install.\n"
|
|
"\n"
|
|
"A host can optionally store information such as where it is located,\n"
|
|
"the OS that it runs, etc.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new host:\n"
|
|
" ipa host-add --location=\"3rd floor lab\" --locality=Dallas test.example."
|
|
"com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a host:\n"
|
|
" ipa host-del test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new host with a one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --password=Secret123 test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new host with a random one-time password:\n"
|
|
" ipa host-add --os='Fedora 12' --random test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify information about a host:\n"
|
|
" ipa host-mod --os='Fedora 12' test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove SSH public keys of a host and update DNS to reflect this change:\n"
|
|
" ipa host-mod --sshpubkey= --updatedns test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Disable the host Kerberos key, SSL certificate and all of its services:\n"
|
|
" ipa host-disable test.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a host that can manage this host's keytab and certificate:\n"
|
|
" ipa host-add-managedby --hosts=test2 test\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Allow user to create a keytab:\n"
|
|
" ipa host-allow-create-keytab test2 --users=tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid "Host"
|
|
msgstr ""
|
|
|
|
msgid "Base-64 encoded host certificate"
|
|
msgstr ""
|
|
|
|
msgid "Subject"
|
|
msgstr ""
|
|
|
|
msgid "Serial Number"
|
|
msgstr ""
|
|
|
|
msgid "Serial Number (hex)"
|
|
msgstr ""
|
|
|
|
msgid "Issuer"
|
|
msgstr ""
|
|
|
|
msgid "Not Before"
|
|
msgstr ""
|
|
|
|
msgid "Not After"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprint (SHA1)"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprint (SHA256)"
|
|
msgstr ""
|
|
|
|
msgid "Revocation reason"
|
|
msgstr ""
|
|
|
|
msgid "Principal alias"
|
|
msgstr ""
|
|
|
|
msgid "SSH public key fingerprint"
|
|
msgstr ""
|
|
|
|
msgid "Authentication Indicators"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-"
|
|
"based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA "
|
|
"authentications. Use 'pkinit' to allow PKINIT-based 2FA authentications. Use "
|
|
"'hardened' to allow brute-force hardened password authentication by SPAKE or "
|
|
"FAST. With no indicator specified, all authentication mechanisms are allowed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "can be at most %(len)d characters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove A, AAAA, SSHFP and PTR records of the host(s) managed by IPA DNS"
|
|
msgstr ""
|
|
|
|
msgid "No A, AAAA, SSHFP or PTR records found."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Password cannot be set on enrolled host."
|
|
msgstr ""
|
|
|
|
msgid "cn is immutable"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d host matched"
|
|
msgid_plural "%(count)d hosts matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Disabled host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificates to host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificates from host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Add new principal alias to host entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added new aliases to host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove principal alias from a host entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed aliases from host \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage CA ACL rules.\n"
|
|
"\n"
|
|
"This plugin is used to define rules governing which CAs and profiles\n"
|
|
"may be used to issue certificates to particular principals or groups\n"
|
|
"of principals.\n"
|
|
"\n"
|
|
"SUBJECT PRINCIPAL SCOPE:\n"
|
|
"\n"
|
|
"For a certificate request to be allowed, the principal(s) that are\n"
|
|
"the subject of a certificate request (not necessarily the principal\n"
|
|
"actually requesting the certificate) must be included in the scope\n"
|
|
"of a CA ACL that also includes the target CA and profile.\n"
|
|
"\n"
|
|
"Users can be included by name, group or the \"all users\" category.\n"
|
|
"Hosts can be included by name, hostgroup or the \"all hosts\"\n"
|
|
"category. Services can be included by service name or the \"all\n"
|
|
"services\" category. CA ACLs may be associated with a single type of\n"
|
|
"principal, or multiple types.\n"
|
|
"\n"
|
|
"CERTIFICATE AUTHORITY SCOPE:\n"
|
|
"\n"
|
|
"A CA ACL can be associated with one or more CAs by name, or by the\n"
|
|
"\"all CAs\" category. For compatibility reasons, a CA ACL with no CA\n"
|
|
"association implies an association with the 'ipa' CA (and only this\n"
|
|
"CA).\n"
|
|
"\n"
|
|
"PROFILE SCOPE:\n"
|
|
"\n"
|
|
"A CA ACL can be associated with one or more profiles by Profile ID.\n"
|
|
"The Profile ID is a string without spaces or punctuation starting\n"
|
|
"with a letter and followed by a sequence of letters, digits or\n"
|
|
"underscore (\"_\").\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a CA ACL \"test\" that grants all users access to the\n"
|
|
" \"UserCert\" profile on all CAs:\n"
|
|
" ipa caacl-add test --usercat=all --cacat=all\n"
|
|
" ipa caacl-add-profile test --certprofiles UserCert\n"
|
|
"\n"
|
|
" Display the properties of a named CA ACL:\n"
|
|
" ipa caacl-show test\n"
|
|
"\n"
|
|
" Create a CA ACL to let user \"alice\" use the \"DNP3\" profile on \"DNP3-CA"
|
|
"\":\n"
|
|
" ipa caacl-add alice_dnp3\n"
|
|
" ipa caacl-add-ca alice_dnp3 --cas DNP3-CA\n"
|
|
" ipa caacl-add-profile alice_dnp3 --certprofiles DNP3\n"
|
|
" ipa caacl-add-user alice_dnp3 --user=alice\n"
|
|
"\n"
|
|
" Disable a CA ACL:\n"
|
|
" ipa caacl-disable test\n"
|
|
"\n"
|
|
" Remove a CA ACL:\n"
|
|
" ipa caacl-del test\n"
|
|
msgstr ""
|
|
|
|
msgid "CA ACL"
|
|
msgstr ""
|
|
|
|
msgid "CA ACLs"
|
|
msgstr ""
|
|
|
|
msgid "CA category"
|
|
msgstr ""
|
|
|
|
msgid "CA category the ACL applies to"
|
|
msgstr ""
|
|
|
|
msgid "CAs"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added CA ACL \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted CA ACL \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "default CA ACL can be only disabled"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified CA ACL \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "CA category cannot be set to 'all' while there are allowed CAs"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"profile category cannot be set to 'all' while there are allowed profiles"
|
|
msgstr ""
|
|
|
|
msgid "user category cannot be set to 'all' while there are allowed users"
|
|
msgstr ""
|
|
|
|
msgid "host category cannot be set to 'all' while there are allowed hosts"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"service category cannot be set to 'all' while there are allowed services"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d CA ACL matched"
|
|
msgid_plural "%(count)d CA ACLs matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Enabled CA ACL \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled CA ACL \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i user or group added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i users or groups added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i user or group removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i users or groups removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i host or hostgroup added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i hosts or hostgroups added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i host or hostgroup removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i hosts or hostgroups removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i service added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i services added."
|
|
msgstr ""
|
|
|
|
msgid "services cannot be added when service category='all'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i service removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i services removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i profile added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i profiles added."
|
|
msgstr ""
|
|
|
|
msgid "profiles cannot be added when profile category='all'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i profile removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i profiles removed."
|
|
msgstr ""
|
|
|
|
msgid "Add CAs to a CA ACL."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i CA added."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i CAs added."
|
|
msgstr ""
|
|
|
|
msgid "CAs cannot be added when CA category='all'"
|
|
msgstr ""
|
|
|
|
msgid "Remove CAs from a CA ACL."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i CA removed."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%i CAs removed."
|
|
msgstr ""
|
|
|
|
msgid "The deny type has been deprecated."
|
|
msgstr ""
|
|
|
|
msgid "HBAC rules"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Rules"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Services"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Service Groups"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added HBAC rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted HBAC rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified HBAC rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d HBAC rule matched"
|
|
msgid_plural "%(count)d HBAC rules matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Enabled HBAC rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled HBAC rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Access time"
|
|
msgstr ""
|
|
|
|
msgid "Add source hosts and hostgroups to an HBAC rule."
|
|
msgstr ""
|
|
|
|
msgid "operation not defined"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "not allowed to perform operation: %s"
|
|
msgstr ""
|
|
|
|
msgid "No such virtual command"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"DNS server configuration\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manipulate DNS server configuration\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show configuration of a specific DNS server:\n"
|
|
" ipa dnsserver-show\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Update configuration of a specific DNS server:\n"
|
|
" ipa dnsserver-mod\n"
|
|
msgstr ""
|
|
|
|
msgid "DNS server"
|
|
msgstr ""
|
|
|
|
msgid "DNS servers"
|
|
msgstr ""
|
|
|
|
msgid "DNS Servers"
|
|
msgstr ""
|
|
|
|
msgid "DNS Server"
|
|
msgstr ""
|
|
|
|
msgid "DNS Server name"
|
|
msgstr ""
|
|
|
|
msgid "SOA mname override"
|
|
msgstr ""
|
|
|
|
msgid "SOA mname (authoritative server) override"
|
|
msgstr ""
|
|
|
|
msgid "Forwarders"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Per-server forwarders. A custom port can be specified for each forwarder "
|
|
"using a standard format \"IP_ADDRESS port PORT\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Per-server conditional forwarding policy. Set to \"none\" to disable "
|
|
"forwarding to global forwarder for this zone. In that case, conditional zone "
|
|
"forwarders are disregarded."
|
|
msgstr ""
|
|
|
|
msgid "DNS is not configured"
|
|
msgstr ""
|
|
|
|
msgid "Modify DNS server configuration"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified DNS server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Search for DNS servers."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d DNS server matched"
|
|
msgid_plural "%(count)d DNS servers matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "IPA DNS Server is not installed"
|
|
msgstr ""
|
|
|
|
msgid "Display configuration of a DNS server."
|
|
msgstr ""
|
|
|
|
msgid "Add a new DNS server."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added new DNS server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Delete a DNS server"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted DNS server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Host-based access control commands"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"HBAC Services\n"
|
|
"\n"
|
|
"The PAM services that HBAC can control access to. The name used here\n"
|
|
"must match the service name that PAM is evaluating.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new HBAC service:\n"
|
|
" ipa hbacsvc-add tftp\n"
|
|
"\n"
|
|
" Modify an existing HBAC service:\n"
|
|
" ipa hbacsvc-mod --desc=\"TFTP service\" tftp\n"
|
|
"\n"
|
|
" Search for HBAC services. This example will return two results, the FTP\n"
|
|
" service and the newly-added tftp service:\n"
|
|
" ipa hbacsvc-find ftp\n"
|
|
"\n"
|
|
" Delete an HBAC service:\n"
|
|
" ipa hbacsvc-del tftp\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "HBAC services"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Service"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added HBAC service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted HBAC service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified HBAC service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d HBAC service matched"
|
|
msgid_plural "%(count)d HBAC services matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "HBAC service group"
|
|
msgstr ""
|
|
|
|
msgid "HBAC service groups"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Service Group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added HBAC service group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted HBAC service group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified HBAC service group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d HBAC service group matched"
|
|
msgid_plural "%(count)d HBAC service groups matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"cannot add permission \"%(perm)s\" with bindtype \"%(bindtype)s\" to a "
|
|
"privilege"
|
|
msgstr ""
|
|
|
|
msgid "Privilege"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added privilege \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted privilege \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified privilege \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d privilege matched"
|
|
msgid_plural "%(count)d privileges matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Class of Service object used for linking policies with groups"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "priority must be a unique value (%(prio)d already used by %(gname)s)"
|
|
msgstr ""
|
|
|
|
msgid "Add Class of Service entry"
|
|
msgstr ""
|
|
|
|
msgid "Delete Class of Service entry"
|
|
msgstr ""
|
|
|
|
msgid "Modify Class of Service entry"
|
|
msgstr ""
|
|
|
|
msgid "Display Class of Service entry"
|
|
msgstr ""
|
|
|
|
msgid "Search for Class of Service entry"
|
|
msgstr ""
|
|
|
|
msgid "password policy"
|
|
msgstr ""
|
|
|
|
msgid "password policies"
|
|
msgstr ""
|
|
|
|
msgid "Password Policies"
|
|
msgstr ""
|
|
|
|
msgid "Password Policy"
|
|
msgstr ""
|
|
|
|
msgid "Maximum password life must be greater than minimum."
|
|
msgstr ""
|
|
|
|
msgid "cannot delete global password policy"
|
|
msgstr ""
|
|
|
|
msgid "priority cannot be set on global policy"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Realm domains\n"
|
|
"\n"
|
|
"Manage the list of domains associated with IPA realm.\n"
|
|
"\n"
|
|
"This list is useful for Domain Controllers from other realms which have\n"
|
|
"established trust with this IPA realm. They need the information to know\n"
|
|
"which request should be forwarded to KDC of this IPA realm.\n"
|
|
"\n"
|
|
"Automatic management: a domain is automatically added to the realm domains\n"
|
|
"list when a new DNS Zone managed by IPA is created. Same applies for "
|
|
"deletion.\n"
|
|
"\n"
|
|
"Externally managed DNS: domains which are not managed in IPA server DNS\n"
|
|
"need to be manually added to the list using ipa realmdomains-mod command.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Display the current list of realm domains:\n"
|
|
" ipa realmdomains-show\n"
|
|
"\n"
|
|
" Replace the list of realm domains:\n"
|
|
" ipa realmdomains-mod --domain=example.com\n"
|
|
" ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
|
|
"\n"
|
|
" Add a domain to the list of realm domains:\n"
|
|
" ipa realmdomains-mod --add-domain=newdomain.com\n"
|
|
"\n"
|
|
" Delete a domain from the list of realm domains:\n"
|
|
" ipa realmdomains-mod --del-domain=olddomain.com\n"
|
|
msgstr ""
|
|
|
|
msgid "Realm domains"
|
|
msgstr ""
|
|
|
|
msgid "Realm Domains"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify realm domains\n"
|
|
"\n"
|
|
" DNS check: When manually adding a domain to the list, a DNS check is\n"
|
|
" performed by default. It ensures that the domain is associated with\n"
|
|
" the IPA realm, by checking whether the domain has a _kerberos TXT "
|
|
"record\n"
|
|
" containing the IPA realm name. This check can be skipped by specifying\n"
|
|
" --force option.\n"
|
|
"\n"
|
|
" Removal: when a realm domain which has a matching DNS zone managed by\n"
|
|
" IPA is being removed, a corresponding _kerberos TXT record in the zone "
|
|
"is\n"
|
|
" removed automatically as well. Other records in the zone or the zone\n"
|
|
" itself are not affected.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNS zone for each realmdomain must contain SOA or NS records. No records "
|
|
"found for: %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The following domains do not belong to this realm: %(domains)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The realm of the following domains could not be detected: %(domains)s. If "
|
|
"these are domains that belong to the this realm, please create a _kerberos "
|
|
"TXT record containing \"%(realm)s\" in each of them."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The --domain option cannot be used together with --add-domain or --del-"
|
|
"domain. Use --domain to specify the whole realm domain list explicitly, to "
|
|
"add/remove individual domains, use --add-domain/del-domain."
|
|
msgstr ""
|
|
|
|
msgid "IPA server domain cannot be omitted"
|
|
msgstr ""
|
|
|
|
msgid "IPA server domain cannot be deleted"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Services\n"
|
|
"\n"
|
|
"A IPA service represents a service that runs on a host. The IPA service\n"
|
|
"record can store a Kerberos principal, an SSL certificate, or both.\n"
|
|
"\n"
|
|
"An IPA service can be managed directly from a machine, provided that\n"
|
|
"machine has been given the correct permission. This is true even for\n"
|
|
"machines other than the one the service is associated with. For example,\n"
|
|
"requesting an SSL certificate using the host service principal credentials\n"
|
|
"of the host. To manage a service using host credentials you need to\n"
|
|
"kinit as the host:\n"
|
|
"\n"
|
|
" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
|
|
"\n"
|
|
"Adding an IPA service allows the associated service to request an SSL\n"
|
|
"certificate or keytab, but this is performed as a separate step; they\n"
|
|
"are not produced as a result of adding the service.\n"
|
|
"\n"
|
|
"Only the public aspect of a certificate is stored in a service record;\n"
|
|
"the private key is not stored.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new IPA service:\n"
|
|
" ipa service-add HTTP/web.example.com\n"
|
|
"\n"
|
|
" Allow a host to manage an IPA service certificate:\n"
|
|
" ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
|
|
" ipa role-add-member --hosts=web.example.com certadmin\n"
|
|
"\n"
|
|
" Override a default list of supported PAC types for the service:\n"
|
|
" ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
|
|
"\n"
|
|
" A typical use case where overriding the PAC type is needed is NFS.\n"
|
|
" Currently the related code in the Linux kernel can only handle Kerberos\n"
|
|
" tickets up to a maximal size. Since the PAC data can become quite large "
|
|
"it\n"
|
|
" is recommended to set --pac-type=NONE for NFS services.\n"
|
|
"\n"
|
|
" Delete an IPA service:\n"
|
|
" ipa service-del HTTP/web.example.com\n"
|
|
"\n"
|
|
" Find all IPA services associated with a host:\n"
|
|
" ipa service-find web.example.com\n"
|
|
"\n"
|
|
" Find all HTTP services:\n"
|
|
" ipa service-find HTTP\n"
|
|
"\n"
|
|
" Disable the service Kerberos key and SSL certificate:\n"
|
|
" ipa service-disable HTTP/web.example.com\n"
|
|
"\n"
|
|
" Request a certificate for an IPA service:\n"
|
|
" ipa cert-request --principal=HTTP/web.example.com example.csr\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Allow user to create a keytab:\n"
|
|
" ipa service-allow-create-keytab HTTP/web.example.com --users=tuser1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Generate and retrieve a keytab for an IPA service:\n"
|
|
" ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
|
|
"httpd.keytab\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "Trusted to authenticate as user"
|
|
msgstr ""
|
|
|
|
msgid "The service is allowed to authenticate on behalf of a client"
|
|
msgstr ""
|
|
|
|
msgid "Malformed principal"
|
|
msgstr ""
|
|
|
|
msgid "{} is required by the IPA master"
|
|
msgstr ""
|
|
|
|
msgid "service"
|
|
msgstr ""
|
|
|
|
msgid "services"
|
|
msgstr ""
|
|
|
|
msgid "Service principal alias"
|
|
msgstr ""
|
|
|
|
msgid "Base-64 encoded service certificate"
|
|
msgstr ""
|
|
|
|
msgid "NONE value cannot be combined with other PAC types"
|
|
msgstr ""
|
|
|
|
msgid "Add a new IPA service."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "force principal name even if host not in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Skip host check"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"force service to be created even when host object does not exist to manage it"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The host '%s' does not exist to add a service to."
|
|
msgstr ""
|
|
|
|
msgid "Add a new SMB service."
|
|
msgstr ""
|
|
|
|
msgid "SMB service NetBIOS name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d service matched"
|
|
msgid_plural "%(count)d services matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Disabled service \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificates to service principal \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificates from service principal \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Add new principal alias to a service"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added new aliases to the service principal \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove principal alias from a service"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed aliases to the service principal \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"=======\n"
|
|
"WARNING:\n"
|
|
"\n"
|
|
"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
|
|
"the\n"
|
|
"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
|
|
"based\n"
|
|
"on the local ranges set via this family of commands.\n"
|
|
"\n"
|
|
"Manual configuration change has to be done in the DNA plugin configuration "
|
|
"for\n"
|
|
"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
|
|
"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
|
|
"be\n"
|
|
"modified to match the new range.\n"
|
|
"=======\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"ID ranges\n"
|
|
"\n"
|
|
"Manage ID ranges used to map Posix IDs to SIDs and back.\n"
|
|
"\n"
|
|
"There are two type of ID ranges which are both handled by this utility:\n"
|
|
"\n"
|
|
" - the ID ranges of the local domain\n"
|
|
" - the ID ranges of trusted remote domains\n"
|
|
"\n"
|
|
"Both types have the following attributes in common:\n"
|
|
"\n"
|
|
" - base-id: the first ID of the Posix ID range\n"
|
|
" - range-size: the size of the range\n"
|
|
"\n"
|
|
"With those two attributes a range object can reserve the Posix IDs starting\n"
|
|
"with base-id up to but not including base-id+range-size exclusively.\n"
|
|
"\n"
|
|
"Additionally an ID range of the local domain may set\n"
|
|
" - rid-base: the first RID(*) of the corresponding RID range\n"
|
|
" - secondary-rid-base: first RID of the secondary RID range\n"
|
|
"\n"
|
|
"and an ID range of a trusted domain must set\n"
|
|
" - rid-base: the first RID of the corresponding RID range\n"
|
|
" - sid: domain SID of the trusted domain\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for a trusted domain\n"
|
|
"\n"
|
|
"Since there might be more than one trusted domain the domain SID must be "
|
|
"given\n"
|
|
"while creating the ID range.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
|
|
" --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
|
|
"\n"
|
|
"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
|
|
"assign Posix UIDs to users from the trusted domain.\n"
|
|
"\n"
|
|
"If e.g. a range for a trusted domain is configured with the following "
|
|
"values:\n"
|
|
" base-id = 1200000\n"
|
|
" range-size = 200000\n"
|
|
" rid-base = 0\n"
|
|
"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
|
|
"So\n"
|
|
"RID 1000 <-> Posix ID 1201000\n"
|
|
"\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLE: Add a new ID range for the local domain\n"
|
|
"\n"
|
|
"To create an ID range for the local domain it is not necessary to specify a\n"
|
|
"domain SID. But since it is possible that a user and a group can have the "
|
|
"same\n"
|
|
"value as Posix ID a second RID interval is needed to handle conflicts.\n"
|
|
"\n"
|
|
" ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
|
|
" --secondary-rid-base=1000000 local_range\n"
|
|
"\n"
|
|
"The data from the ID ranges of the local domain are used by the IPA server\n"
|
|
"internally to assign SIDs to IPA users and groups. The SID will then be "
|
|
"stored\n"
|
|
"in the user or group objects.\n"
|
|
"\n"
|
|
"If e.g. the ID range for the local domain is configured with the values "
|
|
"from\n"
|
|
"the example above then a new user with the UID 1200007 will get the RID "
|
|
"1007.\n"
|
|
"If this RID is already used by a group the RID will be 1000007. This can "
|
|
"only\n"
|
|
"happen if a user or a group object was created with a fixed ID because the\n"
|
|
"automatic assignment will not assign the same ID twice. Since there are "
|
|
"only\n"
|
|
"users and groups sharing the same ID namespace it is sufficient to have "
|
|
"only\n"
|
|
"one fallback range to handle conflicts.\n"
|
|
"\n"
|
|
"To find the Posix ID for a given RID from the local domain it has to be\n"
|
|
"checked first if the RID falls in the primary or secondary RID range and\n"
|
|
"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
|
|
"and the base-id has to be added to get the Posix ID.\n"
|
|
"\n"
|
|
"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
|
|
"must not be used at all. The ID range for the local domain will be created\n"
|
|
"during installation or upgrade from an older version. The ID range for a\n"
|
|
"trusted domain will be created together with the trust by 'ipa trust-"
|
|
"add ...'.\n"
|
|
"\n"
|
|
"USE CASES:\n"
|
|
"\n"
|
|
" Add an ID range from a transitively trusted domain\n"
|
|
"\n"
|
|
" If the trusted domain (A) trusts another domain (B) as well and this "
|
|
"trust\n"
|
|
" is transitive 'ipa trust-add domain-A' will only create a range for\n"
|
|
" domain A. The ID range for domain B must be added manually.\n"
|
|
"\n"
|
|
" Add an additional ID range for the local domain\n"
|
|
"\n"
|
|
" If the ID range of the local domain is exhausted, i.e. no new IDs can "
|
|
"be\n"
|
|
" assigned to Posix users or groups by the DNA plugin, a new range has to "
|
|
"be\n"
|
|
" created to allow new users and groups to be added. (Currently there is "
|
|
"no\n"
|
|
" connection between this range CLI and the DNA plugin, but a future "
|
|
"version\n"
|
|
" might be able to modify the configuration of the DNS plugin as well)\n"
|
|
"\n"
|
|
"In general it is not necessary to modify or delete ID ranges. If there is "
|
|
"no\n"
|
|
"other way to achieve a certain configuration than to modify or delete an ID\n"
|
|
"range it should be done with great care. Because UIDs are stored in the "
|
|
"file\n"
|
|
"system and are used for access control it might be possible that users are\n"
|
|
"allowed to access files of other users if an ID range got deleted and "
|
|
"reused\n"
|
|
"for a different domain.\n"
|
|
"\n"
|
|
"(*) The RID is typically the last integer of a user or group SID which "
|
|
"follows\n"
|
|
"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
|
|
"from\n"
|
|
"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 is the RID of "
|
|
"the\n"
|
|
"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
|
|
"groups.\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "ID Ranges"
|
|
msgstr ""
|
|
|
|
msgid "ID Range"
|
|
msgstr ""
|
|
|
|
msgid "local domain range"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory domain range"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory trust range with POSIX attributes"
|
|
msgstr ""
|
|
|
|
msgid "ID range type, one of allowed values"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"range modification leaving objects with ID out of the defined range is not "
|
|
"allowed"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot perform SID validation without Samba 4 support installed. Make sure "
|
|
"you have installed server-trust-ad sub-package of IPA on the server"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cross-realm trusts are not configured. Make sure you have run ipa-adtrust-"
|
|
"install on the IPA server first"
|
|
msgstr ""
|
|
|
|
msgid "SID is not recognized as a valid SID for a trusted domain"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new ID range.\n"
|
|
"\n"
|
|
" To add a new ID range you always have to specify\n"
|
|
"\n"
|
|
" --base-id\n"
|
|
" --range-size\n"
|
|
"\n"
|
|
" Additionally\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --secondary-rid-base\n"
|
|
"\n"
|
|
" may be given for a new ID range for the local domain while\n"
|
|
"\n"
|
|
" --rid-base\n"
|
|
" --dom-sid\n"
|
|
"\n"
|
|
" must be given to add a new range for a trusted AD domain.\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added ID range \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Options dom-sid and dom-name cannot be used together"
|
|
msgstr ""
|
|
|
|
msgid "Specified trusted domain name could not be found."
|
|
msgstr ""
|
|
|
|
msgid "Options dom-sid/dom-name and rid-base must be used together"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Option rid-base must not be used when IPA range type is ipa-ad-trust-posix"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"IPA Range type must be one of ipa-ad-trust or ipa-ad-trust-posix when SID of "
|
|
"the trusted domain is specified"
|
|
msgstr ""
|
|
|
|
msgid "Options dom-sid/dom-name and secondary-rid-base cannot be used together"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"IPA Range type must not be one of ipa-ad-trust or ipa-ad-trust-posix when "
|
|
"SID of the trusted domain is not specified."
|
|
msgstr ""
|
|
|
|
msgid "Options secondary-rid-base and rid-base must be used together"
|
|
msgstr ""
|
|
|
|
msgid "Primary RID range and secondary RID range cannot overlap"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"You must specify both rid-base and secondary-rid-base options, because ipa-"
|
|
"adtrust-install has already been run."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted ID range \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d range matched"
|
|
msgid_plural "%(count)d ranges matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"Modify ID range.\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified ID range \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"This command can not be used to change ID allocation for local IPA domain. "
|
|
"Run `ipa help idrange` for more information"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"SID for the specified trusted domain name could not be found. Please specify "
|
|
"the SID directly using dom-sid option."
|
|
msgstr ""
|
|
|
|
msgid "Options dom-sid and secondary-rid-base cannot be used together"
|
|
msgstr ""
|
|
|
|
msgid "Options dom-sid and rid-base must be used together"
|
|
msgstr ""
|
|
|
|
msgid "netgroups"
|
|
msgstr ""
|
|
|
|
msgid "Netgroups"
|
|
msgstr ""
|
|
|
|
msgid "Netgroup"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added netgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"hostgroup with name \"%s\" already exists. Hostgroups and netgroups share a "
|
|
"common namespace"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted netgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified netgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d netgroup matched"
|
|
msgid_plural "%(count)d netgroups matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "One time password commands"
|
|
msgstr ""
|
|
|
|
msgid "OTP configuration options"
|
|
msgstr ""
|
|
|
|
msgid "OTP Configuration"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Changed password for \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Kerberos PKINIT feature status reporting tools.\n"
|
|
"\n"
|
|
"Report IPA masters on which Kerberos PKINIT is enabled or disabled\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
" List PKINIT status on all masters:\n"
|
|
" ipa pkinit-status\n"
|
|
"\n"
|
|
" Check PKINIT status on `ipa.example.com`:\n"
|
|
" ipa pkinit-status --server ipa.example.com\n"
|
|
"\n"
|
|
" List all IPA masters with disabled PKINIT:\n"
|
|
" ipa pkinit-status --status='disabled'\n"
|
|
"\n"
|
|
"For more info about PKINIT support see:\n"
|
|
"\n"
|
|
"https://www.freeipa.org/page/V4/Kerberos_PKINIT\n"
|
|
msgstr ""
|
|
|
|
msgid "pkinit"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT status"
|
|
msgstr ""
|
|
|
|
msgid "Whether PKINIT is enabled or disabled"
|
|
msgstr ""
|
|
|
|
msgid "Report PKINIT status on the IPA masters"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)s server matched"
|
|
msgid_plural "%(count)s servers matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"RADIUS Proxy Servers\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage RADIUS Proxy Servers.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA supports the use of an external RADIUS proxy server for krb5 OTP\n"
|
|
"authentications. This permits a great deal of flexibility when\n"
|
|
"integrating with third-party authentication services.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new server:\n"
|
|
" ipa radiusproxy-add MyRADIUS --server=radius.example.com:1812\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all servers whose entries include the string \"example.com\":\n"
|
|
" ipa radiusproxy-find example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Examine the configuration:\n"
|
|
" ipa radiusproxy-show MyRADIUS\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Change the secret:\n"
|
|
" ipa radiusproxy-mod MyRADIUS --secret\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a configuration:\n"
|
|
" ipa radiusproxy-del MyRADIUS\n"
|
|
msgstr ""
|
|
|
|
msgid "invalid attribute name"
|
|
msgstr ""
|
|
|
|
msgid "invalid port number"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS proxy server"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS proxy servers"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS Servers"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS Server"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added RADIUS proxy server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted RADIUS proxy server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified RADIUS proxy server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d RADIUS proxy server matched"
|
|
msgid_plural "%(count)d RADIUS proxy servers matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "ID View"
|
|
msgstr ""
|
|
|
|
msgid "system ID View"
|
|
msgstr ""
|
|
|
|
msgid "ID Views"
|
|
msgstr ""
|
|
|
|
msgid "User object overrides"
|
|
msgstr ""
|
|
|
|
msgid "Group object overrides"
|
|
msgstr ""
|
|
|
|
msgid "Hosts the view applies to"
|
|
msgstr ""
|
|
|
|
msgid "Domain resolution order"
|
|
msgstr ""
|
|
|
|
msgid "colon-separated list of domains used for short name qualification"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added ID View \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted ID View \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified an ID View \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d ID View matched"
|
|
msgid_plural "%(count)d ID Views matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Default Trust View cannot be applied on hosts"
|
|
msgstr ""
|
|
|
|
msgid "not found"
|
|
msgstr ""
|
|
|
|
msgid "ID View cannot be applied to IPA master"
|
|
msgstr ""
|
|
|
|
msgid "ID View already applied"
|
|
msgstr ""
|
|
|
|
msgid "value"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ID View applied to %i host."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ID View applied to %i hosts."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ID View cleared from %i host."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ID View cleared from %i hosts."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"You are trying to reference a magic private group which is not allowed to be "
|
|
"overridden. Try overriding the GID attribute of the corresponding user "
|
|
"instead."
|
|
msgstr ""
|
|
|
|
msgid "IPA object"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"system IPA objects (e.g. system groups, user private groups) cannot be "
|
|
"overridden"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Anchor '%(anchor)s' could not be resolved."
|
|
msgstr ""
|
|
|
|
msgid "Default Trust View cannot contain IPA users"
|
|
msgstr ""
|
|
|
|
msgid "Add a new ID override."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Delete an ID override."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Modify an ID override."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified an ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "ID override"
|
|
msgstr ""
|
|
|
|
msgid "ID overrides cannot be renamed"
|
|
msgstr ""
|
|
|
|
msgid "Search for an ID override."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d ID override matched"
|
|
msgid_plural "%(count)d ID overrides matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Display information about an ID override."
|
|
msgstr ""
|
|
|
|
msgid "User ID override"
|
|
msgstr ""
|
|
|
|
msgid "User ID overrides"
|
|
msgstr ""
|
|
|
|
msgid "Base-64 encoded user certificate"
|
|
msgstr ""
|
|
|
|
msgid "Group ID override"
|
|
msgstr ""
|
|
|
|
msgid "Group ID overrides"
|
|
msgstr ""
|
|
|
|
msgid "Add one or more certificates to the idoverrideuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificates to idoverrideuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove one or more certificates to the idoverrideuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificates from idoverrideuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added User ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted User ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified an User ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d User ID override matched"
|
|
msgid_plural "%(count)d User ID overrides matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Added Group ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted Group ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified an Group ID override \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d Group ID override matched"
|
|
msgid_plural "%(count)d Group ID overrides matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA locations\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manipulate DNS locations\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all locations:\n"
|
|
" ipa location-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show specific location:\n"
|
|
" ipa location-show location\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add location:\n"
|
|
" ipa location-add location --description 'My location'\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete location:\n"
|
|
" ipa location-del location\n"
|
|
msgstr ""
|
|
|
|
msgid "location"
|
|
msgstr ""
|
|
|
|
msgid "locations"
|
|
msgstr ""
|
|
|
|
msgid "IPA Locations"
|
|
msgstr ""
|
|
|
|
msgid "IPA Location"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Location name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "IPA location name"
|
|
msgstr ""
|
|
|
|
msgid "IPA Location description"
|
|
msgstr ""
|
|
|
|
msgid "Servers"
|
|
msgstr ""
|
|
|
|
msgid "Servers that belongs to the IPA location"
|
|
msgstr ""
|
|
|
|
msgid "Advertised by servers"
|
|
msgstr ""
|
|
|
|
msgid "List of servers which advertise the given location"
|
|
msgstr ""
|
|
|
|
msgid "Add a new IPA location."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added IPA location \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Delete an IPA location."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted IPA location \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "IPA Server"
|
|
msgstr ""
|
|
|
|
msgid "Modify information about an IPA location."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified IPA location \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Search for IPA locations."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d IPA location matched"
|
|
msgid_plural "%(count)d IPA locations matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Display information about an IPA location."
|
|
msgstr ""
|
|
|
|
msgid "Servers in location"
|
|
msgstr ""
|
|
|
|
msgid "roles"
|
|
msgstr ""
|
|
|
|
msgid "Role"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added role \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted role \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified role \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d role matched"
|
|
msgid_plural "%(count)d roles matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"API Schema\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Provides API introspection capabilities.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show user-find details:\n"
|
|
" ipa command-show user-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find user-find parameters:\n"
|
|
" ipa param-find user-find\n"
|
|
msgstr ""
|
|
|
|
msgid "Name"
|
|
msgstr ""
|
|
|
|
msgid "Documentation"
|
|
msgstr ""
|
|
|
|
msgid "Exclude from"
|
|
msgstr ""
|
|
|
|
msgid "Include in"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Results should contain primary key attribute only (\"%s\")"
|
|
msgstr ""
|
|
|
|
msgid "Help topic"
|
|
msgstr ""
|
|
|
|
msgid "Version"
|
|
msgstr ""
|
|
|
|
msgid "Parameters"
|
|
msgstr ""
|
|
|
|
msgid "Method of"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Method name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
#, python-format
|
|
msgid "%(pkey)s: %(oname)s not found"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a command."
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic or Command"
|
|
msgid "Search for commands."
|
|
msgstr "विषय किंवा आदेश"
|
|
|
|
msgid "Return command defaults"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a class."
|
|
msgstr ""
|
|
|
|
msgid "Search for classes."
|
|
msgstr ""
|
|
|
|
msgid "Display information about a help topic."
|
|
msgstr ""
|
|
|
|
msgid "Search for help topics."
|
|
msgstr ""
|
|
|
|
msgid "Required"
|
|
msgstr ""
|
|
|
|
msgid "Multi-value"
|
|
msgstr ""
|
|
|
|
msgid "Always ask"
|
|
msgstr ""
|
|
|
|
msgid "CLI metavar"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "CLI name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Confirm (password)"
|
|
msgstr ""
|
|
|
|
msgid "Default"
|
|
msgstr ""
|
|
|
|
msgid "Default from"
|
|
msgstr ""
|
|
|
|
msgid "Label"
|
|
msgstr ""
|
|
|
|
msgid "Convert on server"
|
|
msgstr ""
|
|
|
|
msgid "Option group"
|
|
msgstr ""
|
|
|
|
msgid "Sensitive"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Positional arguments"
|
|
msgid "Positional argument"
|
|
msgstr "positional वितर्क"
|
|
|
|
#, python-format
|
|
msgid "%(metaobject)s: %(oname)s not found"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a command parameter."
|
|
msgstr ""
|
|
|
|
msgid "Search command parameters."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(command_name)s: %(oname)s not found"
|
|
msgstr ""
|
|
|
|
msgid "Display information about a command output."
|
|
msgstr ""
|
|
|
|
msgid "Search for command outputs."
|
|
msgstr ""
|
|
|
|
msgid "Store and provide schema for commands and topics"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprint of schema cached by client"
|
|
msgstr ""
|
|
|
|
msgid "HBAC rule and local members cannot both be set"
|
|
msgstr ""
|
|
|
|
msgid "Invalid SELinux user name, must match {}"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Invalid MLS value, must match {mls}, where max level {mls_max}"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Invalid MCS value, must match {mcs}, where max category {mcs_max}"
|
|
msgstr ""
|
|
|
|
msgid "SELinux user map list not found in configuration"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "SELinux user %(user)s not found in ordering list (in config)"
|
|
msgstr ""
|
|
|
|
msgid "SELinux User Map rule"
|
|
msgstr ""
|
|
|
|
msgid "SELinux User Map rules"
|
|
msgstr ""
|
|
|
|
msgid "SELinux User Maps"
|
|
msgstr ""
|
|
|
|
msgid "SELinux User Map"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "HBAC rule %(rule)s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added SELinux User Map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted SELinux User Map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified SELinux User Map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d SELinux User Map matched"
|
|
msgid_plural "%(count)d SELinux User Maps matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Enabled SELinux User Map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled SELinux User Map \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Service Constrained Delegation\n"
|
|
"\n"
|
|
"Manage rules to allow constrained delegation of credentials so\n"
|
|
"that a service can impersonate a user when communicating with another\n"
|
|
"service without requiring the user to actually forward their TGT.\n"
|
|
"This makes for a much better method of delegating credentials as it\n"
|
|
"prevents exposure of the short term secret of the user.\n"
|
|
"\n"
|
|
"The naming convention is to append the word \"target\" or \"targets\" to\n"
|
|
"a matching rule name. This is not mandatory but helps conceptually\n"
|
|
"to associate rules and targets.\n"
|
|
"\n"
|
|
"A rule consists of two things:\n"
|
|
" - A list of targets the rule applies to\n"
|
|
" - A list of memberPrincipals that are allowed to delegate for\n"
|
|
" those targets\n"
|
|
"\n"
|
|
"A target consists of a list of principals that can be delegated.\n"
|
|
"\n"
|
|
"In English, a rule says that this principal can delegate as this\n"
|
|
"list of principals, as defined by these targets.\n"
|
|
"\n"
|
|
"In both a rule and a target Kerberos principals may be specified\n"
|
|
"by their name or an alias and the realm can be omitted. Additionally,\n"
|
|
"hosts can be specified by their names. If Kerberos principal specified\n"
|
|
"has a single component and does not end with '$' sign, it will be treated\n"
|
|
"as a host name. Kerberos principal names ending with '$' are typically\n"
|
|
"used as aliases for Active Directory-related services.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new constrained delegation rule:\n"
|
|
" ipa servicedelegationrule-add ftp-delegation\n"
|
|
"\n"
|
|
" Add a new constrained delegation target:\n"
|
|
" ipa servicedelegationtarget-add ftp-delegation-target\n"
|
|
"\n"
|
|
" Add a principal to the rule:\n"
|
|
" ipa servicedelegationrule-add-member --principals=ftp/ipa.example."
|
|
"com ftp-delegation\n"
|
|
"\n"
|
|
" Add a host principal of the host 'ipa.example.com' to the rule:\n"
|
|
" ipa servicedelegationrule-add-member --principals=ipa.example.com "
|
|
"ftp-delegation\n"
|
|
"\n"
|
|
" Add our target to the rule:\n"
|
|
" ipa servicedelegationrule-add-target --servicedelegationtargets=ftp-"
|
|
"delegation-target ftp-delegation\n"
|
|
"\n"
|
|
" Add a principal to the target:\n"
|
|
" ipa servicedelegationtarget-add-member --principals=ldap/ipa.example."
|
|
"com ftp-delegation-target\n"
|
|
"\n"
|
|
" Display information about a named delegation rule and target:\n"
|
|
" ipa servicedelegationrule_show ftp-delegation\n"
|
|
" ipa servicedelegationtarget_show ftp-delegation-target\n"
|
|
"\n"
|
|
" Remove a constrained delegation:\n"
|
|
" ipa servicedelegationrule-del ftp-delegation-target\n"
|
|
" ipa servicedelegationtarget-del ftp-delegation\n"
|
|
"\n"
|
|
"In this example the ftp service can get a TGT for the ldap service on\n"
|
|
"the bound user's behalf.\n"
|
|
"\n"
|
|
"It is strongly discouraged to modify the delegations that ship with\n"
|
|
"IPA, ipa-http-delegation and its targets ipa-cifs-delegation-targets and\n"
|
|
"ipa-ldap-delegation-targets. Incorrect changes can remove the ability\n"
|
|
"to delegate, causing the framework to stop functioning.\n"
|
|
msgstr ""
|
|
|
|
msgid "Allowed to Impersonate"
|
|
msgstr ""
|
|
|
|
msgid "Member principals"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Malformed principal: %(error)s"
|
|
msgstr ""
|
|
|
|
msgid "Add target to a named service delegation."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "member %s"
|
|
msgstr ""
|
|
|
|
msgid "Remove member from a named service delegation."
|
|
msgstr ""
|
|
|
|
msgid "service delegation rule"
|
|
msgstr ""
|
|
|
|
msgid "service delegation rules"
|
|
msgstr ""
|
|
|
|
msgid "Service delegation rules"
|
|
msgstr ""
|
|
|
|
msgid "Service delegation rule"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added service delegation rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted service delegation \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "privileged service delegation rule"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d service delegation rule matched"
|
|
msgid_plural "%(count)d service delegation rules matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "service delegation target"
|
|
msgstr ""
|
|
|
|
msgid "service delegation targets"
|
|
msgstr ""
|
|
|
|
msgid "Service delegation targets"
|
|
msgstr ""
|
|
|
|
msgid "Service delegation target"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added service delegation target \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted service delegation target \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "privileged service delegation target"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d service delegation target matched"
|
|
msgid_plural "%(count)d service delegation targets matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Session Support for IPA\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Stageusers\n"
|
|
"\n"
|
|
"Manage stage user entries.\n"
|
|
"\n"
|
|
"Stage user entries are directly under the container: \"cn=stage users,\n"
|
|
"cn=accounts, cn=provisioning, SUFFIX\".\n"
|
|
"Users can not authenticate with those entries (even if the entries\n"
|
|
"contain credentials). Those entries are only candidate to become Active "
|
|
"entries.\n"
|
|
"\n"
|
|
"Active user entries are Posix users directly under the container: "
|
|
"\"cn=accounts, SUFFIX\".\n"
|
|
"Users can authenticate with Active entries, at the condition they have\n"
|
|
"credentials.\n"
|
|
"\n"
|
|
"Deleted user entries are Posix users directly under the container: "
|
|
"\"cn=deleted users,\n"
|
|
"cn=accounts, cn=provisioning, SUFFIX\".\n"
|
|
"Users can not authenticate with those entries, even if the entries contain "
|
|
"credentials.\n"
|
|
"\n"
|
|
"The stage user container contains entries:\n"
|
|
" - created by 'stageuser-add' commands that are Posix users,\n"
|
|
" - created by external provisioning system.\n"
|
|
"\n"
|
|
"A valid stage user entry MUST have:\n"
|
|
" - entry RDN is 'uid',\n"
|
|
" - ipaUniqueID is 'autogenerate'.\n"
|
|
"\n"
|
|
"IPA supports a wide range of username formats, but you need to be aware of "
|
|
"any\n"
|
|
"restrictions that may apply to your particular environment. For example,\n"
|
|
"usernames that start with a digit or usernames that exceed a certain length\n"
|
|
"may cause problems for some UNIX systems.\n"
|
|
"Use 'ipa config-mod' to change the username format allowed by IPA tools.\n"
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new stageuser:\n"
|
|
" ipa stageuser-add --first=Tim --last=User --password tuser1\n"
|
|
"\n"
|
|
" Add a stageuser from the deleted users container:\n"
|
|
" ipa stageuser-add --first=Tim --last=User --from-delete tuser1\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "Stage Users"
|
|
msgstr ""
|
|
|
|
msgid "Stage User"
|
|
msgstr ""
|
|
|
|
msgid "stage user"
|
|
msgstr ""
|
|
|
|
msgid "stage users"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added stage user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "givenname is required"
|
|
msgstr ""
|
|
|
|
msgid "sn is required"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted stage user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified stage user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d user matched"
|
|
msgid_plural "%(count)d users matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Activate a stage user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Entry RDN is not 'uid'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Entry has no '%(attribute)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "active user with name \"%(user)s\" already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Stage user %s activated"
|
|
msgstr ""
|
|
|
|
msgid "Add one or more certificates to the stageuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificates to stageuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove one or more certificates to the stageuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificates from stageuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Add new principal alias to the stageuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added new aliases to stageuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove principal alias from the stageuser entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed aliases from stageuser \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Add one or more certificate mappings to the stage user entry."
|
|
msgstr ""
|
|
|
|
msgid "Remove one or more certificate mappings from the stage user entry."
|
|
msgstr ""
|
|
|
|
msgid "commands for controlling sudo configuration"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Sudo Commands\n"
|
|
"\n"
|
|
"Commands used as building blocks for sudo\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Create a new command\n"
|
|
" ipa sudocmd-add --desc='For reading log files' /usr/bin/less\n"
|
|
"\n"
|
|
" Remove a command\n"
|
|
" ipa sudocmd-del /usr/bin/less\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic commands:"
|
|
msgid "sudo command"
|
|
msgstr "विषय आदेश:"
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic commands:"
|
|
msgid "sudo commands"
|
|
msgstr "विषय आदेश:"
|
|
|
|
#, fuzzy
|
|
#| msgid "Topic commands:"
|
|
msgid "Sudo Commands"
|
|
msgstr "विषय आदेश:"
|
|
|
|
#, python-format
|
|
msgid "Added Sudo Command \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted Sudo Command \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified Sudo Command \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d Sudo Command matched"
|
|
msgid_plural "%(count)d Sudo Commands matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of Sudo Commands\n"
|
|
"\n"
|
|
"Manage groups of Sudo Commands.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-add --desc='administrators commands' admincmds\n"
|
|
"\n"
|
|
" Remove a Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-del admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/"
|
|
"vim admincmds\n"
|
|
"\n"
|
|
" Manage Sudo Command Group membership, commands:\n"
|
|
" ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmds\n"
|
|
"\n"
|
|
" Show a Sudo Command Group:\n"
|
|
" ipa sudocmdgroup-show admincmds\n"
|
|
msgstr ""
|
|
|
|
msgid "sudo command group"
|
|
msgstr ""
|
|
|
|
msgid "sudo command groups"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added Sudo Command Group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted Sudo Command Group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified Sudo Command Group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d Sudo Command Group matched"
|
|
msgid_plural "%(count)d Sudo Command Groups matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry "
|
|
"'%s'."
|
|
msgstr ""
|
|
|
|
msgid "kerberos ticket policy settings"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Ticket Policy"
|
|
msgstr ""
|
|
|
|
msgid "OTP max life"
|
|
msgstr ""
|
|
|
|
msgid "OTP token maximum ticket life (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "OTP max renew"
|
|
msgstr ""
|
|
|
|
msgid "OTP token ticket maximum renewable age (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS max life"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS maximum ticket life (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS max renew"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS ticket maximum renewable age (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT max life"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT maximum ticket life (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT max renew"
|
|
msgstr ""
|
|
|
|
msgid "PKINIT ticket maximum renewable age (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Hardened max life"
|
|
msgstr ""
|
|
|
|
msgid "Hardened ticket maximum ticket life (seconds)"
|
|
msgstr ""
|
|
|
|
msgid "Hardened max renew"
|
|
msgstr ""
|
|
|
|
msgid "Hardened ticket maximum renewable age (seconds)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Ticket policy for %s could not be read"
|
|
msgstr ""
|
|
|
|
msgid "Default ticket policy could not be read"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Return information about currently authenticated identity\n"
|
|
"\n"
|
|
"Who am I command returns information on how to get\n"
|
|
"more details about the identity authenticated for this\n"
|
|
"request. The information includes:\n"
|
|
"\n"
|
|
" * type of object\n"
|
|
" * command to retrieve details of the object\n"
|
|
" * arguments and options to pass to the command\n"
|
|
"\n"
|
|
"The information is returned as a dictionary. Examples below use\n"
|
|
"'key: value' output for illustrative purposes.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Look up as IPA user:\n"
|
|
" kinit admin\n"
|
|
" ipa console\n"
|
|
" >> api.Command.whoami()\n"
|
|
" ------------------------------------------\n"
|
|
" object: user\n"
|
|
" command: user_show/1\n"
|
|
" arguments: admin\n"
|
|
" ------------------------------------------\n"
|
|
"\n"
|
|
" Look up as a user from a trusted domain:\n"
|
|
" kinit user@AD.DOMAIN\n"
|
|
" ipa console\n"
|
|
" >> api.Command.whoami()\n"
|
|
" ------------------------------------------\n"
|
|
" object: idoverrideuser\n"
|
|
" command: idoverrideuser_show/1\n"
|
|
" arguments: ('default trust view', 'user@ad.domain')\n"
|
|
" ------------------------------------------\n"
|
|
"\n"
|
|
" Look up as a host:\n"
|
|
" kinit -k\n"
|
|
" ipa console\n"
|
|
" >> api.Command.whoami()\n"
|
|
" ------------------------------------------\n"
|
|
" object: host\n"
|
|
" command: host_show/1\n"
|
|
" arguments: ipa.example.com\n"
|
|
" ------------------------------------------\n"
|
|
"\n"
|
|
" Look up as a Kerberos service:\n"
|
|
" kinit -k -t /path/to/keytab HTTP/ipa.example.com\n"
|
|
" ipa console\n"
|
|
" >> api.Command.whoami()\n"
|
|
" ------------------------------------------\n"
|
|
" object: service\n"
|
|
" command: service_show/1\n"
|
|
" arguments: HTTP/ipa.example.com\n"
|
|
" ------------------------------------------\n"
|
|
msgstr ""
|
|
|
|
msgid "Describe currently authenticated identity."
|
|
msgstr ""
|
|
|
|
msgid "Object class name"
|
|
msgstr ""
|
|
|
|
msgid "Function to get details"
|
|
msgstr ""
|
|
|
|
msgid "Arguments to details function"
|
|
msgstr ""
|
|
|
|
msgid "Cannot query Directory Manager with API"
|
|
msgstr ""
|
|
|
|
msgid "delegation"
|
|
msgstr ""
|
|
|
|
msgid "delegations"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "Delegations"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "Delegation"
|
|
msgstr ""
|
|
|
|
msgid "ACI"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added delegation \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted delegation \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified delegation \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d delegation matched"
|
|
msgid_plural "%(count)d delegations matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Server configuration\n"
|
|
"\n"
|
|
"Manage the default values that IPA uses and some of its tuning parameters.\n"
|
|
"\n"
|
|
"NOTES:\n"
|
|
"\n"
|
|
"The password notification value (--pwdexpnotify) is stored here so it will\n"
|
|
"be replicated. It is not currently used to notify users in advance of an\n"
|
|
"expiring password.\n"
|
|
"\n"
|
|
"Some attributes are read-only, provided only for information purposes. "
|
|
"These\n"
|
|
"include:\n"
|
|
"\n"
|
|
"Certificate Subject base: the configured certificate subject base,\n"
|
|
" e.g. O=EXAMPLE.COM. This is configurable only at install time.\n"
|
|
"Password plug-in features: currently defines additional hashes that the\n"
|
|
" password will generate (there may be other conditions).\n"
|
|
"\n"
|
|
"When setting the order list for mapping SELinux users you may need to\n"
|
|
"quote the value so it isn't interpreted by the shell.\n"
|
|
"\n"
|
|
"The maximum length of a hostname in Linux is controlled by\n"
|
|
"MAXHOSTNAMELEN in the kernel and defaults to 64. Some other operating\n"
|
|
"systems, Solaris for example, allows hostnames up to 255 characters.\n"
|
|
"This option will allow flexibility in length but by default limiting\n"
|
|
"to the Linux maximum length.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Show basic server configuration:\n"
|
|
" ipa config-show\n"
|
|
"\n"
|
|
" Show all configuration options:\n"
|
|
" ipa config-show --all\n"
|
|
"\n"
|
|
" Change maximum username length to 99 characters:\n"
|
|
" ipa config-mod --maxusername=99\n"
|
|
"\n"
|
|
" Change maximum host name length to 255 characters:\n"
|
|
" ipa config-mod --maxhostname=255\n"
|
|
"\n"
|
|
" Increase default time and size limits for maximum IPA server search:\n"
|
|
" ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000\n"
|
|
"\n"
|
|
" Set default user e-mail domain:\n"
|
|
" ipa config-mod --emaildomain=example.com\n"
|
|
"\n"
|
|
" Enable migration mode to make \"ipa migrate-ds\" command operational:\n"
|
|
" ipa config-mod --enable-migration=TRUE\n"
|
|
"\n"
|
|
" Define SELinux user map order:\n"
|
|
" ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-"
|
|
"s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'\n"
|
|
msgstr ""
|
|
|
|
msgid "must be at least 10"
|
|
msgstr ""
|
|
|
|
msgid "configuration options"
|
|
msgstr ""
|
|
|
|
msgid "Configuration"
|
|
msgstr ""
|
|
|
|
msgid "Maximum hostname length"
|
|
msgstr ""
|
|
|
|
msgid "IPA masters"
|
|
msgstr ""
|
|
|
|
msgid "List of all IPA masters"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA masters"
|
|
msgstr ""
|
|
|
|
msgid "List of all hidden IPA masters"
|
|
msgstr ""
|
|
|
|
msgid "IPA master capable of PKINIT"
|
|
msgstr ""
|
|
|
|
msgid "IPA master which can process PKINIT requests"
|
|
msgstr ""
|
|
|
|
msgid "IPA CA servers"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as certificate authority"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA CA servers"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA servers configured as certificate authority"
|
|
msgstr ""
|
|
|
|
msgid "IPA CA renewal master"
|
|
msgstr ""
|
|
|
|
msgid "Renewal master for IPA certificate authority"
|
|
msgstr ""
|
|
|
|
msgid "IPA KRA servers"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as key recovery agent"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA KRA servers"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA servers configured as key recovery agent"
|
|
msgstr ""
|
|
|
|
msgid "IPA DNS servers"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as domain name server"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA DNS servers"
|
|
msgstr ""
|
|
|
|
msgid "Hidden IPA servers configured as domain name server"
|
|
msgstr ""
|
|
|
|
msgid "IPA DNSSec key master"
|
|
msgstr ""
|
|
|
|
msgid "DNSec key master"
|
|
msgstr ""
|
|
|
|
msgid "Empty domain is not allowed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Invalid domain name '%(domain)s': %(e)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Server has no information about domain '%(domain)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled domain '%(domain)s' is not allowed"
|
|
msgstr ""
|
|
|
|
msgid "The group doesn't exist"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "attribute \"%s\" not allowed"
|
|
msgstr ""
|
|
|
|
msgid "May not be empty"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(obj)s default attribute %(attr)s would not be allowed!"
|
|
msgstr ""
|
|
|
|
msgid "A list of SELinux users delimited by $ expected"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "error on server '%(server)s': %(error)s"
|
|
msgid "SELinux user '%(user)s' is not valid: %(error)s"
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
msgid "SELinux user map default user not in order list"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"Domain Level cannot be raised to {0}, existing replication conflicts have to "
|
|
"be resolved."
|
|
msgstr ""
|
|
|
|
msgid "Server does not support domain level functionality"
|
|
msgstr ""
|
|
|
|
msgid "Domain Level cannot be lowered."
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Domain Level cannot be raised to {0}, server {1} does not support it."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of users\n"
|
|
"\n"
|
|
"Manage groups of users, groups, or services. By default, new groups are "
|
|
"POSIX\n"
|
|
"groups. You can add the --nonposix option to the group-add command to mark "
|
|
"a\n"
|
|
"new group as non-POSIX. You can use the --posix argument with the group-mod\n"
|
|
"command to convert a non-POSIX group into a POSIX group. POSIX groups cannot "
|
|
"be\n"
|
|
"converted to non-POSIX groups.\n"
|
|
"\n"
|
|
"Every group must have a description.\n"
|
|
"\n"
|
|
"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
|
|
"supported but can have an impact on your file permissions. It is not "
|
|
"necessary\n"
|
|
"to supply a GID when creating a group. IPA will generate one automatically\n"
|
|
"if it is not provided.\n"
|
|
"\n"
|
|
"Groups members can be users, other groups, and Kerberos services. In POSIX\n"
|
|
"environments only users will be visible as group members, but nested groups "
|
|
"and\n"
|
|
"groups of services can be used for IPA management purposes.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new group:\n"
|
|
" ipa group-add --desc='local administrators' localadmins\n"
|
|
"\n"
|
|
" Add a new non-POSIX group:\n"
|
|
" ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
|
|
"\n"
|
|
" Convert a non-POSIX group to posix:\n"
|
|
" ipa group-mod --posix remoteadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group with a specific Group ID number:\n"
|
|
" ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
|
|
"\n"
|
|
" Add a new POSIX group and let IPA assign a Group ID number:\n"
|
|
" ipa group-add --desc='printer admins' printeradmins\n"
|
|
"\n"
|
|
" Remove a group:\n"
|
|
" ipa group-del unixadmins\n"
|
|
"\n"
|
|
" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --groups=remoteadmins localadmins\n"
|
|
"\n"
|
|
" Add multiple users to the \"localadmins\" group:\n"
|
|
" ipa group-add-member --users=test1 --users=test2 localadmins\n"
|
|
"\n"
|
|
" To add Kerberos services to the \"printer admins\" group:\n"
|
|
" ipa group-add-member --services=CUPS/some.host printeradmins\n"
|
|
"\n"
|
|
" Remove a user from the \"localadmins\" group:\n"
|
|
" ipa group-remove-member --users=test2 localadmins\n"
|
|
"\n"
|
|
" Display information about a named group.\n"
|
|
" ipa group-show localadmins\n"
|
|
"\n"
|
|
"Group membership managers are users or groups that can add members to a\n"
|
|
"group or remove members from a group.\n"
|
|
"\n"
|
|
" Allow user \"test2\" to add or remove members from group \"localadmins\":\n"
|
|
" ipa group-add-member-manager --users=test2 localadmins\n"
|
|
"\n"
|
|
" Revoke membership management rights for user \"test2\" from \"localadmins"
|
|
"\":\n"
|
|
" ipa group-remove-member-manager --users=test2 localadmins\n"
|
|
"\n"
|
|
"External group membership is designed to allow users from trusted domains\n"
|
|
"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
|
|
"External members should be added to groups that specifically created as\n"
|
|
"external and non-POSIX. Such group later should be included into one of "
|
|
"POSIX\n"
|
|
"groups.\n"
|
|
"\n"
|
|
"An external group member is currently a Security Identifier (SID) as defined "
|
|
"by\n"
|
|
"the trusted domain. When adding external group members, it is possible to\n"
|
|
"specify them in either SID, or DOM\\name, or name@domain format. IPA will "
|
|
"attempt\n"
|
|
"to resolve passed name to SID with the use of Global Catalog of the trusted "
|
|
"domain.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local POSIX "
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
|
|
"--external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the "
|
|
"ad_admins_external\n"
|
|
" group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with ad_admins "
|
|
"POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see their "
|
|
"SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
msgstr ""
|
|
|
|
msgid "groups"
|
|
msgstr ""
|
|
|
|
msgid "User Group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "gid cannot be set for external group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "privileged group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified group \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d group matched"
|
|
msgid_plural "%(count)d groups matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"Cannot perform external member validation without Samba 4 support installed. "
|
|
"Make sure you have installed server-trust-ad sub-package of IPA on the server"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot perform join operation without own domain configured. Make sure you "
|
|
"have run ipa-adtrust-install on the IPA server first"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Detached group \"%(value)s\" from user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "not allowed to modify user entries"
|
|
msgstr ""
|
|
|
|
msgid "not allowed to modify group entries"
|
|
msgstr ""
|
|
|
|
msgid "Not a managed group"
|
|
msgstr ""
|
|
|
|
msgid "Add users that can manage members of this group."
|
|
msgstr ""
|
|
|
|
msgid "Remove users that can manage members of this group."
|
|
msgstr ""
|
|
|
|
msgid "Could not read UPG Definition originfilter. Check your permissions."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Default group for new users not found"
|
|
msgstr ""
|
|
|
|
msgid "Default group for new users is not POSIX"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s: user is already preserved"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Undeleted user account \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "user \"%s\" is already active"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Staged user account \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled user account \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled user account \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Unlock a user account\n"
|
|
"\n"
|
|
" An account may become locked if the password is entered incorrectly too\n"
|
|
" many times within a specific time period as controlled by password\n"
|
|
" policy. A locked account is a temporary condition and may be unlocked "
|
|
"by\n"
|
|
" an administrator."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Unlocked account \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Failed logins"
|
|
msgstr ""
|
|
|
|
msgid "Last successful authentication"
|
|
msgstr ""
|
|
|
|
msgid "Last failed authentication"
|
|
msgstr ""
|
|
|
|
msgid "Time now"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Lockout status of a user account\n"
|
|
"\n"
|
|
" An account may become locked if the password is entered incorrectly too\n"
|
|
" many times within a specific time period as controlled by password\n"
|
|
" policy. A locked account is a temporary condition and may be unlocked "
|
|
"by\n"
|
|
" an administrator.\n"
|
|
"\n"
|
|
" This connects to each IPA master and displays the lockout status on\n"
|
|
" each one.\n"
|
|
"\n"
|
|
" To determine whether an account is locked on a given server you need\n"
|
|
" to compare the number of failed logins and the time of the last "
|
|
"failure.\n"
|
|
" For an account to be locked it must exceed the maxfail failures within\n"
|
|
" the failinterval duration as specified in the password policy "
|
|
"associated\n"
|
|
" with the user.\n"
|
|
"\n"
|
|
" The failed login counter is modified only when a user attempts a log in\n"
|
|
" so it is possible that an account may appear locked but the last failed\n"
|
|
" login attempt is older than the lockouttime of the password policy. "
|
|
"This\n"
|
|
" means that the user may attempt a login again. "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(host)s failed: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(host)s failed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Account disabled: %(disabled)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificates to user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificates from user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Add one or more certificate mappings to the user entry."
|
|
msgstr ""
|
|
|
|
msgid "Remove one or more certificate mappings from the user entry."
|
|
msgstr ""
|
|
|
|
msgid "Add new principal alias to the user entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added new aliases to user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Remove principal alias from the user entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed aliases from user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Vaults\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage vaults.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Vault is a secure place to store a secret. One vault can only\n"
|
|
"store one secret. When archiving a secret in a vault, the\n"
|
|
"existing secret (if any) is overwritten.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Based on the ownership there are three vault categories:\n"
|
|
"* user/private vault\n"
|
|
"* service vault\n"
|
|
"* shared vault\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"User vaults are vaults owned used by a particular user. Private\n"
|
|
"vaults are vaults owned the current user. Service vaults are\n"
|
|
"vaults owned by a service. Shared vaults are owned by the admin\n"
|
|
"but they can be used by other users or services.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Based on the security mechanism there are three types of\n"
|
|
"vaults:\n"
|
|
"* standard vault\n"
|
|
"* symmetric vault\n"
|
|
"* asymmetric vault\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Standard vault uses a secure mechanism to transport and\n"
|
|
"store the secret. The secret can only be retrieved by users\n"
|
|
"that have access to the vault.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Symmetric vault is similar to the standard vault, but it\n"
|
|
"pre-encrypts the secret using a password before transport.\n"
|
|
"The secret can only be retrieved using the same password.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Asymmetric vault is similar to the standard vault, but it\n"
|
|
"pre-encrypts the secret using a public key before transport.\n"
|
|
"The secret can only be retrieved using the private key.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" List vaults:\n"
|
|
" ipa vault-find\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a standard vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type standard\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a symmetric vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type symmetric --password-file password.txt\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add an asymmetric vault:\n"
|
|
" ipa vault-add <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type asymmetric --public-key-file public.pem\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show a vault:\n"
|
|
" ipa vault-show <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify vault description:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --desc <description>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify vault type:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --type <type>\n"
|
|
" [old password/private key]\n"
|
|
" [new password/public key]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify symmetric vault password:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --change-password\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --old-password <old password>\n"
|
|
" --new-password <new password>\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --old-password-file <old password file>\n"
|
|
" --new-password-file <new password file>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify asymmetric vault keys:\n"
|
|
" ipa vault-mod <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --private-key-file <old private key file>\n"
|
|
" --public-key-file <new public key file>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a vault:\n"
|
|
" ipa vault-del <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display vault configuration:\n"
|
|
" ipa vaultconfig-show\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Archive data into standard vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Archive data into symmetric vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
" --password-file password.txt\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Archive data into asymmetric vault:\n"
|
|
" ipa vault-archive <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --in <input file>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Retrieve data from standard vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Retrieve data from symmetric vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file>\n"
|
|
" --password-file password.txt\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Retrieve data from asymmetric vault:\n"
|
|
" ipa vault-retrieve <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" --out <output file> --private-key-file private.pem\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add vault owners:\n"
|
|
" ipa vault-add-owner <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete vault owners:\n"
|
|
" ipa vault-remove-owner <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add vault members:\n"
|
|
" ipa vault-add-member <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete vault members:\n"
|
|
" ipa vault-remove-member <name>\n"
|
|
" [--user <user>|--service <service>|--shared]\n"
|
|
" [--users <users>] [--groups <groups>] [--services <services>]\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Vault Container object.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "vaultcontainer"
|
|
msgstr ""
|
|
|
|
msgid "vaultcontainers"
|
|
msgstr ""
|
|
|
|
msgid "Vault Containers"
|
|
msgstr ""
|
|
|
|
msgid "Vault Container"
|
|
msgstr ""
|
|
|
|
msgid "Service, shared and user options cannot be specified simultaneously"
|
|
msgstr ""
|
|
|
|
msgid "Host is not supported"
|
|
msgstr ""
|
|
|
|
msgid "KRA service is not enabled"
|
|
msgstr ""
|
|
|
|
msgid "Deleted vault container"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "owner %s"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Vault object.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "vault"
|
|
msgstr ""
|
|
|
|
msgid "vaults"
|
|
msgstr ""
|
|
|
|
msgid "Vaults"
|
|
msgstr ""
|
|
|
|
msgid "Vault"
|
|
msgstr ""
|
|
|
|
msgid "Service, shared, and user options cannot be specified simultaneously"
|
|
msgstr ""
|
|
|
|
msgid "Add a vault."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added vault \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted vault \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d vault matched"
|
|
msgid_plural "%(count)d vaults matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"Service(s), shared, and user(s) options cannot be specified simultaneously"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified vault \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Vault configuration"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as key recovery agents"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Archived data into vault \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Retrieve data from a vault."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Retrieved data from vault \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "No archived data."
|
|
msgstr ""
|
|
|
|
msgid "Checks if any of the servers has the KRA service enabled"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage Certificate Authorities\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Subordinate Certificate Authorities (Sub-CAs) can be added for scoped "
|
|
"issuance\n"
|
|
"of X.509 certificates.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"CAs are enabled on creation, but their use is subject to CA ACLs unless the\n"
|
|
"operator has permission to bypass CA ACLs.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"All CAs except the 'IPA' CA can be disabled or re-enabled. Disabling a CA\n"
|
|
"prevents it from issuing certificates but does not affect the validity of "
|
|
"its\n"
|
|
"certificate.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"CAs (all except the 'IPA' CA) can be deleted. Deleting a CA causes its "
|
|
"signing\n"
|
|
"certificate to be revoked and its private key deleted.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Create new CA, subordinate to the IPA CA (requires permission\n"
|
|
" \"System: Add CA\"):\n"
|
|
"\n"
|
|
" ipa ca-add puppet --desc \"Puppet\" \\\n"
|
|
" --subject \"CN=Puppet CA,O=EXAMPLE.COM\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Disable a CA (requires permission \"System: Modify CA\"):\n"
|
|
"\n"
|
|
" ipa ca-disable puppet\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Re-enable a CA (requires permission \"System: Modify CA\"):\n"
|
|
"\n"
|
|
" ipa ca-enable puppet\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a CA (requires permission \"System: Delete CA\"; also requires\n"
|
|
" CA to be disabled first):\n"
|
|
"\n"
|
|
" ipa ca-del puppet\n"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Authority"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Authorities"
|
|
msgstr ""
|
|
|
|
msgid "Name for referencing the CA"
|
|
msgstr ""
|
|
|
|
msgid "Description of the purpose of the CA"
|
|
msgstr ""
|
|
|
|
msgid "Authority ID"
|
|
msgstr ""
|
|
|
|
msgid "Dogtag Authority ID"
|
|
msgstr ""
|
|
|
|
msgid "Subject DN"
|
|
msgstr ""
|
|
|
|
msgid "Subject Distinguished Name"
|
|
msgstr ""
|
|
|
|
msgid "Issuer DN"
|
|
msgstr ""
|
|
|
|
msgid "Issuer Distinguished Name"
|
|
msgstr ""
|
|
|
|
msgid "Base-64 encoded certificate."
|
|
msgstr ""
|
|
|
|
msgid "Certificate chain"
|
|
msgstr ""
|
|
|
|
msgid "X.509 certificate chain"
|
|
msgstr ""
|
|
|
|
msgid "Search for CAs."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d CA matched"
|
|
msgid_plural "%(count)d CAs matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Include certificate chain in output"
|
|
msgstr ""
|
|
|
|
msgid "Display the properties of a CA."
|
|
msgstr ""
|
|
|
|
msgid "Create a CA."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Created CA \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Insufficient 'add' privilege for entry '%s'."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Unrecognized attributes: %(attrs)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Subject DN is already used by CA '%s'"
|
|
msgstr ""
|
|
|
|
msgid "Delete a CA (must be disabled first)."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted CA \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Insufficient privilege to delete a CA."
|
|
msgstr ""
|
|
|
|
msgid "CA"
|
|
msgstr ""
|
|
|
|
msgid "IPA CA cannot be deleted"
|
|
msgstr ""
|
|
|
|
msgid "Must be disabled first"
|
|
msgstr ""
|
|
|
|
msgid "Modify CA configuration."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified CA \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Insufficient privilege to modify a CA."
|
|
msgstr ""
|
|
|
|
msgid "Disable a CA."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled CA \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "IPA CA cannot be disabled"
|
|
msgstr ""
|
|
|
|
msgid "Enable a CA."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled CA \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Internationalization messages"
|
|
msgstr ""
|
|
|
|
msgid "Your session has expired. Please log in again."
|
|
msgstr ""
|
|
|
|
msgid "Apply"
|
|
msgstr ""
|
|
|
|
msgid "Rebuild auto membership"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to rebuild auto membership?"
|
|
msgstr ""
|
|
|
|
msgid "Automember rebuild membership task completed"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to proceed with the action?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to delete ${object}?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to disable ${object}?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to enable ${object}?"
|
|
msgstr ""
|
|
|
|
msgid "Actions"
|
|
msgstr ""
|
|
|
|
msgid "Add"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} item(s) added"
|
|
msgstr ""
|
|
|
|
msgid "Direct Membership"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Filter available ${other_entity}"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Membership"
|
|
msgstr ""
|
|
|
|
msgid "No entries."
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Showing ${start} to ${end} of ${total} entries."
|
|
msgstr ""
|
|
|
|
msgid "Remove"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} item(s) removed"
|
|
msgstr ""
|
|
|
|
msgid "Show Results"
|
|
msgstr ""
|
|
|
|
msgid "Authentication indicators"
|
|
msgstr ""
|
|
|
|
msgid "Authentication indicator"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<p>Implicit method (password) will be used if no method is chosen.</"
|
|
"p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow "
|
|
"authentication with either one of the authentication types but Kerberos uses "
|
|
"pre-authentication method which requires to use armor ccache.</"
|
|
"p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, "
|
|
"but LDAP never does. LDAP only recognize the password and two-factor "
|
|
"authentication options.</p>"
|
|
msgstr ""
|
|
|
|
msgid "Add Custom Authentication Indicator"
|
|
msgstr ""
|
|
|
|
msgid "Two factor authentication (password + OTP)"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS"
|
|
msgstr ""
|
|
|
|
msgid "Hardened Password (by SPAKE or FAST)"
|
|
msgstr ""
|
|
|
|
msgid "Disable per-user override"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<p>Per-user setting, overwrites the global setting if any option is checked."
|
|
"</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow "
|
|
"authentication with either one of the authentication types but Kerberos uses "
|
|
"pre-authentication method which requires to use armor ccache.</"
|
|
"p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, "
|
|
"but LDAP never does. LDAP only recognize the password and two-factor "
|
|
"authentication options.</p>"
|
|
msgstr ""
|
|
|
|
msgid "About"
|
|
msgstr ""
|
|
|
|
msgid "Activate"
|
|
msgstr ""
|
|
|
|
msgid "Add and Add Another"
|
|
msgstr ""
|
|
|
|
msgid "Add and Close"
|
|
msgstr ""
|
|
|
|
msgid "Add and Edit"
|
|
msgstr ""
|
|
|
|
msgid "Add Many"
|
|
msgstr ""
|
|
|
|
msgid "Back"
|
|
msgstr ""
|
|
|
|
msgid "Cancel"
|
|
msgstr ""
|
|
|
|
msgid "Clear"
|
|
msgstr ""
|
|
|
|
msgid "Clear all fields on the page."
|
|
msgstr ""
|
|
|
|
msgid "Close"
|
|
msgstr ""
|
|
|
|
msgid "Disable"
|
|
msgstr ""
|
|
|
|
msgid "Download"
|
|
msgstr ""
|
|
|
|
msgid "Download certificate as PEM formatted file."
|
|
msgstr ""
|
|
|
|
msgid "Edit"
|
|
msgstr ""
|
|
|
|
msgid "Enable"
|
|
msgstr ""
|
|
|
|
msgid "Find"
|
|
msgstr ""
|
|
|
|
msgid "Get"
|
|
msgstr ""
|
|
|
|
msgid "Hide"
|
|
msgstr ""
|
|
|
|
msgid "Issue"
|
|
msgstr ""
|
|
|
|
msgid "Match"
|
|
msgstr ""
|
|
|
|
msgid "Match users according to certificate."
|
|
msgstr ""
|
|
|
|
msgid "Migrate"
|
|
msgstr ""
|
|
|
|
msgid "OK"
|
|
msgstr ""
|
|
|
|
msgid "Refresh"
|
|
msgstr ""
|
|
|
|
msgid "Reload current settings from the server."
|
|
msgstr ""
|
|
|
|
msgid "Delete"
|
|
msgstr ""
|
|
|
|
msgid "Remove hold"
|
|
msgstr ""
|
|
|
|
msgid "Reset"
|
|
msgstr ""
|
|
|
|
msgid "Reset Password"
|
|
msgstr ""
|
|
|
|
msgid "Reset Password and Log in"
|
|
msgstr ""
|
|
|
|
msgid "Restore"
|
|
msgstr ""
|
|
|
|
msgid "Retry"
|
|
msgstr ""
|
|
|
|
msgid "Revert"
|
|
msgstr ""
|
|
|
|
msgid "Revoke"
|
|
msgstr ""
|
|
|
|
msgid "Save"
|
|
msgstr ""
|
|
|
|
msgid "Set"
|
|
msgstr ""
|
|
|
|
msgid "Show"
|
|
msgstr ""
|
|
|
|
msgid "Stage"
|
|
msgstr ""
|
|
|
|
msgid "Update"
|
|
msgstr ""
|
|
|
|
msgid "View"
|
|
msgstr ""
|
|
|
|
msgid "Customization"
|
|
msgstr ""
|
|
|
|
msgid "Pagination Size"
|
|
msgstr ""
|
|
|
|
msgid "Collapse All"
|
|
msgstr ""
|
|
|
|
msgid "Expand All"
|
|
msgstr ""
|
|
|
|
msgid "General"
|
|
msgstr ""
|
|
|
|
msgid "Identity Settings"
|
|
msgstr ""
|
|
|
|
msgid "Record Settings"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${entity} ${primary_key} Settings"
|
|
msgstr ""
|
|
|
|
msgid "Back to Top"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${entity} ${primary_key} updated"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${entity} successfully added"
|
|
msgstr ""
|
|
|
|
msgid "Add custom value"
|
|
msgstr ""
|
|
|
|
msgid "Available"
|
|
msgstr ""
|
|
|
|
msgid "Some operations failed."
|
|
msgstr ""
|
|
|
|
msgid "Operations Error"
|
|
msgstr ""
|
|
|
|
msgid "Confirmation"
|
|
msgstr ""
|
|
|
|
msgid "Custom value"
|
|
msgstr ""
|
|
|
|
msgid "This page has unsaved changes. Please save or revert."
|
|
msgstr ""
|
|
|
|
msgid "Unsaved Changes"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Edit ${entity}"
|
|
msgstr ""
|
|
|
|
msgid "Hide details"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${product}, version: ${version}"
|
|
msgstr ""
|
|
|
|
msgid "Prospective"
|
|
msgstr ""
|
|
|
|
msgid "Redirection"
|
|
msgstr ""
|
|
|
|
msgid "Select entries to be removed."
|
|
msgstr ""
|
|
|
|
msgid "Result"
|
|
msgstr ""
|
|
|
|
msgid "Show details"
|
|
msgstr ""
|
|
|
|
msgid "Success"
|
|
msgstr ""
|
|
|
|
msgid "Validation error"
|
|
msgstr ""
|
|
|
|
msgid "Input form contains invalid or missing values."
|
|
msgstr ""
|
|
|
|
msgid "Please try the following options:"
|
|
msgstr ""
|
|
|
|
msgid "If the problem persists please contact the system administrator."
|
|
msgstr ""
|
|
|
|
msgid "Refresh the page."
|
|
msgstr ""
|
|
|
|
msgid "Reload the browser."
|
|
msgstr ""
|
|
|
|
msgid "Return to the main page and retry the operation"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-brace-format
|
|
#| msgid "an internal error has occurred"
|
|
msgid "An error has occurred (${error})"
|
|
msgstr "एक अंतर्गत त्रुटी आली आहे"
|
|
|
|
msgid "HTTP Error"
|
|
msgstr ""
|
|
|
|
msgid "Internal Error"
|
|
msgstr ""
|
|
|
|
msgid "IPA Error"
|
|
msgstr ""
|
|
|
|
msgid "No response"
|
|
msgstr ""
|
|
|
|
msgid "Unknown Error"
|
|
msgstr ""
|
|
|
|
msgid "URL"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} is managed by:"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} members:"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} is a member of:"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} member managers:"
|
|
msgstr ""
|
|
|
|
msgid "Settings"
|
|
msgstr ""
|
|
|
|
msgid "Search"
|
|
msgstr ""
|
|
|
|
msgid "False"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow user groups to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow user groups to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow host groups to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow host groups to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow hosts to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow hosts to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow users to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Allow users to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Allowed to create keytab"
|
|
msgstr ""
|
|
|
|
msgid "Allowed to retrieve keytab"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow user groups to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow user groups to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow host groups to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow host groups to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow hosts to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow hosts to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow users to create keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Disallow users to retrieve keytab of '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add Kerberos Principal Alias"
|
|
msgstr ""
|
|
|
|
msgid "New kerberos principal alias"
|
|
msgstr ""
|
|
|
|
msgid "Remove Kerberos Alias"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Do you want to remove kerberos alias ${alias}?"
|
|
msgstr ""
|
|
|
|
msgid "Inherited from server configuration"
|
|
msgstr ""
|
|
|
|
msgid "MS-PAC"
|
|
msgstr ""
|
|
|
|
msgid "Override inherited settings"
|
|
msgstr ""
|
|
|
|
msgid "PAD"
|
|
msgstr ""
|
|
|
|
msgid "Authenticating"
|
|
msgstr ""
|
|
|
|
msgid "Authentication with personal certificate failed"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>certificate</"
|
|
"strong>, please make sure you have valid personal certificate. "
|
|
msgstr ""
|
|
|
|
msgid "Continue to next page"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>username and "
|
|
"password</strong>, enter them in the corresponding fields, then click 'Log "
|
|
"in'."
|
|
msgstr ""
|
|
|
|
msgid "Login failed due to an unknown reason"
|
|
msgstr ""
|
|
|
|
msgid "Logged In As"
|
|
msgstr ""
|
|
|
|
msgid "Authentication with Kerberos failed"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"<i class=\"fa fa-info-circle\"></i> To log in with <strong>Kerberos</"
|
|
"strong>, please make sure you have valid tickets (obtainable via kinit) and "
|
|
"<a href='${protocol}//${host}/ipa/config/ssbrowser.html'>configured</a> the "
|
|
"browser correctly, then click 'Log in'."
|
|
msgstr ""
|
|
|
|
msgid "Loading"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Principal you entered is expired"
|
|
msgstr ""
|
|
|
|
msgid "Loading data"
|
|
msgstr ""
|
|
|
|
msgid "Log in"
|
|
msgstr ""
|
|
|
|
msgid "Log In Using Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Log in using personal certificate"
|
|
msgstr ""
|
|
|
|
msgid "Log out"
|
|
msgstr ""
|
|
|
|
msgid "Log out error"
|
|
msgstr ""
|
|
|
|
msgid "Password or Password+One-Time Password"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "You will be redirected in ${count}s"
|
|
msgstr ""
|
|
|
|
msgid "Sync OTP Token"
|
|
msgstr ""
|
|
|
|
msgid "Synchronizing"
|
|
msgstr ""
|
|
|
|
msgid "The user account you entered is locked"
|
|
msgstr ""
|
|
|
|
msgid "number of passwords"
|
|
msgstr ""
|
|
|
|
msgid "seconds"
|
|
msgstr ""
|
|
|
|
msgid "Migrating"
|
|
msgstr ""
|
|
|
|
msgid "There was a problem with your request. Please, try again later."
|
|
msgstr ""
|
|
|
|
msgid "Password migration was not successful"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h1>Password Migration</h1><p>If you have been sent here by your "
|
|
"administrator, your personal information is being migrated to a new identity "
|
|
"management solution (IPA).</p><p>Please, enter your credentials in the form "
|
|
"to complete the process. Upon successful login your kerberos account will be "
|
|
"activated.</p>"
|
|
msgstr ""
|
|
|
|
msgid "The password or username you entered is incorrect"
|
|
msgstr ""
|
|
|
|
msgid "Password migration was successful"
|
|
msgstr ""
|
|
|
|
msgid "Attribute"
|
|
msgstr ""
|
|
|
|
msgid "Add delegation"
|
|
msgstr ""
|
|
|
|
msgid "Remove delegations"
|
|
msgstr ""
|
|
|
|
msgid "Add permission"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add privileges into permission '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove permissions"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove privileges from permission '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add privilege"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add privilege '${primary_key}' into permissions"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add roles into privilege '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove privileges"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove privilege '${primary_key}' from permissions"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove roles from privilege '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Role Settings"
|
|
msgstr ""
|
|
|
|
msgid "Add role"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add role '${primary_key}' into privileges"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add services into role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove role '${primary_key}' from privileges"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove services from role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from role '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add self service permission"
|
|
msgstr ""
|
|
|
|
msgid "Remove self service permissions"
|
|
msgstr ""
|
|
|
|
msgid "Add rule"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add inclusive condition into '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add exclusive condition into '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to change default group?"
|
|
msgstr ""
|
|
|
|
msgid "Default host group"
|
|
msgstr ""
|
|
|
|
msgid "Default user group"
|
|
msgstr ""
|
|
|
|
msgid "Exclusive"
|
|
msgstr ""
|
|
|
|
msgid "Expression"
|
|
msgstr ""
|
|
|
|
msgid "Host group rule"
|
|
msgstr ""
|
|
|
|
msgid "Host group rules"
|
|
msgstr ""
|
|
|
|
msgid "Inclusive"
|
|
msgstr ""
|
|
|
|
msgid "Remove auto membership rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove exclusive conditions from rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove inclusive conditions from rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "User group rule"
|
|
msgstr ""
|
|
|
|
msgid "User group rules"
|
|
msgstr ""
|
|
|
|
msgid "Add automount key"
|
|
msgstr ""
|
|
|
|
msgid "Remove automount keys"
|
|
msgstr ""
|
|
|
|
msgid "Add automount location"
|
|
msgstr ""
|
|
|
|
msgid "Automount Location Settings"
|
|
msgstr ""
|
|
|
|
msgid "Remove automount locations"
|
|
msgstr ""
|
|
|
|
msgid "Add automount map"
|
|
msgstr ""
|
|
|
|
msgid "Map Type"
|
|
msgstr ""
|
|
|
|
msgid "Direct"
|
|
msgstr ""
|
|
|
|
msgid "Indirect"
|
|
msgstr ""
|
|
|
|
msgid "Remove automount maps"
|
|
msgstr ""
|
|
|
|
msgid "Add certificate authority"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificate authorities"
|
|
msgstr ""
|
|
|
|
msgid "Add CA ACL"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add Certificate Authorities into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add certificate profiles into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add services into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "All"
|
|
msgstr ""
|
|
|
|
msgid "Any CA"
|
|
msgstr ""
|
|
|
|
msgid "Any Host"
|
|
msgstr ""
|
|
|
|
msgid "Any Service"
|
|
msgstr ""
|
|
|
|
msgid "Any Profile"
|
|
msgstr ""
|
|
|
|
msgid "Anyone"
|
|
msgstr ""
|
|
|
|
msgid "Rule status"
|
|
msgstr ""
|
|
|
|
msgid "If no CAs are specified, requests to the default CA are allowed."
|
|
msgstr ""
|
|
|
|
msgid "Remove CA ACLs"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove Certificate Authorities from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove certificate profiles from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove services from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from CA ACL '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Specified CAs"
|
|
msgstr ""
|
|
|
|
msgid "Specified Hosts and Groups"
|
|
msgstr ""
|
|
|
|
msgid "Specified Profiles"
|
|
msgstr ""
|
|
|
|
msgid "Specified Services and Groups"
|
|
msgstr ""
|
|
|
|
msgid "Specified Users and Groups"
|
|
msgstr ""
|
|
|
|
msgid "Permitted to have certificates issued"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificate profiles"
|
|
msgstr ""
|
|
|
|
msgid "AA Compromise"
|
|
msgstr ""
|
|
|
|
msgid "Add principal"
|
|
msgstr ""
|
|
|
|
msgid "Affiliation Changed"
|
|
msgstr ""
|
|
|
|
msgid "CA Compromise"
|
|
msgstr ""
|
|
|
|
msgid "Certificates"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Hold"
|
|
msgstr ""
|
|
|
|
msgid "Cessation of Operation"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Common Name"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "the certificate with serial number "
|
|
msgstr ""
|
|
|
|
msgid "Expires On"
|
|
msgstr ""
|
|
|
|
msgid "Issued on from"
|
|
msgstr ""
|
|
|
|
msgid "Issued on to"
|
|
msgstr ""
|
|
|
|
msgid "Maximum serial number"
|
|
msgstr ""
|
|
|
|
msgid "Minimum serial number"
|
|
msgstr ""
|
|
|
|
msgid "Revoked on from"
|
|
msgstr ""
|
|
|
|
msgid "Revoked on to"
|
|
msgstr ""
|
|
|
|
msgid "Valid not after from"
|
|
msgstr ""
|
|
|
|
msgid "Valid not after to"
|
|
msgstr ""
|
|
|
|
msgid "Valid not before from"
|
|
msgstr ""
|
|
|
|
msgid "Valid not before to"
|
|
msgstr ""
|
|
|
|
msgid "Fingerprints"
|
|
msgstr ""
|
|
|
|
msgid "Get Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Hold Removed"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Issue new certificate for host '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Issue new certificate for service '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Issue new certificate for user '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Issue new certificate"
|
|
msgstr ""
|
|
|
|
msgid "Issued By"
|
|
msgstr ""
|
|
|
|
msgid "Issued On"
|
|
msgstr ""
|
|
|
|
msgid "Issued To"
|
|
msgstr ""
|
|
|
|
msgid "Key Compromise"
|
|
msgstr ""
|
|
|
|
msgid "No Valid Certificate"
|
|
msgstr ""
|
|
|
|
msgid "New Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Certificate in base64 or PEM format"
|
|
msgstr ""
|
|
|
|
msgid "Note"
|
|
msgstr ""
|
|
|
|
msgid "Organization"
|
|
msgstr ""
|
|
|
|
msgid "Organizational Unit"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} certificate(s) present"
|
|
msgstr ""
|
|
|
|
msgid "Privilege Withdrawn"
|
|
msgstr ""
|
|
|
|
msgid "Reason for Revocation"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificate hold"
|
|
msgstr ""
|
|
|
|
msgid "Do you want to remove the certificate hold?"
|
|
msgstr ""
|
|
|
|
msgid "Remove from CRL"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"<ol> <li>Create a certificate database or use an existing one. To create a "
|
|
"new database:<br/> <code># certutil -N -d <database path></code> </li> "
|
|
"<li>Create a CSR with subject <em>CN=<${cn_name}>,O=<realm></"
|
|
"em>, for example:<br/> <code># certutil -R -d <database path> -a -g "
|
|
"<key size> -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and "
|
|
"paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to "
|
|
"<em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </"
|
|
"li> </ol>"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid " -8 '${cn}'"
|
|
msgstr ""
|
|
|
|
msgid "Certificate requested"
|
|
msgstr ""
|
|
|
|
msgid "Revoke certificate"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Do you want to revoke this certificate? Select a reason from the pull-down "
|
|
"list."
|
|
msgstr ""
|
|
|
|
msgid "Certificate Revoked"
|
|
msgstr ""
|
|
|
|
msgid "REVOKED"
|
|
msgstr ""
|
|
|
|
msgid "SHA1 Fingerprint"
|
|
msgstr ""
|
|
|
|
msgid "SHA256 Fingerprint"
|
|
msgstr ""
|
|
|
|
msgid "Status"
|
|
msgstr ""
|
|
|
|
msgid "Superseded"
|
|
msgstr ""
|
|
|
|
msgid "Unspecified"
|
|
msgstr ""
|
|
|
|
msgid "Valid Certificate Present"
|
|
msgstr ""
|
|
|
|
msgid "Valid from"
|
|
msgstr ""
|
|
|
|
msgid "Valid to"
|
|
msgstr ""
|
|
|
|
msgid "Validity"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Certificate for ${entity} ${primary_key}"
|
|
msgstr ""
|
|
|
|
msgid "View Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Data"
|
|
msgstr ""
|
|
|
|
msgid "Certificate For Match"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Mapping Match"
|
|
msgstr ""
|
|
|
|
msgid "Matched Users"
|
|
msgstr ""
|
|
|
|
msgid "User Login"
|
|
msgstr ""
|
|
|
|
msgid "Add certificate identity mapping rule"
|
|
msgstr ""
|
|
|
|
msgid "Add certificate mapping data"
|
|
msgstr ""
|
|
|
|
msgid "Certificate mapping data"
|
|
msgstr ""
|
|
|
|
msgid "Configuration string"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Do you want to remove certificate mapping data ${data}?"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificate mapping data"
|
|
msgstr ""
|
|
|
|
msgid "Issuer and subject"
|
|
msgstr ""
|
|
|
|
msgid "Remove certificate identity mapping rules"
|
|
msgstr ""
|
|
|
|
msgid "Group Options"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "Search Options"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "SELinux Options"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "Server Options"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "Service Options"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "User Options"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid "Forward first"
|
|
msgstr ""
|
|
|
|
msgid "Forwarding disabled"
|
|
msgstr ""
|
|
|
|
msgid "Forward only"
|
|
msgstr ""
|
|
|
|
msgid "Options"
|
|
msgstr ""
|
|
|
|
msgid "Update System DNS Records"
|
|
msgstr ""
|
|
|
|
msgid "Do you want to update system DNS records?"
|
|
msgstr ""
|
|
|
|
msgid "System DNS records updated"
|
|
msgstr ""
|
|
|
|
msgid "Add DNS forward zone"
|
|
msgstr ""
|
|
|
|
msgid "Remove DNS forward zones"
|
|
msgstr ""
|
|
|
|
msgid "Add DNS resource record"
|
|
msgstr ""
|
|
|
|
msgid "DNS record was deleted because it contained no data."
|
|
msgstr ""
|
|
|
|
msgid "Other Record Types"
|
|
msgstr ""
|
|
|
|
msgid "Address not valid, can't redirect"
|
|
msgstr ""
|
|
|
|
msgid "Create dns record"
|
|
msgstr ""
|
|
|
|
msgid "Creating record."
|
|
msgstr ""
|
|
|
|
msgid "Record creation failed."
|
|
msgstr ""
|
|
|
|
msgid "Checking if record exists."
|
|
msgstr ""
|
|
|
|
msgid "Record not found."
|
|
msgstr ""
|
|
|
|
msgid "Redirection to PTR record"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Zone found: ${zone}"
|
|
msgstr ""
|
|
|
|
msgid "Target reverse zone not found."
|
|
msgstr ""
|
|
|
|
msgid "Fetching DNS zones."
|
|
msgstr ""
|
|
|
|
msgid "An error occurred while fetching dns zones."
|
|
msgstr ""
|
|
|
|
msgid "You will be redirected to DNS Zone."
|
|
msgstr ""
|
|
|
|
msgid "Remove DNS resource records"
|
|
msgstr ""
|
|
|
|
msgid "Standard Record Types"
|
|
msgstr ""
|
|
|
|
msgid "Records for DNS Zone"
|
|
msgstr ""
|
|
|
|
msgid "Record Type"
|
|
msgstr ""
|
|
|
|
msgid "Add DNS zone"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to add permission for DNS Zone ${object}?"
|
|
msgstr ""
|
|
|
|
msgid "DNS Zone Settings"
|
|
msgstr ""
|
|
|
|
msgid "Remove DNS zones"
|
|
msgstr ""
|
|
|
|
msgid "Remove Permission"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to remove permission for DNS Zone ${object}?"
|
|
msgstr ""
|
|
|
|
msgid "Skip DNS check"
|
|
msgstr ""
|
|
|
|
msgid "Skip overlap check"
|
|
msgstr ""
|
|
|
|
msgid "Do you want to check if new authoritative nameserver address is in DNS"
|
|
msgstr ""
|
|
|
|
msgid "Authoritative nameserver change"
|
|
msgstr ""
|
|
|
|
msgid "Level"
|
|
msgstr ""
|
|
|
|
msgid "Set Domain Level"
|
|
msgstr ""
|
|
|
|
msgid "Add user group"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user group '${primary_key}' into user groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user group '${primary_key}' into HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user group '${primary_key}' into netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user group '${primary_key}' into roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user group '${primary_key}' into sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add services into user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add groups as member managers for user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove groups from member managers for user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users as member managers for user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from member managers for user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user ID override into user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Group Settings"
|
|
msgstr ""
|
|
|
|
msgid "External"
|
|
msgstr ""
|
|
|
|
msgid "Groups"
|
|
msgstr ""
|
|
|
|
msgid "Group categories"
|
|
msgstr ""
|
|
|
|
msgid "Change to external group"
|
|
msgstr ""
|
|
|
|
msgid "Change to POSIX group"
|
|
msgstr ""
|
|
|
|
msgid "Non-POSIX"
|
|
msgstr ""
|
|
|
|
msgid "POSIX"
|
|
msgstr ""
|
|
|
|
msgid "Remove user groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user group '${primary_key}' from user groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user group '${primary_key}' from netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user group '${primary_key}' from roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user group '${primary_key}' from HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user group '${primary_key}' from sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove services from user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user ID overrides from user group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Group Type"
|
|
msgstr ""
|
|
|
|
msgid "Add HBAC rule"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add HBAC service groups into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add HBAC services into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Accessing"
|
|
msgstr ""
|
|
|
|
msgid "Remove HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove HBAC service groups from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove HBAC services from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from HBAC rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Via Service"
|
|
msgstr ""
|
|
|
|
msgid "Who"
|
|
msgstr ""
|
|
|
|
msgid "Add HBAC service"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add HBAC service '${primary_key}' into HBAC service groups"
|
|
msgstr ""
|
|
|
|
msgid "Remove HBAC services"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove HBAC service '${primary_key}' from HBAC service groups"
|
|
msgstr ""
|
|
|
|
msgid "Add HBAC service group"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add HBAC services into HBAC service group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove HBAC service groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove HBAC services from HBAC service group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Access Denied"
|
|
msgstr ""
|
|
|
|
msgid "Access Granted"
|
|
msgstr ""
|
|
|
|
msgid "Include Disabled"
|
|
msgstr ""
|
|
|
|
msgid "Include Enabled"
|
|
msgstr ""
|
|
|
|
msgid "HBAC Test"
|
|
msgstr ""
|
|
|
|
msgid "Matched"
|
|
msgstr ""
|
|
|
|
msgid "Missing values: "
|
|
msgstr ""
|
|
|
|
msgid "New Test"
|
|
msgstr ""
|
|
|
|
msgid "Rules"
|
|
msgstr ""
|
|
|
|
msgid "Run Test"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Specify external ${entity}"
|
|
msgstr ""
|
|
|
|
msgid "Unmatched"
|
|
msgstr ""
|
|
|
|
msgid "Add host"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts managing host '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host '${primary_key}' into host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host '${primary_key}' into HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host '${primary_key}' into netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host '${primary_key}' into roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host '${primary_key}' into sudo rules"
|
|
msgstr ""
|
|
|
|
msgid "Host Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Host Name"
|
|
msgstr ""
|
|
|
|
msgid "Delete Key, Unprovision"
|
|
msgstr ""
|
|
|
|
msgid "Host Settings"
|
|
msgstr ""
|
|
|
|
msgid "Enrolled"
|
|
msgstr ""
|
|
|
|
msgid "Enrollment"
|
|
msgstr ""
|
|
|
|
msgid "Fully Qualified Host Name"
|
|
msgstr ""
|
|
|
|
msgid "Generate OTP"
|
|
msgstr ""
|
|
|
|
msgid "Generated OTP"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Key"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Key Not Present"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Key Present, Host Provisioned"
|
|
msgstr ""
|
|
|
|
msgid "One-Time Password"
|
|
msgstr ""
|
|
|
|
msgid "One-Time Password Not Present"
|
|
msgstr ""
|
|
|
|
msgid "One-Time Password Present"
|
|
msgstr ""
|
|
|
|
msgid "Reset OTP"
|
|
msgstr ""
|
|
|
|
msgid "Reset One-Time Password"
|
|
msgstr ""
|
|
|
|
msgid "Set OTP"
|
|
msgstr ""
|
|
|
|
msgid "OTP set"
|
|
msgstr ""
|
|
|
|
msgid "Set One-Time Password"
|
|
msgstr ""
|
|
|
|
msgid "Remove hosts"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts managing host '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host '${primary_key}' from host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host '${primary_key}' from netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host '${primary_key}' from roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host '${primary_key}' from HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host '${primary_key}' from sudo rules"
|
|
msgstr ""
|
|
|
|
msgid "Unprovision"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to unprovision this host?"
|
|
msgstr ""
|
|
|
|
msgid "Unprovisioning host"
|
|
msgstr ""
|
|
|
|
msgid "Host unprovisioned"
|
|
msgstr ""
|
|
|
|
msgid "Add host group"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host group '${primary_key}' into host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host group '${primary_key}' into HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host group '${primary_key}' into netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host group '${primary_key}' into sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add groups as member managers for host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove groups from member managers for host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users as member managers for host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from member managers for host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Host Group Settings"
|
|
msgstr ""
|
|
|
|
msgid "Remove host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host group '${primary_key}' from host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host group '${primary_key}' from netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host group '${primary_key}' from HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host group '${primary_key}' from sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from host group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "User to override"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Enter trusted or IPA user login. Note: search doesn't list users from "
|
|
"trusted domains."
|
|
msgstr ""
|
|
|
|
msgid "Enter trusted user login."
|
|
msgstr ""
|
|
|
|
msgid "Profile"
|
|
msgstr ""
|
|
|
|
msgid "Group to override"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Enter trusted or IPA group name. Note: search doesn't list groups from "
|
|
"trusted domains."
|
|
msgstr ""
|
|
|
|
msgid "Enter trusted group name."
|
|
msgstr ""
|
|
|
|
msgid "Add ID view"
|
|
msgstr ""
|
|
|
|
msgid "Add group ID override"
|
|
msgstr ""
|
|
|
|
msgid "Add user ID override"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} applies to:"
|
|
msgstr ""
|
|
|
|
msgid "Applied to hosts"
|
|
msgstr ""
|
|
|
|
msgid "Apply to host groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Apply ID view '${primary_key}' on hosts of host groups"
|
|
msgstr ""
|
|
|
|
msgid "Apply to hosts"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Apply ID view '${primary_key}' on hosts"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${primary_key} overrides:"
|
|
msgstr ""
|
|
|
|
msgid "Remove ID views"
|
|
msgstr ""
|
|
|
|
msgid "Remove user ID overrides"
|
|
msgstr ""
|
|
|
|
msgid "Remove group ID overrides"
|
|
msgstr ""
|
|
|
|
msgid "Un-apply from host groups"
|
|
msgstr ""
|
|
|
|
msgid "Un-apply ID Views from hosts of hostgroups"
|
|
msgstr ""
|
|
|
|
msgid "Un-apply"
|
|
msgstr ""
|
|
|
|
msgid "Un-apply from hosts"
|
|
msgstr ""
|
|
|
|
msgid "Un-apply ID Views from hosts"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to un-apply ID view from selected entries?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Un-apply ID view '${primary_key}' from hosts"
|
|
msgstr ""
|
|
|
|
msgid "Add netgroup"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add netgroup '${primary_key}' into netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add netgroups into netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Netgroup Settings"
|
|
msgstr ""
|
|
|
|
msgid "Remove netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove netgroup '${primary_key}' from netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove netgroups from netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from netgroup '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add OTP token"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users managing OTP token '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"You can use <a href=\"${link}\" target=\"_blank\">FreeOTP<a/> as a software "
|
|
"OTP token application."
|
|
msgstr ""
|
|
|
|
msgid "Configure your token"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Configure your token by scanning the QR code below. Click on the QR code if "
|
|
"you see this on the device you want to configure."
|
|
msgstr ""
|
|
|
|
msgid "OTP Token Settings"
|
|
msgstr ""
|
|
|
|
msgid "Disable token"
|
|
msgstr ""
|
|
|
|
msgid "Enable token"
|
|
msgstr ""
|
|
|
|
msgid "Remove OTP tokens"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users managing OTP token '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Show QR code"
|
|
msgstr ""
|
|
|
|
msgid "Show configuration uri"
|
|
msgstr ""
|
|
|
|
msgid "Counter-based (HOTP)"
|
|
msgstr ""
|
|
|
|
msgid "Time-based (TOTP)"
|
|
msgstr ""
|
|
|
|
msgid "Add Custom Attribute"
|
|
msgstr ""
|
|
|
|
msgid "Permission settings"
|
|
msgstr ""
|
|
|
|
msgid "Attribute breakdown"
|
|
msgstr ""
|
|
|
|
msgid "Privilege Settings"
|
|
msgstr ""
|
|
|
|
msgid "Public key:"
|
|
msgstr ""
|
|
|
|
msgid "Set public key"
|
|
msgstr ""
|
|
|
|
msgid "Show/Set key"
|
|
msgstr ""
|
|
|
|
msgid "Modified: key not set"
|
|
msgstr ""
|
|
|
|
msgid "Modified"
|
|
msgstr ""
|
|
|
|
msgid "New: key not set"
|
|
msgstr ""
|
|
|
|
msgid "New: key set"
|
|
msgstr ""
|
|
|
|
msgid "Add password policy"
|
|
msgstr ""
|
|
|
|
msgid "Remove password policies"
|
|
msgstr ""
|
|
|
|
msgid "Add ID range"
|
|
msgstr ""
|
|
|
|
msgid "Range Settings"
|
|
msgstr ""
|
|
|
|
msgid "Base ID"
|
|
msgstr ""
|
|
|
|
msgid "Primary RID base"
|
|
msgstr ""
|
|
|
|
msgid "Range size"
|
|
msgstr ""
|
|
|
|
msgid "Domain SID"
|
|
msgstr ""
|
|
|
|
msgid "Secondary RID base"
|
|
msgstr ""
|
|
|
|
msgid "Remove ID ranges"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory domain"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory domain with POSIX attributes"
|
|
msgstr ""
|
|
|
|
msgid "Detect"
|
|
msgstr ""
|
|
|
|
msgid "Local domain"
|
|
msgstr ""
|
|
|
|
msgid "IPA trust"
|
|
msgstr ""
|
|
|
|
msgid "Active Directory winsync"
|
|
msgstr ""
|
|
|
|
msgid "Add RADIUS server"
|
|
msgstr ""
|
|
|
|
msgid "RADIUS Proxy Server Settings"
|
|
msgstr ""
|
|
|
|
msgid "Remove RADIUS servers"
|
|
msgstr ""
|
|
|
|
msgid "Check DNS"
|
|
msgstr ""
|
|
|
|
msgid "Do you also want to perform DNS check?"
|
|
msgstr ""
|
|
|
|
msgid "Force Update"
|
|
msgstr ""
|
|
|
|
msgid "Add SELinux user map"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove selinux user maps"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from SELinux user map '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Server Roles"
|
|
msgstr ""
|
|
|
|
msgid "Server Role"
|
|
msgstr ""
|
|
|
|
msgid "Warning: Consider service replication"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"It is strongly recommended to keep the following services installed on more "
|
|
"than one server:"
|
|
msgstr ""
|
|
|
|
msgid "Delete Server"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Deleting a server removes it permanently from the topology. Note that this "
|
|
"is a non-reversible action."
|
|
msgstr ""
|
|
|
|
msgid "Add service"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts managing service '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add service '${primary_key}' into roles"
|
|
msgstr ""
|
|
|
|
msgid "Service Certificate"
|
|
msgstr ""
|
|
|
|
msgid "Service Settings"
|
|
msgstr ""
|
|
|
|
msgid "Provisioning"
|
|
msgstr ""
|
|
|
|
msgid "Remove services"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove service '${primary_key}' from roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts managing service '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to unprovision this service?"
|
|
msgstr ""
|
|
|
|
msgid "Unprovisioning service"
|
|
msgstr ""
|
|
|
|
msgid "Service unprovisioned"
|
|
msgstr ""
|
|
|
|
msgid "Kerberos Key Present, Service Provisioned"
|
|
msgstr ""
|
|
|
|
msgid "SSH public keys"
|
|
msgstr ""
|
|
|
|
msgid "SSH public key:"
|
|
msgstr ""
|
|
|
|
msgid "Set SSH key"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to activate selected users?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to activate ${object}?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} user(s) activated"
|
|
msgstr ""
|
|
|
|
msgid "Add stage user"
|
|
msgstr ""
|
|
|
|
msgid "Stage users"
|
|
msgstr ""
|
|
|
|
msgid "Preserved users"
|
|
msgstr ""
|
|
|
|
msgid "Remove preserved users"
|
|
msgstr ""
|
|
|
|
msgid "Remove stage users"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to stage selected users?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} users(s) staged"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to stage ${object}?"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to restore selected users?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to restore ${object}?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} user(s) restored"
|
|
msgstr ""
|
|
|
|
msgid "User categories"
|
|
msgstr ""
|
|
|
|
msgid "Add sudo command"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add sudo command '${primary_key}' into sudo command groups"
|
|
msgstr ""
|
|
|
|
msgid "Remove sudo commands"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove sudo command '${primary_key}' from sudo command groups"
|
|
msgstr ""
|
|
|
|
msgid "Add sudo command group"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add sudo commands into sudo command group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove sudo command groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove sudo commands from sudo command group '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add sudo rule"
|
|
msgstr ""
|
|
|
|
msgid "Add sudo option"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add allow sudo commands into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add allow sudo command groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add deny sudo commands into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add deny sudo command groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add host groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add hosts into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add RunAs users into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add RunAs user groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add RunAs groups into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Allow"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Command name"
|
|
msgid "Any Command"
|
|
msgstr "आदेशाचे नाव "
|
|
|
|
msgid "Any Group"
|
|
msgstr ""
|
|
|
|
msgid "Run Commands"
|
|
msgstr ""
|
|
|
|
msgid "Deny"
|
|
msgstr ""
|
|
|
|
msgid "Access this host"
|
|
msgstr ""
|
|
|
|
msgid "Option added"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} option(s) removed"
|
|
msgstr ""
|
|
|
|
msgid "Remove sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove allow sudo commands from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove allow sudo command groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove deny sudo commands from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove deny sudo command groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove host groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove hosts from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove RunAs users from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove RunAs user groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove RunAs groups from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from sudo rule '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "As Whom"
|
|
msgstr ""
|
|
|
|
msgid "Specified Commands and Groups"
|
|
msgstr ""
|
|
|
|
msgid "Specified Groups"
|
|
msgstr ""
|
|
|
|
msgid "Remove sudo options"
|
|
msgstr ""
|
|
|
|
msgid "Autogenerated"
|
|
msgstr ""
|
|
|
|
msgid "Segment details"
|
|
msgstr ""
|
|
|
|
msgid "Replication configuration"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Managed topology requires minimal domain level ${domainlevel}"
|
|
msgstr ""
|
|
|
|
msgid "Add IPA location"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add IPA server into IPA location '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Remove IPA locations"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove IPA servers from IPA location '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Add topology segment"
|
|
msgstr ""
|
|
|
|
msgid "Remove topology segments"
|
|
msgstr ""
|
|
|
|
msgid "Account"
|
|
msgstr ""
|
|
|
|
msgid "Add trust"
|
|
msgstr ""
|
|
|
|
msgid "Administrative account"
|
|
msgstr ""
|
|
|
|
msgid "SID blocklists"
|
|
msgstr ""
|
|
|
|
msgid "Trust Settings"
|
|
msgstr ""
|
|
|
|
msgid "Establish using"
|
|
msgstr ""
|
|
|
|
msgid "Fetch domains"
|
|
msgstr ""
|
|
|
|
msgid "Pre-shared password"
|
|
msgstr ""
|
|
|
|
msgid "Remove trusts"
|
|
msgstr ""
|
|
|
|
msgid "Remove domains"
|
|
msgstr ""
|
|
|
|
msgid "Trust direction"
|
|
msgstr ""
|
|
|
|
msgid "Trust status"
|
|
msgstr ""
|
|
|
|
msgid "Trust type"
|
|
msgstr ""
|
|
|
|
msgid "Alternative UPN suffixes"
|
|
msgstr ""
|
|
|
|
msgid "User attributes for SMB services"
|
|
msgstr ""
|
|
|
|
msgid "Path to a script executed on a Windows system at logon"
|
|
msgstr ""
|
|
|
|
msgid "Path to a user profile, in UNC format \\\\server\\share\\"
|
|
msgstr ""
|
|
|
|
msgid "Path to a user home directory, in UNC format"
|
|
msgstr ""
|
|
|
|
msgid "Drive to mount a home directory"
|
|
msgstr ""
|
|
|
|
msgid "Account Settings"
|
|
msgstr ""
|
|
|
|
msgid "Account Status"
|
|
msgstr ""
|
|
|
|
msgid "Active users"
|
|
msgstr ""
|
|
|
|
msgid "Add user"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user '${primary_key}' into user groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user '${primary_key}' into HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user '${primary_key}' into netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user '${primary_key}' into roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user '${primary_key}' into sudo rules"
|
|
msgstr ""
|
|
|
|
msgid "Contact Settings"
|
|
msgstr ""
|
|
|
|
msgid "Delete mode"
|
|
msgstr ""
|
|
|
|
msgid "Employee Information"
|
|
msgstr ""
|
|
|
|
msgid "Error changing account status"
|
|
msgstr ""
|
|
|
|
msgid "Password expiration"
|
|
msgstr ""
|
|
|
|
msgid "Mailing Address"
|
|
msgstr ""
|
|
|
|
msgid "Misc. Information"
|
|
msgstr ""
|
|
|
|
msgid "delete"
|
|
msgstr ""
|
|
|
|
msgid "preserve"
|
|
msgstr ""
|
|
|
|
msgid "No private group"
|
|
msgstr ""
|
|
|
|
msgid "Remove users"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user '${primary_key}' from user groups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user '${primary_key}' from netgroups"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user '${primary_key}' from roles"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user '${primary_key}' from HBAC rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user '${primary_key}' from sudo rules"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"Are you sure you want to ${action} the user?<br/>The change will take effect "
|
|
"immediately."
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Click to ${action}"
|
|
msgstr ""
|
|
|
|
msgid "Unlock"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Are you sure you want to unlock user ${object}?"
|
|
msgstr ""
|
|
|
|
msgid "Add vault"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add services into members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add user groups into owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add services into owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Add users into owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Secrets can be added/retrieved to vault only by using vault-archive and "
|
|
"vault-retrieve from CLI."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Content of 'standard' vaults can be seen by users with higher privileges "
|
|
"(admins)."
|
|
msgstr ""
|
|
|
|
msgid "Asymmetric"
|
|
msgstr ""
|
|
|
|
msgid "Vaults Config"
|
|
msgstr ""
|
|
|
|
msgid "Members"
|
|
msgstr ""
|
|
|
|
msgid "My User Vaults"
|
|
msgstr ""
|
|
|
|
msgid "Owners"
|
|
msgstr ""
|
|
|
|
msgid "Remove vaults"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove services from members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from members of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove user groups from owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove services from owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Remove users from owners of vault '${primary_key}'"
|
|
msgstr ""
|
|
|
|
msgid "Service Vaults"
|
|
msgstr ""
|
|
|
|
msgid "Shared"
|
|
msgstr ""
|
|
|
|
msgid "Shared Vaults"
|
|
msgstr ""
|
|
|
|
msgid "Standard"
|
|
msgstr ""
|
|
|
|
msgid "Symmetric"
|
|
msgstr ""
|
|
|
|
msgid "Vault Type"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Only standard vaults can be created in WebUI, use CLI for other types of "
|
|
"vaults."
|
|
msgstr ""
|
|
|
|
msgid "User Vaults"
|
|
msgstr ""
|
|
|
|
msgid "Current password is required"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Your password expires in ${days} days."
|
|
msgstr ""
|
|
|
|
msgid "First OTP"
|
|
msgstr ""
|
|
|
|
msgid "New password is required"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<i class=\"fa fa-info-circle\"></i> <strong>OTP (One-Time Password):</"
|
|
"strong>Generate new OTP code for each OTP field."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<i class=\"fa fa-info-circle\"></i> <strong>OTP (One-Time Password):</"
|
|
"strong>Leave blank if you are not using OTP tokensfor authentication."
|
|
msgstr ""
|
|
|
|
msgid "Token synchronization failed"
|
|
msgstr ""
|
|
|
|
msgid "The username, password or token codes are not correct"
|
|
msgstr ""
|
|
|
|
msgid "Token was synchronized"
|
|
msgstr ""
|
|
|
|
msgid "Password change complete"
|
|
msgstr ""
|
|
|
|
msgid "Your password has expired. Please enter a new password."
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Passwords do not match!"
|
|
msgid "Passwords must match"
|
|
msgstr "पासवर्ड जुळत नाही!"
|
|
|
|
msgid "Password reset was not successful."
|
|
msgstr ""
|
|
|
|
msgid "Reset your password."
|
|
msgstr ""
|
|
|
|
msgid "Second OTP"
|
|
msgstr ""
|
|
|
|
msgid "Verify Password"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to delete selected entries?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} item(s) deleted"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to disable selected entries?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} item(s) disabled"
|
|
msgstr ""
|
|
|
|
msgid "Are you sure you want to enable selected entries?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "${count} item(s) enabled"
|
|
msgstr ""
|
|
|
|
msgid "Some entries were not deleted"
|
|
msgstr ""
|
|
|
|
msgid "Quick Links"
|
|
msgstr ""
|
|
|
|
msgid "Select All"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"Query returned more results than the configured size limit. Displaying the "
|
|
"first ${counter} results."
|
|
msgstr ""
|
|
|
|
msgid "Unselect All"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h1>Browser Kerberos Setup</h1>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h2>Firefox</h2>\n"
|
|
"\n"
|
|
"<p>\n"
|
|
" You can configure Firefox to use Kerberos for Single Sign-on. "
|
|
"The following instructions will guide you in configuring your web browser to "
|
|
"send your Kerberos credentials to the appropriate Key Distribution Center "
|
|
"which enables Single Sign-on.\n"
|
|
"</p>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<ol>\n"
|
|
"<li>\n"
|
|
"<p>\n"
|
|
"<a href=\"ca.crt\" id=\"ca-link\" class=\"btn btn-default\">Import "
|
|
"Certificate Authority certificate</a>\n"
|
|
"</p>\n"
|
|
"<p>\n"
|
|
" Make sure you select <b>all three</b> checkboxes.\n"
|
|
"</p>\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" In the address bar of Firefox, type <code>about:config</"
|
|
"code> to display the list of current configuration options.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" In the Filter field, type <code>negotiate</code> to restrict "
|
|
"the list of options.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" Double-click the <code>network.negotiate-auth.trusted-uris</"
|
|
"code> entry to display the Enter string value dialog box.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" Enter the name of the domain against which you want to "
|
|
"authenticate, for example, <code class=\"example-domain\">.example.com</"
|
|
"code>.\n"
|
|
"</li>\n"
|
|
"<li><a href=\"../ui/index.html\" id=\"return-link\" class=\"btn btn-default"
|
|
"\">Return to Web UI</a></li>\n"
|
|
"</ol>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h2>Chrome</h2>\n"
|
|
"\n"
|
|
"<p>\n"
|
|
" You can configure Chrome to use Kerberos for Single Sign-on. The "
|
|
"following instructions will guide you in configuring your web browser to "
|
|
"send your Kerberos credentials to the appropriate Key Distribution Center "
|
|
"which enables Single Sign-on.\n"
|
|
"</p>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h3>Import CA Certificate</h3>\n"
|
|
"<ol>\n"
|
|
"<li>\n"
|
|
" Download the <a href=\"ca.crt\">CA certificate</a>. "
|
|
"Alternatively, if the host is also an IdM client, you can find the "
|
|
"certificate in /etc/ipa/ca.crt.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" Click the menu button with the <em>Customize and control "
|
|
"Google Chrome</em> tooltip, which is by default in the top right-hand corner "
|
|
"of Chrome, and click <em>Settings</em>.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" Click <em>Show advanced settings</em> to display more "
|
|
"options, and then click the <em>Manage certificates</em> button located "
|
|
"under the HTTPS/SSL heading.\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" In the <em>Authorities</em> tab, click the <em>Import</em> "
|
|
"button at the bottom.\n"
|
|
"</li>\n"
|
|
"<li>Select the CA certificate file that you downloaded in the first step.</"
|
|
"li>\n"
|
|
"</ol>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h3>\n"
|
|
" Enable SPNEGO (Simple and Protected GSSAPI Negotiation "
|
|
"Mechanism) to Use Kerberos Authentication\n"
|
|
" in Chrome\n"
|
|
"</h3>\n"
|
|
"<ol>\n"
|
|
"<li>\n"
|
|
" Make sure you have the necessary directory created by "
|
|
"running:\n"
|
|
"<div><code>\n"
|
|
" [root@client]# mkdir -p /etc/opt/chrome/policies/"
|
|
"managed/\n"
|
|
"</code></div>\n"
|
|
"</li>\n"
|
|
"<li>\n"
|
|
" Create a new <code>/etc/opt/chrome/policies/managed/mydomain."
|
|
"json</code> file with write privileges limited to the system administrator "
|
|
"or root, and include the following line:\n"
|
|
"<div><code>\n"
|
|
" { \"AuthServerWhitelist\": \"*<span class=\"example-"
|
|
"domain\">.example.com</span>\" }\n"
|
|
"</code></div>\n"
|
|
"<div>\n"
|
|
" You can do this by running:\n"
|
|
"</div>\n"
|
|
"<div><code>\n"
|
|
" [root@server]# echo '{ \"AuthServerWhitelist\": \"*<span "
|
|
"class=\"example-domain\">.example.com</span>\" }' > /etc/opt/chrome/policies/"
|
|
"managed/mydomain.json\n"
|
|
"</code></div>\n"
|
|
"</li>\n"
|
|
"</ol>\n"
|
|
"<ol>\n"
|
|
"<p>\n"
|
|
"<strong>Note:</strong> If using Chromium, use <code>/etc/chromium/policies/"
|
|
"managed/</code> instead of <code>/etc/opt/chrome/policies/managed/</code> "
|
|
"for the two SPNEGO Chrome configuration steps above.\n"
|
|
"</p>\n"
|
|
"</ol>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h2>Internet Explorer</h2>\n"
|
|
"<p><strong>WARNING:</strong> Internet Explorer is no longer a supported "
|
|
"browser.</p>\n"
|
|
"<p>\n"
|
|
" Once you are able to log into the workstation with your kerberos "
|
|
"key you are now able to use that ticket in Internet Explorer.\n"
|
|
"</p>\n"
|
|
"<p>\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<strong>Log into the Windows machine using an account of your Kerberos realm "
|
|
"(administrative domain)</strong>\n"
|
|
"</p>\n"
|
|
"<p>\n"
|
|
"<strong>In Internet Explorer, click Tools, and then click Internet Options.</"
|
|
"strong>\n"
|
|
"</p>\n"
|
|
"<div>\n"
|
|
"<ol>\n"
|
|
"<li>Click the Security tab</li>\n"
|
|
"<li>Click Local intranet</li>\n"
|
|
"<li>Click Sites </li>\n"
|
|
"<li>Click Advanced </li>\n"
|
|
"<li>Add your domain to the list</li>\n"
|
|
"</ol>\n"
|
|
"<ol>\n"
|
|
"<li>Click the Security tab</li>\n"
|
|
"<li>Click Local intranet</li>\n"
|
|
"<li>Click Custom Level</li>\n"
|
|
"<li>Select Automatic logon only in Intranet zone</li>\n"
|
|
"</ol>\n"
|
|
"\n"
|
|
"<ol>\n"
|
|
"<li> Visit a kerberized web site using IE (You must use the fully-qualified "
|
|
"Domain Name in the URL)</li>\n"
|
|
"<li><strong> You are all set.</strong></li>\n"
|
|
"</ol>\n"
|
|
"</div>\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "Working"
|
|
msgstr ""
|
|
|
|
msgid "Audit"
|
|
msgstr ""
|
|
|
|
msgid "Authentication"
|
|
msgstr ""
|
|
|
|
msgid "Automember"
|
|
msgstr ""
|
|
|
|
msgid "Automount"
|
|
msgstr ""
|
|
|
|
msgid "DNS"
|
|
msgstr ""
|
|
|
|
msgid "Host-Based Access Control"
|
|
msgstr ""
|
|
|
|
msgid "Identity"
|
|
msgstr ""
|
|
|
|
msgid "Network Services"
|
|
msgstr ""
|
|
|
|
msgid "Policy"
|
|
msgstr ""
|
|
|
|
msgid "Role-Based Access Control"
|
|
msgstr ""
|
|
|
|
msgid "Sudo"
|
|
msgstr ""
|
|
|
|
msgid "Topology"
|
|
msgstr ""
|
|
|
|
msgid "Trusts"
|
|
msgstr ""
|
|
|
|
msgid "True"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"<h1>Unable to verify your Kerberos credentials</h1>\n"
|
|
"<p>\n"
|
|
" Please make sure that you have valid Kerberos tickets "
|
|
"(obtainable via <strong>kinit</strong>), and that you have configured your "
|
|
"browser correctly.\n"
|
|
"</p>\n"
|
|
"\n"
|
|
"<h2>Browser configuration</h2>\n"
|
|
"\n"
|
|
"<div id=\"first-time\">\n"
|
|
"<p>\n"
|
|
" If this is your first time, please <a href=\"ssbrowser.html"
|
|
"\">configure your browser</a>.\n"
|
|
"</p>\n"
|
|
"</div>\n"
|
|
msgstr ""
|
|
|
|
msgid "API Browser"
|
|
msgstr ""
|
|
|
|
msgid "First"
|
|
msgstr ""
|
|
|
|
msgid "Last"
|
|
msgstr ""
|
|
|
|
msgid "Next"
|
|
msgstr ""
|
|
|
|
msgid "Page"
|
|
msgstr ""
|
|
|
|
msgid "Prev"
|
|
msgstr ""
|
|
|
|
msgid "Undo"
|
|
msgstr ""
|
|
|
|
msgid "Undo this change."
|
|
msgstr ""
|
|
|
|
msgid "Undo All"
|
|
msgstr ""
|
|
|
|
msgid "Undo all changes in this field."
|
|
msgstr ""
|
|
|
|
msgid "Text does not match field pattern"
|
|
msgstr ""
|
|
|
|
msgid "Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")"
|
|
msgstr ""
|
|
|
|
msgid "Must be a decimal number"
|
|
msgstr ""
|
|
|
|
msgid "Format error"
|
|
msgstr ""
|
|
|
|
msgid "Must be an integer"
|
|
msgstr ""
|
|
|
|
msgid "Not a valid IP address"
|
|
msgstr ""
|
|
|
|
msgid "Not a valid IPv4 address"
|
|
msgstr ""
|
|
|
|
msgid "Not a valid IPv6 address"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Maximum value is ${value}"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Minimum value is ${value}"
|
|
msgstr ""
|
|
|
|
msgid "Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)"
|
|
msgstr ""
|
|
|
|
msgid "Parse error"
|
|
msgstr ""
|
|
|
|
msgid "Must be a positive number"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "'${port}' is not a valid port"
|
|
msgstr ""
|
|
|
|
msgid "Required field"
|
|
msgstr ""
|
|
|
|
msgid "Unsupported value"
|
|
msgstr ""
|
|
|
|
msgid "pyhbac is not installed."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Simulate use of Host-based access controls\n"
|
|
"\n"
|
|
"HBAC rules control who can access what services on what hosts.\n"
|
|
"You can use HBAC to control which users or groups can access a service,\n"
|
|
"or group of services, on a target host.\n"
|
|
"\n"
|
|
"Since applying HBAC rules implies use of a production environment,\n"
|
|
"this plugin aims to provide simulation of HBAC rules evaluation without\n"
|
|
"having access to the production environment.\n"
|
|
"\n"
|
|
" Test user coming to a service on a named host against\n"
|
|
" existing enabled rules.\n"
|
|
"\n"
|
|
" ipa hbactest --user= --host= --service=\n"
|
|
" [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
|
|
" [--sizelimit= ]\n"
|
|
"\n"
|
|
" --user, --host, and --service are mandatory, others are optional.\n"
|
|
"\n"
|
|
" If --rules is specified simulate enabling of the specified rules and test\n"
|
|
" the login of the user using only these rules.\n"
|
|
"\n"
|
|
" If --enabled is specified, all enabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --disabled is specified, all disabled HBAC rules will be added to "
|
|
"simulation\n"
|
|
"\n"
|
|
" If --nodetail is specified, do not return information about rules matched/"
|
|
"not matched.\n"
|
|
"\n"
|
|
" If both --rules and --enabled are specified, apply simulation to --rules "
|
|
"_and_\n"
|
|
" all IPA enabled rules.\n"
|
|
"\n"
|
|
" If no --rules specified, simulation is run against all IPA enabled rules.\n"
|
|
" By default there is a IPA-wide limit to number of entries fetched, you can "
|
|
"change it\n"
|
|
" with --sizelimit option.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Use all enabled HBAC rules in IPA database to simulate:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 2. Disable detailed summary of how rules were applied:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
"\n"
|
|
" 3. Test explicitly specified HBAC rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
|
|
" --rules=myrule --rules=my-second-rule\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 4. Use all enabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
|
|
" --rules=myrule --rules=my-second-rule --enabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
" 5. Test all disabled HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: new-rule\n"
|
|
"\n"
|
|
" 6. Test all disabled HBAC rules in IPA database + explicitly specified "
|
|
"rules:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
|
|
" --rules=myrule --rules=my-second-rule --disabled\n"
|
|
" ---------------------\n"
|
|
" Access granted: False\n"
|
|
" ---------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
"\n"
|
|
" 7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
|
|
" $ ipa hbactest --user=a1a --host=bar --service=sshd \\\\\n"
|
|
" --enabled --disabled\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Not matched rules: my-second-rule\n"
|
|
" Not matched rules: my-third-rule\n"
|
|
" Not matched rules: myrule\n"
|
|
" Not matched rules: new-rule\n"
|
|
" Matched rules: allow_all\n"
|
|
"\n"
|
|
"\n"
|
|
"HBACTEST AND TRUSTED DOMAINS\n"
|
|
"\n"
|
|
"When an external trusted domain is configured in IPA, HBAC rules are also "
|
|
"applied\n"
|
|
"on users accessing IPA resources from the trusted domain. Trusted domain "
|
|
"users and\n"
|
|
"groups (and their SIDs) can be then assigned to external groups which can "
|
|
"be\n"
|
|
"members of POSIX groups in IPA which can be used in HBAC rules and thus "
|
|
"allowing\n"
|
|
"access to resources protected by the HBAC system.\n"
|
|
"\n"
|
|
"hbactest plugin is capable of testing access for both local IPA users and "
|
|
"users\n"
|
|
"from the trusted domains, either by a fully qualified user name or by user "
|
|
"SID.\n"
|
|
"Such user names need to have a trusted domain specified as a short name\n"
|
|
"(DOMAIN\\Administrator) or with a user principal name (UPN), "
|
|
"Administrator@ad.test.\n"
|
|
"\n"
|
|
"Please note that hbactest executed with a trusted domain user as --user "
|
|
"parameter\n"
|
|
"can be only run by members of \"trust admins\" group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" 1. Test if a user from a trusted domain specified by its shortname "
|
|
"matches any\n"
|
|
" rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 2. Test if a user from a trusted domain specified by its domain name "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
|
|
"service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 3. Test if a user from a trusted domain specified by its SID matches any "
|
|
"rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\\\n"
|
|
" --host `hostname` --service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Matched rules: can_login\n"
|
|
"\n"
|
|
" 4. Test if other user from a trusted domain specified by its SID matches "
|
|
"any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\"
|
|
"\\\n"
|
|
" --host `hostname` --service sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
"\n"
|
|
" 5. Test if other user from a trusted domain specified by its shortname "
|
|
"matches\n"
|
|
" any rule:\n"
|
|
"\n"
|
|
" $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
|
|
"sshd\n"
|
|
" --------------------\n"
|
|
" Access granted: True\n"
|
|
" --------------------\n"
|
|
" Matched rules: allow_all\n"
|
|
" Not matched rules: can_login\n"
|
|
msgstr ""
|
|
|
|
msgid "Unresolved rules in --rules"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot search in trusted domains without own domain configured. Make sure "
|
|
"you have run ipa-adtrust-install on the IPA server first"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Access granted: %s"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"OTP Tokens\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage OTP tokens.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA supports the use of OTP tokens for multi-factor authentication. This\n"
|
|
"code enables the management of OTP tokens.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a new token:\n"
|
|
" ipa otptoken-add --type=totp --owner=jdoe --desc=\"My soft token\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Examine the token:\n"
|
|
" ipa otptoken-show a93db710-a31a-4639-8647-f15b2c70b78a\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Change the vendor:\n"
|
|
" ipa otptoken-mod a93db710-a31a-4639-8647-f15b2c70b78a --vendor=\"Red Hat"
|
|
"\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a token:\n"
|
|
" ipa otptoken-del a93db710-a31a-4639-8647-f15b2c70b78a\n"
|
|
msgstr ""
|
|
|
|
msgid "OTP token"
|
|
msgstr ""
|
|
|
|
msgid "OTP tokens"
|
|
msgstr ""
|
|
|
|
msgid "OTP Tokens"
|
|
msgstr ""
|
|
|
|
msgid "OTP Token"
|
|
msgstr ""
|
|
|
|
msgid "URI"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added OTP token \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "cannot be empty"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted OTP token \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified OTP token \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d OTP token matched"
|
|
msgid_plural "%(count)d OTP tokens matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Permissions\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A permission enables fine-grained delegation of rights. A permission is\n"
|
|
"a human-readable wrapper around a 389-ds Access Control Rule,\n"
|
|
"or instruction (ACI).\n"
|
|
"A permission grants the right to perform a specific task such as adding a\n"
|
|
"user, modifying a group, etc.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A permission may not contain other permissions.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"* A permission grants access to read, write, add, delete, read, search,\n"
|
|
" or compare.\n"
|
|
"* A privilege combines similar permissions (for example all the permissions\n"
|
|
" needed to add a user).\n"
|
|
"* A role grants a set of privileges to users, groups, hosts or hostgroups.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A permission is made up of a number of different parts:\n"
|
|
"\n"
|
|
"1. The name of the permission.\n"
|
|
"2. The target of the permission.\n"
|
|
"3. The rights granted by the permission.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Rights define what operations are allowed, and may be one or more\n"
|
|
"of the following:\n"
|
|
"1. write - write one or more attributes\n"
|
|
"2. read - read one or more attributes\n"
|
|
"3. search - search on one or more attributes\n"
|
|
"4. compare - compare one or more attributes\n"
|
|
"5. add - add a new entry to the tree\n"
|
|
"6. delete - delete an existing entry\n"
|
|
"7. all - all permissions are granted\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Note the distinction between attributes and entries. The permissions are\n"
|
|
"independent, so being able to add a user does not mean that the user will\n"
|
|
"be editable.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"There are a number of allowed targets:\n"
|
|
"1. subtree: a DN; the permission applies to the subtree under this DN\n"
|
|
"2. target filter: an LDAP filter\n"
|
|
"3. target: DN with possible wildcards, specifies entries permission applies "
|
|
"to\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Additionally, there are the following convenience options.\n"
|
|
"Setting one of these options will set the corresponding attribute(s).\n"
|
|
"1. type: a type of object (user, group, etc); sets subtree and target "
|
|
"filter.\n"
|
|
"2. memberof: apply to members of a group; sets target filter\n"
|
|
"3. targetgroup: grant access to modify a specific group (such as granting\n"
|
|
" the rights to manage group membership); sets target.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Managed permissions\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Permissions that come with IPA by default can be so-called \"managed\"\n"
|
|
"permissions. These have a default set of attributes they apply to,\n"
|
|
"but the administrator can add/remove individual attributes to/from the set.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Deleting or renaming a managed permission, as well as changing its target,\n"
|
|
"is not allowed.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a permission that grants the creation of users:\n"
|
|
" ipa permission-add --type=user --permissions=add \"Add Users\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a permission that grants the ability to manage group membership:\n"
|
|
" ipa permission-add --attrs=member --permissions=write --type=group "
|
|
"\"Manage Group Members\"\n"
|
|
msgstr ""
|
|
|
|
msgid "must be enclosed in parentheses"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "\"%s\" is not an object type"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "\"%s\" is not a valid permission type"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "Deprecated options"
|
|
msgid "Deprecated; use %s"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
#, python-format
|
|
msgid "Permission with unknown flag %s may not be modified or removed"
|
|
msgstr ""
|
|
|
|
msgid "A SYSTEM permission may not be modified or removed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Entry %s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The ACI for permission %(name)s was not found in %(dn)s "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"cannot specify full target filter and extra target filter simultaneously"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "option was renamed; use %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot use %(old_name)s with %(new_name)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s: group not found"
|
|
msgstr ""
|
|
|
|
msgid "target and targetgroup are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "subtree and type are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "Bad search filter"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Entry %s does not exist"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"there must be at least one target entry specifier (e.g. target, "
|
|
"targetfilter, attrs)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added permission \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "attrs and included attributes are mutually exclusive"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot store permission ACI to %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted permission \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "cannot delete managed permissions"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ACI of permission %s was not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified permission \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "cannot rename managed permissions"
|
|
msgstr ""
|
|
|
|
msgid "not modifiable on managed permissions"
|
|
msgstr ""
|
|
|
|
msgid "only available on managed permissions"
|
|
msgstr ""
|
|
|
|
msgid "attrs and included/excluded attributes are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "cannot set bindtype for a permission that is assigned to a privilege"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d permission matched"
|
|
msgid_plural "%(count)d permissions matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA servers\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Get information about installed IPA servers.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all servers:\n"
|
|
" ipa server-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show specific server:\n"
|
|
" ipa server-show ipa.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid "server"
|
|
msgstr ""
|
|
|
|
msgid "servers"
|
|
msgstr ""
|
|
|
|
msgid "IPA Servers"
|
|
msgstr ""
|
|
|
|
msgid "Server location"
|
|
msgstr ""
|
|
|
|
msgid "Service weight"
|
|
msgstr ""
|
|
|
|
msgid "Weight for server services"
|
|
msgstr ""
|
|
|
|
msgid "Service relative weight"
|
|
msgstr ""
|
|
|
|
msgid "Relative weight for server services (counts per location)"
|
|
msgstr ""
|
|
|
|
msgid "Enabled server roles"
|
|
msgstr ""
|
|
|
|
msgid "List of enabled roles"
|
|
msgstr ""
|
|
|
|
msgid "Modify information about an IPA server."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified IPA server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d IPA server matched"
|
|
msgid_plural "%(count)d IPA servers matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Deleted IPA server \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Ignore topology errors"
|
|
msgstr ""
|
|
|
|
msgid "Ignore topology connectivity problems after removal"
|
|
msgstr ""
|
|
|
|
msgid "Ignore check for last remaining CA or DNS server"
|
|
msgstr ""
|
|
|
|
msgid "Skip a check whether the last CA master or DNS server is removed"
|
|
msgstr ""
|
|
|
|
msgid "Force server removal"
|
|
msgstr ""
|
|
|
|
msgid "Force server removal even if it does not exist"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Replica is active DNSSEC key master. Uninstall could break your DNS system. "
|
|
"Please disable or replace DNSSEC key master first."
|
|
msgstr ""
|
|
|
|
msgid "Deleting this server will leave your installation without a DNS."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Deleting this server is not allowed as it would leave your installation "
|
|
"without a KRA."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Deleting this server is not allowed as it would leave your installation "
|
|
"without a CA."
|
|
msgstr ""
|
|
|
|
msgid "Ignoring these warnings and proceeding with removal"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Failed to clean memberPrincipal %(principal)s from s4u2proxy entry %(dn)s: "
|
|
"%(err)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Failed to clean up DNA hostname entries for %(master)s: %(err)s"
|
|
msgstr ""
|
|
|
|
#, fuzzy, python-format
|
|
#| msgid "error on server '%(server)s': %(error)s"
|
|
msgid "Failed to remove server %(master)s from server list: %(err)s"
|
|
msgstr "सर्व्हरवर त्रुटी '%(server)s': %(error)s"
|
|
|
|
#, python-format
|
|
msgid "Failed to clean up Custodia keys for %(master)s: %(err)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Failed to cleanup server principals/keys: %(err)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Failed to cleanup %(hostname)s DNS entries: %(err)s"
|
|
msgstr ""
|
|
|
|
msgid "You may need to manually remove them from the tree"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Forcing removal of %(hostname)s"
|
|
msgstr ""
|
|
|
|
msgid "Ignoring topology connectivity errors."
|
|
msgstr ""
|
|
|
|
msgid "Server has already been deleted"
|
|
msgstr ""
|
|
|
|
msgid "Agreements deleted"
|
|
msgstr ""
|
|
|
|
msgid "Following segments were not deleted:"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must be \"%s\""
|
|
msgstr ""
|
|
|
|
msgid "not allowed to perform server connection check"
|
|
msgstr ""
|
|
|
|
msgid "Set enabled/hidden state of a server."
|
|
msgstr ""
|
|
|
|
msgid "State"
|
|
msgstr ""
|
|
|
|
msgid "Server state"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Changed server state of \"%(value)s\"."
|
|
msgstr ""
|
|
|
|
msgid "Cannot hide CA renewal master."
|
|
msgstr ""
|
|
|
|
msgid "Cannot hide DNSSec key master."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot hide last enabled %(name)s server."
|
|
msgstr ""
|
|
|
|
msgid "self service permission"
|
|
msgstr ""
|
|
|
|
msgid "self service permissions"
|
|
msgstr ""
|
|
|
|
msgid "Self Service Permissions"
|
|
msgstr ""
|
|
|
|
msgid "Self Service Permission"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added selfservice \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted selfservice \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified selfservice \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d selfservice matched"
|
|
msgid_plural "%(count)d selfservices matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA server roles\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Get status of roles (DNS server, CA, etc.) provided by IPA masters.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"The status of a role is either enabled, configured, or absent.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show status of 'DNS server' role on a server:\n"
|
|
" ipa server-role-show ipa.example.com \"DNS server\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show status of all roles containing 'AD' on a server:\n"
|
|
" ipa server-role-find --server ipa.example.com --role=\"AD trust "
|
|
"controller\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show status of all configured roles on a server:\n"
|
|
" ipa server-role-find ipa.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show implicit IPA master role:\n"
|
|
" ipa server-role-find --include-master\n"
|
|
msgstr ""
|
|
|
|
msgid "server role"
|
|
msgstr ""
|
|
|
|
msgid "server roles"
|
|
msgstr ""
|
|
|
|
msgid "IPA Server Roles"
|
|
msgstr ""
|
|
|
|
msgid "IPA Server Role"
|
|
msgstr ""
|
|
|
|
msgid "IPA server role name"
|
|
msgstr ""
|
|
|
|
msgid "Role status"
|
|
msgstr ""
|
|
|
|
msgid "Status of the role"
|
|
msgstr ""
|
|
|
|
msgid "Show role status on a server"
|
|
msgstr ""
|
|
|
|
msgid "Find a server role on a server(s)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)s server role matched"
|
|
msgid_plural "%(count)s server roles matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Include IPA master entries"
|
|
msgstr ""
|
|
|
|
msgid "IPA role name"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Cross-realm trusts\n"
|
|
"\n"
|
|
"Manage trust relationship between IPA and Active Directory domains.\n"
|
|
"\n"
|
|
"In order to allow users from a remote domain to access resources in IPA "
|
|
"domain,\n"
|
|
"trust relationship needs to be established. Currently IPA supports only "
|
|
"trusts\n"
|
|
"between IPA and Active Directory domains under control of Windows Server "
|
|
"2008\n"
|
|
"or later, with functional level 2008 or later.\n"
|
|
"\n"
|
|
"Please note that DNS on both IPA and Active Directory domain sides should "
|
|
"be\n"
|
|
"configured properly to discover each other. Trust relationship relies on\n"
|
|
"ability to discover special resources in the other domain via DNS records.\n"
|
|
"\n"
|
|
"Examples:\n"
|
|
"\n"
|
|
"1. Establish cross-realm trust with Active Directory using AD administrator\n"
|
|
" credentials:\n"
|
|
"\n"
|
|
" ipa trust-add --type=ad <ad.domain> --admin <AD domain "
|
|
"administrator> --password\n"
|
|
"\n"
|
|
"2. List all existing trust relationships:\n"
|
|
"\n"
|
|
" ipa trust-find\n"
|
|
"\n"
|
|
"3. Show details of the specific trust relationship:\n"
|
|
"\n"
|
|
" ipa trust-show <ad.domain>\n"
|
|
"\n"
|
|
"4. Delete existing trust relationship:\n"
|
|
"\n"
|
|
" ipa trust-del <ad.domain>\n"
|
|
"\n"
|
|
"Once trust relationship is established, remote users will need to be mapped\n"
|
|
"to local POSIX groups in order to actually use IPA resources. The mapping\n"
|
|
"should be done via use of external membership of non-POSIX group and then\n"
|
|
"this group should be included into one of local POSIX groups.\n"
|
|
"\n"
|
|
"Example:\n"
|
|
"\n"
|
|
"1. Create group for the trusted domain admins' mapping and their local "
|
|
"POSIX\n"
|
|
"group:\n"
|
|
"\n"
|
|
" ipa group-add --desc='<ad.domain> admins external map' "
|
|
"ad_admins_external --external\n"
|
|
" ipa group-add --desc='<ad.domain> admins' ad_admins\n"
|
|
"\n"
|
|
"2. Add security identifier of Domain Admins of the <ad.domain> to the\n"
|
|
" ad_admins_external group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
|
|
"\n"
|
|
"3. Allow members of ad_admins_external group to be associated with\n"
|
|
" ad_admins POSIX group:\n"
|
|
"\n"
|
|
" ipa group-add-member ad_admins --groups ad_admins_external\n"
|
|
"\n"
|
|
"4. List members of external members of ad_admins_external group to see\n"
|
|
" their SIDs:\n"
|
|
"\n"
|
|
" ipa group-show ad_admins_external\n"
|
|
"\n"
|
|
"\n"
|
|
"GLOBAL TRUST CONFIGURATION\n"
|
|
"\n"
|
|
"When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a\n"
|
|
"local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
|
|
"identifiers are then used when communicating with a trusted domain of the\n"
|
|
"particular type.\n"
|
|
"\n"
|
|
"1. Show global trust configuration for Active Directory type of trusts:\n"
|
|
"\n"
|
|
" ipa trustconfig-show --type ad\n"
|
|
"\n"
|
|
"2. Modify global configuration for all trusts of Active Directory type and "
|
|
"set\n"
|
|
" a different fallback primary group (fallback primary group GID is used as "
|
|
"a\n"
|
|
" primary user GID if user authenticating to IPA domain does not have any\n"
|
|
" other primary GID already set):\n"
|
|
"\n"
|
|
" ipa trustconfig-mod --type ad --fallback-primary-group \"another AD group"
|
|
"\"\n"
|
|
"\n"
|
|
"3. Change primary fallback group back to default hidden group (any group "
|
|
"with\n"
|
|
" posixGroup object class is allowed):\n"
|
|
"\n"
|
|
" ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
|
|
"\"\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
" Alternatively, following servers are capable of running this command: "
|
|
"%(masters)s"
|
|
msgstr ""
|
|
|
|
msgid "AD Trust setup"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot perform the selected command without Samba 4 support installed. Make "
|
|
"sure you have installed server-trust-ad sub-package of IPA."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot perform the selected command without Samba 4 instance configured on "
|
|
"this machine. Make sure you have run ipa-adtrust-install on this server."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Fetching domains from trusted forest failed. See details in the error_log"
|
|
msgstr ""
|
|
|
|
msgid "trust"
|
|
msgstr ""
|
|
|
|
msgid "trusts"
|
|
msgstr ""
|
|
|
|
msgid "Trust"
|
|
msgstr ""
|
|
|
|
msgid "SID blocklist incoming"
|
|
msgstr ""
|
|
|
|
msgid "SID blocklist outgoing"
|
|
msgstr ""
|
|
|
|
msgid "UPN suffixes"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "invalid SID: {SID}"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Add new trust to use.\n"
|
|
"\n"
|
|
"This command establishes trust relationship to another domain\n"
|
|
"which becomes 'trusted'. As result, users of the trusted domain\n"
|
|
"may access resources of this domain.\n"
|
|
"\n"
|
|
"Only trusts to Active Directory domains are supported right now.\n"
|
|
"\n"
|
|
"The command can be safely run multiple times against the same domain,\n"
|
|
"this will cause change to trust relationship credentials on both\n"
|
|
"sides.\n"
|
|
"\n"
|
|
"Note that if the command was previously run with a specific range type,\n"
|
|
"or with automatic detection of the range type, and you want to configure a\n"
|
|
"different range type, you may need to delete first the ID range using\n"
|
|
"ipa idrange-del before retrying the command with the desired range type.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Type of trusted domain ID range, one of allowed values"
|
|
msgstr ""
|
|
|
|
msgid "External trust"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Establish external trust to a domain in another forest. The trust is not "
|
|
"transitive beyond the domain."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added Active Directory trust for realm \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Re-established trust to domain \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "missing base_id"
|
|
msgstr ""
|
|
|
|
msgid "pysss_murmur is not available on the server and no base-id is given."
|
|
msgstr ""
|
|
|
|
msgid "trust type"
|
|
msgstr ""
|
|
|
|
msgid "only \"ad\" is supported"
|
|
msgstr ""
|
|
|
|
msgid "domain"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Cannot establish a trust to AD deployed in the same domain as IPA. Such "
|
|
"setup is not supported."
|
|
msgstr ""
|
|
|
|
msgid "Realm-domain mismatch"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"To establish trust with Active Directory, the domain name and the realm name "
|
|
"of the IPA server must match"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Trusted domain %(domain)s is included among IPA realm domains. It needs to "
|
|
"be removed prior to establishing the trust. See the \"ipa realmdomains-mod --"
|
|
"del-domain\" command."
|
|
msgstr ""
|
|
|
|
msgid "Trusted domain and administrator account use different realms"
|
|
msgstr ""
|
|
|
|
msgid "Realm administrator password should be specified"
|
|
msgstr ""
|
|
|
|
msgid "id range type"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Only the ipa-ad-trust and ipa-ad-trust-posix are allowed values for --range-"
|
|
"type when adding an AD trust."
|
|
msgstr ""
|
|
|
|
msgid "id range"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"An id range already exists for this trust. You should either delete the old "
|
|
"range, or exclude --base-id/--range-size options from the command."
|
|
msgstr ""
|
|
|
|
msgid "range exists"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"ID range with the same name but different domain SID already exists. The ID "
|
|
"range for the new trusted domain must be created manually."
|
|
msgstr ""
|
|
|
|
msgid "range type change"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"ID range for the trusted domain already exists, but it has a different type. "
|
|
"Please remove the old range manually, or do not enforce type via --range-"
|
|
"type option."
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Unable to resolve domain controller for {domain} domain. "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Forward policy is defined for it in IPA DNS, perhaps forwarder points to "
|
|
"incorrect host?"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"IPA manages DNS, please verify your DNS configuration and make sure that "
|
|
"service records of the '{domain}' domain can be resolved. Examples how to "
|
|
"configure DNS with CLI commands or the Web UI can be found in the "
|
|
"documentation. "
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"Since IPA does not manage DNS records, ensure DNS is configured to resolve "
|
|
"'{domain}' domain from IPA hosts and back."
|
|
msgstr ""
|
|
|
|
msgid "Unable to verify write permissions to the AD"
|
|
msgstr ""
|
|
|
|
msgid "Not enough arguments specified to perform trust setup"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted trust \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify a trust (for future use).\n"
|
|
"\n"
|
|
" Currently only the default option to modify the LDAP attributes is\n"
|
|
" available. More specific options will be added in coming releases.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified trust \"%(value)s\" (change will be effective in 60 seconds)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d trust matched"
|
|
msgid_plural "%(count)d trusts matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "trust configuration"
|
|
msgstr ""
|
|
|
|
msgid "Global Trust Configuration"
|
|
msgstr ""
|
|
|
|
msgid "IPA AD trust agents"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as AD trust agents"
|
|
msgstr ""
|
|
|
|
msgid "IPA AD trust controllers"
|
|
msgstr ""
|
|
|
|
msgid "IPA servers configured as AD trust controllers"
|
|
msgstr ""
|
|
|
|
msgid "unsupported trust type"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified \"%(value)s\" trust configuration"
|
|
msgstr ""
|
|
|
|
msgid "SID"
|
|
msgstr ""
|
|
|
|
msgid "sidgen_was_run"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"This command relies on the existence of the \"editors\" group, but this "
|
|
"group was not found."
|
|
msgstr ""
|
|
|
|
msgid "trust domain"
|
|
msgstr ""
|
|
|
|
msgid "trust domains"
|
|
msgstr ""
|
|
|
|
msgid "Trusted domains"
|
|
msgstr ""
|
|
|
|
msgid "Trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Domain enabled"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed information about the trusted domain \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"cannot delete root domain of the trust, use trust-del to delete the trust "
|
|
"itself"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"List of trust domains successfully refreshed. Use trustdomain-find command "
|
|
"to list them."
|
|
msgstr ""
|
|
|
|
msgid "Configure this server as a trust agent."
|
|
msgstr ""
|
|
|
|
msgid "Enable support for trusted domains for old clients"
|
|
msgstr ""
|
|
|
|
msgid "not allowed to remotely add agent"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled trust domain \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Root domain of the trust is always enabled for the existing trust"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled trust domain \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"cannot disable root domain of the trust, use trust-del to delete the trust "
|
|
"itself"
|
|
msgstr ""
|
|
|
|
msgid "A list of ACI values"
|
|
msgstr ""
|
|
|
|
msgid "type, filter, subtree and targetgroup are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "ACI prefix is required"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"at least one of: type, filter, subtree, targetgroup, attrs or memberof are "
|
|
"required"
|
|
msgstr ""
|
|
|
|
msgid "filter and memberof are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "group, permission and self are mutually exclusive"
|
|
msgstr ""
|
|
|
|
msgid "One of group, permission or self is required"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Group '%s' does not exist"
|
|
msgstr ""
|
|
|
|
msgid "empty filter"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Syntax Error: %(error)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "invalid DN (%s)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "ACI with name \"%s\" not found"
|
|
msgstr ""
|
|
|
|
msgid "ACI object."
|
|
msgstr ""
|
|
|
|
msgid "ACIs"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Created ACI \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted ACI \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified ACI \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d ACI matched"
|
|
msgid_plural "%(count)d ACIs matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Renamed ACI to \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Plugin to make multiple ipa calls via one remote procedure call\n"
|
|
"\n"
|
|
"To run this code in the lite-server\n"
|
|
"\n"
|
|
"curl -H \"Content-Type:application/json\" -H \"Accept:application/"
|
|
"json\" -H \"Accept-Language:en\" --negotiate -u : --cacert /"
|
|
"etc/ipa/ca.crt -d @batch_request.json -X POST http://"
|
|
"localhost:8888/ipa/json\n"
|
|
"\n"
|
|
"where the contents of the file batch_request.json follow the below example\n"
|
|
"\n"
|
|
"{\"method\":\"batch\",\"params\":[[\n"
|
|
" {\"method\":\"group_find\",\"params\":[[],{}]},\n"
|
|
" {\"method\":\"user_find\",\"params\":[[],{\"whoami\":\"true\",\"all"
|
|
"\":\"true\"}]},\n"
|
|
" {\"method\":\"user_show\",\"params\":[[\"admin\"],{\"all\":true}]}\n"
|
|
" ],{}],\"id\":1}\n"
|
|
"\n"
|
|
"The format of the response is nested the same way. At the top you will see\n"
|
|
" \"error\": null,\n"
|
|
" \"id\": 1,\n"
|
|
" \"result\": {\n"
|
|
" \"count\": 3,\n"
|
|
" \"results\": [\n"
|
|
"\n"
|
|
"\n"
|
|
"And then a nested response for each IPA command method sent in the request\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "Make multiple ipa calls via one remote procedure call"
|
|
msgstr ""
|
|
|
|
msgid "must contain a tuple (list, dict)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Certificate Identity Mapping\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage Certificate Identity Mapping configuration and rules.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA supports the use of certificates for authentication. Certificates can\n"
|
|
"either be stored in the user entry (full certificate in the usercertificate\n"
|
|
"attribute), or simply linked to the user entry through a mapping.\n"
|
|
"This code enables the management of the rules allowing to link a\n"
|
|
"certificate to a user entry.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display the Certificate Identity Mapping global configuration:\n"
|
|
" ipa certmapconfig-show\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify Certificate Identity Mapping global configuration:\n"
|
|
" ipa certmapconfig-mod --promptusername=TRUE\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Create a new Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-add rule1 --desc=\"Link certificate with subject and "
|
|
"issuer\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify a Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-mod rule1 --maprule=\"<ALT-SEC-ID-I-S:"
|
|
"altSecurityIdentities>\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Disable a Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-disable rule1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Enable a Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-enable rule1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display information about a Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-show rule1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all Certificate Identity Mapping Rules with the specified domain:\n"
|
|
" ipa certmaprule-find --domain example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete a Certificate Identity Mapping Rule:\n"
|
|
" ipa certmaprule-del rule1\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The domain(s) \"%s\" cannot be used to apply altSecurityIdentities check."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"The mapping rule with altSecurityIdentities should be applied to a trusted "
|
|
"Active Directory domain but no domain was associated with the rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "The domain %s is neither IPA domain nor a trusteddomain."
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping configuration options"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping Global Configuration"
|
|
msgstr ""
|
|
|
|
msgid "Prompt for the username"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Prompt for the username when multiple identities are mapped to a certificate"
|
|
msgstr ""
|
|
|
|
msgid "Modify Certificate Identity Mapping configuration."
|
|
msgstr ""
|
|
|
|
msgid "Show the current Certificate Identity Mapping configuration."
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping Rules"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping Rule"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping Rule name"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Identity Mapping Rule description"
|
|
msgstr ""
|
|
|
|
msgid "Mapping rule"
|
|
msgstr ""
|
|
|
|
msgid "Rule used to map the certificate with a user entry"
|
|
msgstr ""
|
|
|
|
msgid "Matching rule"
|
|
msgstr ""
|
|
|
|
msgid "Rule used to check if a certificate can be used for authentication"
|
|
msgstr ""
|
|
|
|
msgid "Domain where the user entry will be searched"
|
|
msgstr ""
|
|
|
|
msgid "Priority of the rule (higher number means lower priority"
|
|
msgstr ""
|
|
|
|
msgid "Create a new Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added Certificate Identity Mapping Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Modify a Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified Certificate Identity Mapping Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Search for Certificate Identity Mapping Rules."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d Certificate Identity Mapping Rule matched"
|
|
msgid_plural "%(count)d Certificate Identity Mapping Rules matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Display information about a Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
msgid "Delete a Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted Certificate Identity Mapping Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Enable a Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled Certificate Identity Mapping Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Disable a Certificate Identity Mapping Rule."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled Certificate Identity Mapping Rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Failed to connect to sssd over SystemBus. See details in the error_log"
|
|
msgstr ""
|
|
|
|
msgid "Failed to find users over SystemBus. See details in the error_log"
|
|
msgstr ""
|
|
|
|
msgid "User logins"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for users matching the provided certificate.\n"
|
|
"\n"
|
|
" This command relies on SSSD to retrieve the list of matching users and\n"
|
|
" may return cached data. For more information on purging SSSD cache,\n"
|
|
" please refer to sss_cache documentation.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)s user matched"
|
|
msgid_plural "%(count)s users matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage Certificate Profiles\n"
|
|
"\n"
|
|
"Certificate Profiles are used by Certificate Authority (CA) in the signing "
|
|
"of\n"
|
|
"certificates to determine if a Certificate Signing Request (CSR) is "
|
|
"acceptable,\n"
|
|
"and if so what features and extensions will be present on the certificate.\n"
|
|
"\n"
|
|
"The Certificate Profile format is the property-list format understood by "
|
|
"the\n"
|
|
"Dogtag or Red Hat Certificate System CA.\n"
|
|
"\n"
|
|
"PROFILE ID SYNTAX:\n"
|
|
"\n"
|
|
"A Profile ID is a string without spaces or punctuation starting with a "
|
|
"letter\n"
|
|
"and followed by a sequence of letters, digits or underscore (\"_\").\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Import a profile that will not store issued certificates:\n"
|
|
" ipa certprofile-import ShortLivedUserCert \\\n"
|
|
" --file UserCert.profile --desc \"User Certificates\" \\\n"
|
|
" --store=false\n"
|
|
"\n"
|
|
" Delete a certificate profile:\n"
|
|
" ipa certprofile-del ShortLivedUserCert\n"
|
|
"\n"
|
|
" Show information about a profile:\n"
|
|
" ipa certprofile-show ShortLivedUserCert\n"
|
|
"\n"
|
|
" Save profile configuration to a file:\n"
|
|
" ipa certprofile-show caIPAserviceCert --out caIPAserviceCert.cfg\n"
|
|
"\n"
|
|
" Search for profiles that do not store certificates:\n"
|
|
" ipa certprofile-find --store=false\n"
|
|
"\n"
|
|
"PROFILE CONFIGURATION FORMAT:\n"
|
|
"\n"
|
|
"The profile configuration format is the raw property-list format\n"
|
|
"used by Dogtag Certificate System. The XML format is not supported.\n"
|
|
"\n"
|
|
"The following restrictions apply to profiles managed by FreeIPA:\n"
|
|
"\n"
|
|
"- When importing a profile the \"profileId\" field, if present, must\n"
|
|
" match the ID given on the command line.\n"
|
|
"\n"
|
|
"- The \"classId\" field must be set to \"caEnrollImpl\"\n"
|
|
"\n"
|
|
"- The \"auth.instance_id\" field must be set to \"raCertAuth\"\n"
|
|
"\n"
|
|
"- The \"certReqInputImpl\" input class and \"certOutputImpl\" output\n"
|
|
" class must be used.\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid "CA is not configured"
|
|
msgstr ""
|
|
|
|
msgid "invalid Profile ID"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Profile"
|
|
msgstr ""
|
|
|
|
msgid "Certificate Profiles"
|
|
msgstr ""
|
|
|
|
msgid "Profile configuration"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d profile matched"
|
|
msgid_plural "%(count)d profiles matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Imported profile \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Profile data specifies profileId multiple times: %(values)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted profile \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Predefined profile '%(profile_id)s' cannot be deleted"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified Certificate Profile \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Certificate profiles cannot be renamed"
|
|
msgstr ""
|
|
|
|
msgid "Insufficient privilege to modify a certificate profile."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Domain Name System (DNS)\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Manage DNS zone and resource records.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"SUPPORTED ZONE TYPES\n"
|
|
"\n"
|
|
" * Master zone (dnszone-*), contains authoritative data.\n"
|
|
" * Forward zone (dnsforwardzone-*), forwards queries to configured "
|
|
"forwarders\n"
|
|
" (a set of DNS servers).\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"USING STRUCTURED PER-TYPE OPTIONS\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"There are many structured DNS RR types where DNS data stored in LDAP server\n"
|
|
"is not just a scalar value, for example an IP address or a domain name, but\n"
|
|
"a data structure which may be often complex. A good example is a LOC record\n"
|
|
"[RFC1876] which consists of many mandatory and optional parts (degrees,\n"
|
|
"minutes, seconds of latitude and longitude, altitude or precision).\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"It may be difficult to manipulate such DNS records without making a mistake\n"
|
|
"and entering an invalid value. DNS module provides an abstraction over "
|
|
"these\n"
|
|
"raw records and allows to manipulate each RR type with specific options. "
|
|
"For\n"
|
|
"each supported RR type, DNS module provides a standard option to manipulate\n"
|
|
"a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special "
|
|
"options\n"
|
|
"for every part of the RR structure with format --<rrtype>-<partname>, e.g.\n"
|
|
"--mx-preference and --mx-exchanger.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"When adding a record, either RR specific options or standard option for a "
|
|
"raw\n"
|
|
"value can be used, they just should not be combined in one add operation. "
|
|
"When\n"
|
|
"modifying an existing entry, new RR specific options can be used to change\n"
|
|
"one part of a DNS record, where the standard option for raw value is used\n"
|
|
"to specify the modified value. The following example demonstrates\n"
|
|
"a modification of MX record preference from 0 to 1 in a record without\n"
|
|
"modifying the exchanger:\n"
|
|
"ipa dnsrecord-mod --mx-rec=\"0 mx.example.com.\" --mx-preference=1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new zone:\n"
|
|
" ipa dnszone-add example.com --admin-email=admin@example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add system permission that can be used for per-zone privilege delegation:\n"
|
|
" ipa dnszone-add-permission example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify the zone to allow dynamic updates for hosts own records in realm "
|
|
"EXAMPLE.COM:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" This is the equivalent of:\n"
|
|
" ipa dnszone-mod example.com --dynamic-update=TRUE \\\n"
|
|
" --update-policy=\"grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM "
|
|
"krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify the zone to allow zone transfers for local network only:\n"
|
|
" ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new reverse zone specified by network IP address:\n"
|
|
" ipa dnszone-add --name-from-ip=192.0.2.0/24\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add second nameserver for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a mail server for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-rec=\"10 mail1\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add another record using MX record specific options:\n"
|
|
" ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add another record using interactive mode (started when dnsrecord-add, "
|
|
"dnsrecord-mod,\n"
|
|
" or dnsrecord-del are executed with no options):\n"
|
|
" ipa dnsrecord-add example.com @\n"
|
|
" Please choose a type of DNS resource record to be added\n"
|
|
" The most common types for this type of zone are: NS, MX, LOC\n"
|
|
"\n"
|
|
" DNS resource record type: MX\n"
|
|
" MX Preference: 30\n"
|
|
" MX Exchanger: mail3\n"
|
|
" Record name: example.com\n"
|
|
" MX record: 10 mail1, 20 mail2, 30 mail3\n"
|
|
" NS record: nameserver.example.com., nameserver2.example.com.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete previously added nameserver from example.com:\n"
|
|
" ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add LOC record for example.com:\n"
|
|
" ipa dnsrecord-add example.com @ --loc-rec=\"49 11 42.4 N 16 36 29.6 E "
|
|
"227.64m\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new A record for www.example.com. Create a reverse record in "
|
|
"appropriate\n"
|
|
" reverse zone as well. In this case a PTR record \"2\" pointing to www."
|
|
"example.com\n"
|
|
" will be created in zone 2.0.192.in-addr.arpa.\n"
|
|
" ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new PTR record for www.example.com\n"
|
|
" ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add new SRV records for LDAP servers. Three quarters of the requests\n"
|
|
" should go to fast.example.com, one quarter to slow.example.com. If neither\n"
|
|
" is available, switch to backup.example.com.\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 3 389 fast.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"0 1 389 slow.example."
|
|
"com\"\n"
|
|
" ipa dnsrecord-add example.com _ldap._tcp --srv-rec=\"1 1 389 backup."
|
|
"example.com\"\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" The interactive mode can be used for easy modification:\n"
|
|
" ipa dnsrecord-mod example.com _ldap._tcp\n"
|
|
" No option to modify specific record provided.\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 "
|
|
"backup.example.com\n"
|
|
"\n"
|
|
" Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):\n"
|
|
" Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y\n"
|
|
" SRV Priority [0]: (keep the default value)\n"
|
|
" SRV Weight [1]: 2 (modified value)\n"
|
|
" SRV Port [389]: (keep the default value)\n"
|
|
" SRV Target [slow.example.com]: (keep the default value)\n"
|
|
" 1 SRV record skipped. Only one value per DNS record type can be modified "
|
|
"at one time.\n"
|
|
" Record name: _ldap._tcp\n"
|
|
" SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 "
|
|
"389 slow.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" After this modification, three fifths of the requests should go to\n"
|
|
" fast.example.com and two fifths to slow.example.com.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" An example of the interactive mode for dnsrecord-del command:\n"
|
|
" ipa dnsrecord-del example.com www\n"
|
|
" No option to delete specific record provided.\n"
|
|
" Delete all? Yes/No (default No): (do not delete all records)\n"
|
|
" Current DNS record contents:\n"
|
|
"\n"
|
|
" A record: 192.0.2.2, 192.0.2.3\n"
|
|
"\n"
|
|
" Delete A record '192.0.2.2'? Yes/No (default No):\n"
|
|
" Delete A record '192.0.2.3'? Yes/No (default No): y\n"
|
|
" Record name: www\n"
|
|
" A record: 192.0.2.2 (A record 192.0.2.3 has been "
|
|
"deleted)\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show zone example.com:\n"
|
|
" ipa dnszone-show example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find zone with \"example\" in its domain name:\n"
|
|
" ipa dnszone-find example\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find records for resources with \"www\" in their name in zone example.com:\n"
|
|
" ipa dnsrecord-find example.com www\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find A records with value 192.0.2.2 in zone example.com\n"
|
|
" ipa dnsrecord-find example.com --a-rec=192.0.2.2\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show records for resource www in zone example.com\n"
|
|
" ipa dnsrecord-show example.com www\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delegate zone sub.example to another nameserver:\n"
|
|
" ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1\n"
|
|
" ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete zone example.com with all resource records:\n"
|
|
" ipa dnszone-del example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" If a global forwarder is configured, all queries for which this server is "
|
|
"not\n"
|
|
" authoritative (e.g. sub.example.com) will be routed to the global "
|
|
"forwarder.\n"
|
|
" Global forwarding configuration can be overridden per-zone.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Semantics of forwarding in IPA matches BIND semantics and depends on the "
|
|
"type\n"
|
|
" of zone:\n"
|
|
" * Master zone: local BIND replies authoritatively to queries for data in\n"
|
|
" the given zone (including authoritative NXDOMAIN answers) and forwarding\n"
|
|
" affects only queries for names below zone cuts (NS records) of locally\n"
|
|
" served zones.\n"
|
|
"\n"
|
|
" * Forward zone: forward zone contains no authoritative data. BIND "
|
|
"forwards\n"
|
|
" queries, which cannot be answered from its local cache, to configured\n"
|
|
" forwarders.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Semantics of the --forward-policy option:\n"
|
|
" * none - disable forwarding for the given zone.\n"
|
|
" * first - forward all queries to configured forwarders. If they fail,\n"
|
|
" do resolution using DNS root servers.\n"
|
|
" * only - forward all queries to configured forwarders and if they fail,\n"
|
|
" return failure.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Disable global forwarding for given sub-tree:\n"
|
|
" ipa dnszone-mod example.com --forward-policy=none\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" This configuration forwards all queries for names outside the example.com\n"
|
|
" sub-tree to global forwarders. Normal recursive resolution process is used\n"
|
|
" for names inside the example.com sub-tree (i.e. NS records are followed "
|
|
"etc.).\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Forward all requests for the zone external.example.com to another "
|
|
"forwarder\n"
|
|
" using a \"first\" policy (it will send the queries to the selected "
|
|
"forwarder\n"
|
|
" and if not answered it will use global root servers):\n"
|
|
" ipa dnsforwardzone-add external.example.com --forward-policy=first \\\n"
|
|
" --forwarder=203.0.113.1\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Change forward-policy for external.example.com:\n"
|
|
" ipa dnsforwardzone-mod external.example.com --forward-policy=only\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show forward zone external.example.com:\n"
|
|
" ipa dnsforwardzone-show external.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" List all forward zones:\n"
|
|
" ipa dnsforwardzone-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete forward zone external.example.com:\n"
|
|
" ipa dnsforwardzone-del external.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Resolve a host name to see if it exists (will add default IPA domain\n"
|
|
" if one is not included):\n"
|
|
" ipa dns-resolve www.example.com\n"
|
|
" ipa dns-resolve www\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"\n"
|
|
"GLOBAL DNS CONFIGURATION\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"DNS configuration passed to command line install script is stored in a "
|
|
"local\n"
|
|
"configuration file on each IPA server where DNS service is configured. "
|
|
"These\n"
|
|
"local settings can be overridden with a common configuration stored in LDAP\n"
|
|
"server:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show global DNS configuration:\n"
|
|
" ipa dnsconfig-show\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify global DNS configuration and set a list of global forwarders:\n"
|
|
" ipa dnsconfig-mod --forwarder=203.0.113.113\n"
|
|
msgstr ""
|
|
|
|
msgid "invalid IP network format"
|
|
msgstr ""
|
|
|
|
msgid "each ACL element must be terminated with a semicolon"
|
|
msgstr ""
|
|
|
|
msgid "invalid address format"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"expected format: <0-255> <0-255> <0-65535> even-"
|
|
"length_hexadecimal_digits_or_hyphen"
|
|
msgstr ""
|
|
|
|
msgid "algorithm value: allowed interval 0-255"
|
|
msgstr ""
|
|
|
|
msgid "flags value: allowed interval 0-255"
|
|
msgstr ""
|
|
|
|
msgid "iterations value: allowed interval 0-65535"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "salt value: %(err)s"
|
|
msgstr ""
|
|
|
|
msgid "invalid domain-name: not fully qualified"
|
|
msgstr ""
|
|
|
|
msgid "should not be a wildcard domain name (RFC 4592 section 4)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"All nameservers failed to answer the query for DNS reverse zone %(revdns)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"DNS reverse zone %(revzone)s for IP address %(addr)s is not managed by this "
|
|
"server"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "DNS zone %(zone)s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "IP address %(ip)s is already assigned in domain %(domain)s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s record"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Raw %s records"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s Record"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "(see RFC %s for details)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%s' is a required part of DNS record"
|
|
msgstr ""
|
|
|
|
msgid "Invalid number of parts!"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "format must be specified as \"%(format)s\" %(rfcs)s"
|
|
msgstr ""
|
|
|
|
msgid "Create reverse"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot create reverse record for \"%(value)s\": %(exc)s"
|
|
msgstr ""
|
|
|
|
msgid "Exchanger"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"format must be specified as\n"
|
|
" \"d1 [m1 [s1]] {\"N\"|\"S\"} d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
|
|
"[siz[\"m\"] [hp[\"m\"] [vp[\"m\"]]]]\"\n"
|
|
" where:\n"
|
|
" d1: [0 .. 90] (degrees latitude)\n"
|
|
" d2: [0 .. 180] (degrees longitude)\n"
|
|
" m1, m2: [0 .. 59] (minutes latitude/longitude)\n"
|
|
" s1, s2: [0 .. 59.999] (seconds latitude/longitude)\n"
|
|
" alt: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)\n"
|
|
" siz, hp, vp: [0 .. 90000000.00] (size/precision in meters)\n"
|
|
" See RFC 1876 for details"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "'%(required)s' must not be empty when '%(name)s' is set"
|
|
msgstr ""
|
|
|
|
msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\""
|
|
msgstr ""
|
|
|
|
msgid "Priority (order)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Lower number means higher priority. Clients will attempt to contact the "
|
|
"server with the lowest-numbered priority they can reach."
|
|
msgstr ""
|
|
|
|
msgid "Relative weight for entries with the same priority."
|
|
msgstr ""
|
|
|
|
msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Lower number means higher priority. Clients will attempt to contact the URI "
|
|
"with the lowest-numbered priority they can reach."
|
|
msgstr ""
|
|
|
|
msgid "Target Uniform Resource Identifier"
|
|
msgstr ""
|
|
|
|
msgid "Target Uniform Resource Identifier according to RFC 3986"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
|
|
msgstr ""
|
|
|
|
msgid "Managedby permission"
|
|
msgstr ""
|
|
|
|
msgid "Only one zone type is allowed per zone name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added system permission \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "permission \"%(value)s\" already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed system permission \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "DNS zone"
|
|
msgstr ""
|
|
|
|
msgid "DNS zones"
|
|
msgstr ""
|
|
|
|
msgid "DNS Zones"
|
|
msgstr ""
|
|
|
|
msgid "DNS Zone"
|
|
msgstr ""
|
|
|
|
msgid "Default time to live"
|
|
msgstr ""
|
|
|
|
msgid "Time to live for records without explicit TTL definition"
|
|
msgstr ""
|
|
|
|
msgid "setting Authoritative nameserver"
|
|
msgstr ""
|
|
|
|
msgid "It is used only for setting the SOA MNAME attribute."
|
|
msgstr ""
|
|
|
|
msgid "NS record(s) can be edited in zone apex - '@'. "
|
|
msgstr ""
|
|
|
|
msgid "<all IPA DNS servers>"
|
|
msgstr ""
|
|
|
|
msgid "Nameserver for reverse zone cannot be a relative DNS name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted DNS zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "is required"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled DNS zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled DNS zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "DNS resource record"
|
|
msgstr ""
|
|
|
|
msgid "DNS resource records"
|
|
msgstr ""
|
|
|
|
msgid "DNS Resource Records"
|
|
msgstr ""
|
|
|
|
msgid "DNS Resource Record"
|
|
msgstr ""
|
|
|
|
msgid "DS record must not be in zone apex (RFC 4035 section 2.4)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"out-of-zone data: record name must be a subdomain of the zone or a relative "
|
|
"name"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"owner of %(types)s records should not be a wildcard domain name (RFC 4592 "
|
|
"section 4)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Reverse zone for PTR record should be a sub-zone of one the following fully "
|
|
"qualified domains: %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Reverse zone %(name)s requires exactly %(count)d IP address components, "
|
|
"%(user_count)d given"
|
|
msgstr ""
|
|
|
|
msgid "only master zones can contain records"
|
|
msgstr ""
|
|
|
|
msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"CNAME record is not allowed to coexist with any other record (RFC 1034, "
|
|
"section 3.6.2)"
|
|
msgstr ""
|
|
|
|
msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"NS record is not allowed to coexist with an %(type)s record except when "
|
|
"located in a zone root record (RFC 2181, section 6.1)"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"DS record requires to coexist with an NS record (RFC 4592 section 4.6, RFC "
|
|
"4035 section 2.4)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Raw value of a DNS record was already set by \"%(name)s\" option"
|
|
msgstr ""
|
|
|
|
msgid "DNS zone root record cannot be renamed"
|
|
msgstr ""
|
|
|
|
msgid "DNS records can be only updated one at a time"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted record \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Zone record '%s' cannot be deleted"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Found '%(value)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Host '%(host)s' not found"
|
|
msgstr ""
|
|
|
|
msgid "DNS configuration options"
|
|
msgstr ""
|
|
|
|
msgid "DNS Global Configuration"
|
|
msgstr ""
|
|
|
|
msgid "IPA DNS version"
|
|
msgstr ""
|
|
|
|
msgid "List of IPA masters configured as DNS servers"
|
|
msgstr ""
|
|
|
|
msgid "IPA server configured as DNSSec key master"
|
|
msgstr ""
|
|
|
|
msgid "Global DNS configuration is empty"
|
|
msgstr ""
|
|
|
|
msgid "DNS forward zone"
|
|
msgstr ""
|
|
|
|
msgid "DNS forward zones"
|
|
msgstr ""
|
|
|
|
msgid "DNS Forward Zones"
|
|
msgstr ""
|
|
|
|
msgid "DNS Forward Zone"
|
|
msgstr ""
|
|
|
|
msgid "Please specify forwarders."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted DNS forward zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Disabled DNS forward zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Enabled DNS forward zone \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "IPA DNS records"
|
|
msgstr ""
|
|
|
|
msgid "IPA location records"
|
|
msgstr ""
|
|
|
|
msgid "Update location and IPA server DNS records"
|
|
msgstr ""
|
|
|
|
msgid "Result of the command"
|
|
msgstr ""
|
|
|
|
msgid "Dry run"
|
|
msgstr ""
|
|
|
|
msgid "Do not update records only return expected records"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "{role}: role not found"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "{attr}: no such attribute"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Topology\n"
|
|
"\n"
|
|
"Management of a replication topology at domain level 1.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA server's data is stored in LDAP server in two suffixes:\n"
|
|
"* domain suffix, e.g., 'dc=example,dc=com', contains all domain related "
|
|
"data\n"
|
|
"* ca suffix, 'o=ipaca', is present only on server with CA installed. It\n"
|
|
" contains data for Certificate Server component\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Data stored on IPA servers is replicated to other IPA servers. The way it "
|
|
"is\n"
|
|
"replicated is defined by replication agreements. Replication agreements "
|
|
"needs\n"
|
|
"to be set for both suffixes separately. On domain level 0 they are managed\n"
|
|
"using ipa-replica-manage and ipa-csreplica-manage tools. With domain level "
|
|
"1\n"
|
|
"they are managed centrally using `ipa topology*` commands.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Agreements are represented by topology segments. By default topology "
|
|
"segment\n"
|
|
"represents 2 replication agreements - one for each direction, e.g., A to B "
|
|
"and\n"
|
|
"B to A. Creation of unidirectional segments is not allowed.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"To verify that no server is disconnected in the topology of the given "
|
|
"suffix,\n"
|
|
"use:\n"
|
|
" ipa topologysuffix-verify $suffix\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"\n"
|
|
"Examples:\n"
|
|
" Find all IPA servers:\n"
|
|
" ipa server-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all suffixes:\n"
|
|
" ipa topologysuffix-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add topology segment to 'domain' suffix:\n"
|
|
" ipa topologysegment-add domain --left IPA_SERVER_A --right IPA_SERVER_B\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add topology segment to 'ca' suffix:\n"
|
|
" ipa topologysegment-add ca --left IPA_SERVER_A --right IPA_SERVER_B\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" List all topology segments in 'domain' suffix:\n"
|
|
" ipa topologysegment-find domain\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" List all topology segments in 'ca' suffix:\n"
|
|
" ipa topologysegment-find ca\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete topology segment in 'domain' suffix:\n"
|
|
" ipa topologysegment-del domain segment_name\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete topology segment in 'ca' suffix:\n"
|
|
" ipa topologysegment-del ca segment_name\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Verify topology of 'domain' suffix:\n"
|
|
" ipa topologysuffix-verify domain\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Verify topology of 'ca' suffix:\n"
|
|
" ipa topologysuffix-verify ca\n"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "Topology management requires minimum domain level {0} "
|
|
msgstr ""
|
|
|
|
msgid "segment"
|
|
msgstr ""
|
|
|
|
msgid "segments"
|
|
msgstr ""
|
|
|
|
msgid "Topology Segments"
|
|
msgstr ""
|
|
|
|
msgid "Topology Segment"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "left node is not a topology node: %(leftnode)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "right node is not a topology node: %(rightnode)s"
|
|
msgstr ""
|
|
|
|
msgid "left node and right node must not be the same"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "left node ({host}) does not support suffix '{suff}'"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid "right node ({host}) does not support suffix '{suff}'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d segment matched"
|
|
msgid_plural "%(count)d segments matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Added segment \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted segment \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified segment \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(value)s"
|
|
msgstr ""
|
|
|
|
msgid "left or right node has to be specified"
|
|
msgstr ""
|
|
|
|
msgid "only one node can be specified"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Replication refresh for segment: \"%(pkey)s\" requested."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Stopping of replication refresh for segment: \"%(pkey)s\" requested."
|
|
msgstr ""
|
|
|
|
msgid "suffixes"
|
|
msgstr ""
|
|
|
|
msgid "Topology suffixes"
|
|
msgstr ""
|
|
|
|
msgid "Topology suffix"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d topology suffix matched"
|
|
msgid_plural "%(count)d topology suffixes matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Deleted topology suffix \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added topology suffix \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified topology suffix \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Verify replication topology for suffix.\n"
|
|
"\n"
|
|
"Checks done:\n"
|
|
" 1. check if a topology is not disconnected. In other words if there are\n"
|
|
" replication paths between all servers.\n"
|
|
" 2. check if servers don't have more than the recommended number of\n"
|
|
" replication agreements\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid ""
|
|
"\n"
|
|
"IPA certificate operations\n"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Implements a set of commands for managing server SSL certificates.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Certificate requests exist in the form of a Certificate Signing Request "
|
|
"(CSR)\n"
|
|
"in PEM format.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
|
|
"subject to values configured in the server.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A certificate is stored with a service principal and a service principal\n"
|
|
"needs a host.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"In order to request a certificate:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"* The host must exist\n"
|
|
"* The service must exist (or you use the --add option to automatically add "
|
|
"it)\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"SEARCHING:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Certificates may be searched on by certificate subject, serial number,\n"
|
|
"revocation reason, validity dates and the issued date.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"When searching on dates the _from date does a >= search and the _to date\n"
|
|
"does a <= search. When combined these are done as an AND.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Dates are treated as GMT to match the dates in the certificates.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"The date format is YYYY-mm-dd.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Request a new certificate and add the principal:\n"
|
|
" ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Retrieve an existing certificate:\n"
|
|
" ipa cert-show 1032\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Revoke a certificate (see RFC 5280 for reason details):\n"
|
|
" ipa cert-revoke --revocation-reason=6 1032\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove a certificate from revocation hold status:\n"
|
|
" ipa cert-remove-hold 1032\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Check the status of a signing request:\n"
|
|
" ipa cert-status 10\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for certificates by hostname:\n"
|
|
" ipa cert-find --subject=ipaserver.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for revoked certificates by reason:\n"
|
|
" ipa cert-find --revocation-reason=5\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for certificates based on issuance date\n"
|
|
" ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for certificates owned by a specific user:\n"
|
|
" ipa cert-find --user=user\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Examine a certificate:\n"
|
|
" ipa cert-find --file=cert.pem --all\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Verify that a certificate is owned by a specific user:\n"
|
|
" ipa cert-find --file=cert.pem --user=user\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"IPA currently immediately issues (or declines) all certificate requests so\n"
|
|
"the status of a request is not normally useful. This is for future use\n"
|
|
"or the case where a CA does not immediately issue a certificate.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"The following revocation reasons are supported:\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
msgid " * 0 - unspecified\n"
|
|
msgstr ""
|
|
|
|
msgid " * 1 - keyCompromise\n"
|
|
msgstr ""
|
|
|
|
msgid " * 2 - cACompromise\n"
|
|
msgstr ""
|
|
|
|
msgid " * 3 - affiliationChanged\n"
|
|
msgstr ""
|
|
|
|
msgid " * 4 - superseded\n"
|
|
msgstr ""
|
|
|
|
msgid " * 5 - cessationOfOperation\n"
|
|
msgstr ""
|
|
|
|
msgid " * 6 - certificateHold\n"
|
|
msgstr ""
|
|
|
|
msgid " * 8 - removeFromCRL\n"
|
|
msgstr ""
|
|
|
|
msgid " * 9 - privilegeWithdrawn\n"
|
|
msgstr ""
|
|
|
|
msgid " * 10 - aACompromise\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Note that reason code 7 is not used. See RFC 5280 for more details:\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"http://www.ietf.org/rfc/rfc5280.txt\n"
|
|
"\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Principal '%(principal)s' is not permitted to use CA '%(ca)s' with profile "
|
|
"'%(profile_id)s' for certificate issuance."
|
|
msgstr ""
|
|
|
|
msgid "enabledService/configuredService not in ipaConfigString kdc entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Host '%(hostname)s' is not an active KDC"
|
|
msgstr ""
|
|
|
|
msgid "Issuing CA"
|
|
msgstr ""
|
|
|
|
msgid "Name of issuing CA"
|
|
msgstr ""
|
|
|
|
msgid "Subject email address"
|
|
msgstr ""
|
|
|
|
msgid "Subject DNS name"
|
|
msgstr ""
|
|
|
|
msgid "Subject X.400 address"
|
|
msgstr ""
|
|
|
|
msgid "Subject directory name"
|
|
msgstr ""
|
|
|
|
msgid "Subject EDI Party name"
|
|
msgstr ""
|
|
|
|
msgid "Subject URI"
|
|
msgstr ""
|
|
|
|
msgid "Subject IP Address"
|
|
msgstr ""
|
|
|
|
msgid "Subject OID"
|
|
msgstr ""
|
|
|
|
msgid "Subject UPN"
|
|
msgstr ""
|
|
|
|
msgid "Subject Kerberos principal name"
|
|
msgstr ""
|
|
|
|
msgid "Subject Other Name"
|
|
msgstr ""
|
|
|
|
msgid "Serial number (hex)"
|
|
msgstr ""
|
|
|
|
msgid "Request status"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"automatically add the principal if it doesn't exist (service principals only)"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "krbtgt certs can use only the %s profile"
|
|
msgstr ""
|
|
|
|
msgid "No Common Name was found in subject of request."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"hostname in subject of request '%(cn)s' does not match name or aliases of "
|
|
"principal '%(principal)s'"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"hostname in subject of request '%(cn)s' does not match principal hostname "
|
|
"'%(hostname)s'"
|
|
msgstr ""
|
|
|
|
msgid "DN commonName does not match user's login"
|
|
msgstr ""
|
|
|
|
msgid "DN emailAddress does not match any of user's email addresses"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Insufficient 'write' privilege to the 'userCertificate' attribute of entry "
|
|
"'%s'."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "subject alt name type %s is forbidden for user principals"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"The service principal for subject alt name %s in certificate request does "
|
|
"not exist"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Insufficient privilege to create a certificate with subject alt name '%s'."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Principal '%s' in subject alt name does not match requested principal"
|
|
msgstr ""
|
|
|
|
msgid "RFC822Name does not match any of user's email addresses"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "subject alt name type %s is forbidden for non-user principals"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Subject alt name type %s is forbidden"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "CA '%s' is disabled"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Deprecated options"
|
|
msgid "'add' option"
|
|
msgstr "वापरात नसलेले पर्याय"
|
|
|
|
#, python-format
|
|
msgid "IP address in subjectAltName (%s) unreachable from DNS names"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "IP address in subjectAltName (%s) does not have PTR record"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "PTR record for SAN IP (%s) does not match A/AAAA records"
|
|
msgstr ""
|
|
|
|
msgid "Revoked"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Reason for revoking the certificate (0-10). Type \"ipa help cert\" for "
|
|
"revocation reason details. "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Owner %s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Certificate with serial number %(serial)s issued by CA '%(ca)s' not found"
|
|
msgstr ""
|
|
|
|
msgid "7 is not a valid revocation reason"
|
|
msgstr ""
|
|
|
|
msgid "Results should contain primary key attribute only (\"certificate\")"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d certificate matched"
|
|
msgid_plural "%(count)d certificates matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
#, python-format
|
|
msgid "Search for certificates with these owner %s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Search for certificates without these owner %s."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Auto Membership Rule.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Bring clarity to the membership of hosts and users by configuring inclusive\n"
|
|
"or exclusive regex patterns, you can automatically assign a new entries "
|
|
"into\n"
|
|
"a group or hostgroup based upon attribute information.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A rule is directly associated with a group by name, so you cannot create\n"
|
|
"a rule without an accompanying group or hostgroup.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A condition is a regular expression used by 389-ds to match a new incoming\n"
|
|
"entry with an automember rule. If it matches an inclusive rule then the\n"
|
|
"entry is added to the appropriate group or hostgroup.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"A default group or hostgroup could be specified for entries that do not\n"
|
|
"match any rule. In case of user entries this group will be a fallback group\n"
|
|
"because all users are by default members of group specified in IPA config.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"The automember-rebuild command can be used to retroactively run automember "
|
|
"rules\n"
|
|
"against existing entries, thus rebuilding their membership.\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add the initial group or hostgroup:\n"
|
|
" ipa hostgroup-add --desc=\"Web Servers\" webservers\n"
|
|
" ipa group-add --desc=\"Developers\" devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add the initial rule:\n"
|
|
" ipa automember-add --type=hostgroup webservers\n"
|
|
" ipa automember-add --type=group devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a condition to the rule:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
" ipa automember-add-condition --key=manager --type=group --inclusive-"
|
|
"regex=^uid=mscott devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add an exclusive condition to the rule to prevent auto assignment:\n"
|
|
" ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-"
|
|
"regex=^web5\\.example\\.com webservers\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a host:\n"
|
|
" ipa host-add web1.example.com\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add a user:\n"
|
|
" ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Verify automembership:\n"
|
|
" ipa hostgroup-show webservers\n"
|
|
" Host-group: webservers\n"
|
|
" Description: Web Servers\n"
|
|
" Member hosts: web1.example.com\n"
|
|
"\n"
|
|
" ipa group-show devel\n"
|
|
" Group name: devel\n"
|
|
" Description: Developers\n"
|
|
" GID: 1004200000\n"
|
|
" Member users: tuser\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove a condition from the rule:\n"
|
|
" ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-"
|
|
"regex=^web[1-9]+\\.example\\.com webservers\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify the automember rule:\n"
|
|
" ipa automember-mod\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Set the default (fallback) target group:\n"
|
|
" ipa automember-default-group-set --default-group=webservers --"
|
|
"type=hostgroup\n"
|
|
" ipa automember-default-group-set --default-group=ipausers --type=group\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove the default (fallback) target group:\n"
|
|
" ipa automember-default-group-remove --type=hostgroup\n"
|
|
" ipa automember-default-group-remove --type=group\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Show the default (fallback) target group:\n"
|
|
" ipa automember-default-group-show --type=hostgroup\n"
|
|
" ipa automember-default-group-show --type=group\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all of the automember rules:\n"
|
|
" ipa automember-find\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Find all of the orphan automember rules:\n"
|
|
" ipa automember-find-orphans --type=hostgroup\n"
|
|
" Find all of the orphan automember rules and remove them:\n"
|
|
" ipa automember-find-orphans --type=hostgroup --remove\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display a automember rule:\n"
|
|
" ipa automember-show --type=hostgroup webservers\n"
|
|
" ipa automember-show --type=group devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete an automember rule:\n"
|
|
" ipa automember-del --type=hostgroup webservers\n"
|
|
" ipa automember-del --type=group devel\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Rebuild membership for all users:\n"
|
|
" ipa automember-rebuild --type=group\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Rebuild membership for all hosts:\n"
|
|
" ipa automember-rebuild --type=hostgroup\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Rebuild membership for specified users:\n"
|
|
" ipa automember-rebuild --users=tuser1 --users=tuser2\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Rebuild membership for specified hosts:\n"
|
|
" ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example."
|
|
"com\n"
|
|
msgstr ""
|
|
|
|
msgid "Auto Membership Rule"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(otype)s \"%(oname)s\" not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s is not a valid attribute."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added automember rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "Auto Membership is not configured"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Add conditions to an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added condition(s) to \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Auto member rule: %s not found!"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Override this so we can add completed and failed to the return "
|
|
"result.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove conditions from an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed condition(s) from \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Override this so we can set completed and failed.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Modify an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified automember rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Delete an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted automember rule \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for automember rules.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d rules matched"
|
|
msgid_plural "%(count)d rules matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display information about an automember rule.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Set default (fallback) group for all unmatched entries.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Set default (fallback) group for automember \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Remove default (fallback) group for all unmatched entries.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed default (fallback) group for automember \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "No default (fallback) group set"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Display information about the default (fallback) automember groups.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Task DN"
|
|
msgstr ""
|
|
|
|
msgid "DN of the started task"
|
|
msgstr ""
|
|
|
|
msgid "at least one of options: type, users, hosts must be specified"
|
|
msgstr ""
|
|
|
|
msgid "users and hosts cannot both be set"
|
|
msgstr ""
|
|
|
|
msgid "hosts cannot be set when type is 'group'"
|
|
msgstr ""
|
|
|
|
msgid "users cannot be set when type is 'hostgroup'"
|
|
msgstr ""
|
|
|
|
msgid "Automember rebuild membership task started"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Task DN = '%s'"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
" Search for orphan automember rules. The command might need to be run as\n"
|
|
" a privileged user user to get all orphan rules.\n"
|
|
" "
|
|
msgstr ""
|
|
|
|
msgid "Remove orphan automember rules"
|
|
msgstr ""
|
|
|
|
msgid "Member service groups"
|
|
msgstr ""
|
|
|
|
msgid "Member HBAC service groups"
|
|
msgstr ""
|
|
|
|
msgid "Member ID user overrides"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member ID user overrides"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member permissions"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member HBAC service"
|
|
msgstr ""
|
|
|
|
msgid "Indirect Member HBAC service group"
|
|
msgstr ""
|
|
|
|
msgid "Invalid format. Should be name=value"
|
|
msgstr ""
|
|
|
|
msgid "An IPA master host cannot be deleted or disabled"
|
|
msgstr ""
|
|
|
|
msgid "entry"
|
|
msgstr ""
|
|
|
|
msgid "entries"
|
|
msgstr ""
|
|
|
|
msgid "Entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "container entry (%(container)s) not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(parent)s: %(oname)s not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(oname)s with name \"%(pkey)s\" already exists"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "attribute \"%(attribute)s\" not allowed"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "these attributes are not allowed: %(attrs)s"
|
|
msgstr ""
|
|
|
|
msgid "attribute is not configurable"
|
|
msgstr ""
|
|
|
|
msgid "No such attribute on this entry"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Rename the %(ldap_obj_name)s object"
|
|
msgstr ""
|
|
|
|
msgid "the entry was deleted while being modified"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s to add"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s to remove"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Search for %(searched_object)s with these %(relationship)s %(ldap_object)s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Search for %(searched_object)s without these %(relationship)s "
|
|
"%(ldap_object)s."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "added attribute value to entry %(value)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "removed attribute values from entry %(value)s"
|
|
msgstr ""
|
|
|
|
msgid "one or more values to remove"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Baseuser\n"
|
|
"\n"
|
|
"This contains common definitions for user/stageuser\n"
|
|
msgstr ""
|
|
|
|
msgid "must be TRUE or FALSE"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Object class ipaNTUserAttrs is missing, user entry cannot have SMB "
|
|
"attributes."
|
|
msgstr ""
|
|
|
|
msgid "User password expiration"
|
|
msgstr ""
|
|
|
|
msgid "SMB logon script path"
|
|
msgstr ""
|
|
|
|
msgid "SMB profile path"
|
|
msgstr ""
|
|
|
|
msgid "SMB Home Directory"
|
|
msgstr ""
|
|
|
|
msgid "SMB Home Directory Drive"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "invalid e-mail format: %(email)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "manager %(manager)s not found"
|
|
msgstr ""
|
|
|
|
msgid "Issuer of the certificate"
|
|
msgstr ""
|
|
|
|
msgid "Subject of the certificate"
|
|
msgstr ""
|
|
|
|
msgid "cannot have an empty subject"
|
|
msgstr ""
|
|
|
|
msgid "cannot specify both subject/issuer and certificate"
|
|
msgstr ""
|
|
|
|
msgid "cannot specify both subject/issuer and ipacertmapdata"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added certificate mappings to user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Removed certificate mappings from user \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Groups of hosts.\n"
|
|
"\n"
|
|
"Manage groups of hosts. This is useful for applying access control to a\n"
|
|
"number of hosts by using Host-based Access Control.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" Add a new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Baltimore hosts\" baltimore\n"
|
|
"\n"
|
|
" Add another new host group:\n"
|
|
" ipa hostgroup-add --desc=\"Maryland hosts\" maryland\n"
|
|
"\n"
|
|
" Add members to the hostgroup (using Bash brace expansion):\n"
|
|
" ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore\n"
|
|
"\n"
|
|
" Add a hostgroup as a member of another hostgroup:\n"
|
|
" ipa hostgroup-add-member --hostgroups=baltimore maryland\n"
|
|
"\n"
|
|
" Remove a host from the hostgroup:\n"
|
|
" ipa hostgroup-remove-member --hosts=box2 baltimore\n"
|
|
"\n"
|
|
" Display a host group:\n"
|
|
" ipa hostgroup-show baltimore\n"
|
|
"\n"
|
|
" Add a member manager:\n"
|
|
" ipa hostgroup-add-member-manager --users=user1 baltimore\n"
|
|
"\n"
|
|
" Remove a member manager\n"
|
|
" ipa hostgroup-remove-member-manager --users=user1 baltimore\n"
|
|
"\n"
|
|
" Delete a hostgroup:\n"
|
|
" ipa hostgroup-del baltimore\n"
|
|
msgstr ""
|
|
|
|
msgid "host groups"
|
|
msgstr ""
|
|
|
|
msgid "Host Group"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Added hostgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"netgroup with name \"%s\" already exists. Hostgroups and netgroups share a "
|
|
"common namespace"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Deleted hostgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
msgid "hostgroup"
|
|
msgstr ""
|
|
|
|
msgid "privileged hostgroup"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Modified hostgroup \"%(value)s\""
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(count)d hostgroup matched"
|
|
msgid_plural "%(count)d hostgroups matched"
|
|
msgstr[0] ""
|
|
msgstr[1] ""
|
|
|
|
msgid "Add users that can manage members of this hostgroup."
|
|
msgstr ""
|
|
|
|
msgid "Remove users that can manage members of this hostgroup."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Migration to IPA\n"
|
|
"\n"
|
|
"Migrate users and groups from an LDAP server to IPA.\n"
|
|
"\n"
|
|
"This performs an LDAP query against the remote server searching for\n"
|
|
"users and groups in a container. In order to migrate passwords you need\n"
|
|
"to bind as a user that can read the userPassword attribute on the remote\n"
|
|
"server. This is generally restricted to high-level admins such as\n"
|
|
"cn=Directory Manager in 389-ds (this is the default bind user).\n"
|
|
"\n"
|
|
"The default user container is ou=People.\n"
|
|
"\n"
|
|
"The default group container is ou=Groups.\n"
|
|
"\n"
|
|
"Users and groups that already exist on the IPA server are skipped.\n"
|
|
"\n"
|
|
"Two LDAP schemas define how group members are stored: RFC2307 and\n"
|
|
"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
|
|
"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
|
|
"\n"
|
|
"The schema compat feature allows IPA to reformat data for systems that\n"
|
|
"do not support RFC2307bis. It is recommended that this feature is disabled\n"
|
|
"during migration to reduce system overhead. It can be re-enabled after\n"
|
|
"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
|
|
"\n"
|
|
"Migrated users do not have Kerberos credentials, they have only their\n"
|
|
"LDAP password. To complete the migration process, users need to go\n"
|
|
"to http://ipa.example.com/ipa/migration and authenticate using their\n"
|
|
"LDAP password in order to generate their Kerberos credentials.\n"
|
|
"\n"
|
|
"Migration is disabled by default. Use the command ipa config-mod to\n"
|
|
"enable it:\n"
|
|
"\n"
|
|
" ipa config-mod --enable-migration=TRUE\n"
|
|
"\n"
|
|
"If a base DN is not provided with --basedn then IPA will use either\n"
|
|
"the value of defaultNamingContext if it is set or the first value\n"
|
|
"in namingContexts set in the root of the remote LDAP server.\n"
|
|
"\n"
|
|
"Users are added as members to the default user group. This can be a\n"
|
|
"time-intensive task so during migration this is done in a batch\n"
|
|
"mode for every 100 users. As a result there will be a window in which\n"
|
|
"users will be added to IPA but will not be members of the default\n"
|
|
"user group.\n"
|
|
"\n"
|
|
"EXAMPLES:\n"
|
|
"\n"
|
|
" The simplest migration, accepting all defaults:\n"
|
|
" ipa migrate-ds ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Specify the user and group container. This can be used to migrate user\n"
|
|
" and group data from an IPA v1 server:\n"
|
|
" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
|
|
" --group-container='cn=groups,cn=accounts' \\\n"
|
|
" ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Since IPA v2 server already contain predefined groups that may collide "
|
|
"with\n"
|
|
" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
|
|
" having colliding group as their primary group may happen to belong to\n"
|
|
" an unknown group on new IPA v2 server.\n"
|
|
" Use --group-overwrite-gid option to overwrite GID of already existing "
|
|
"groups\n"
|
|
" to prevent this issue:\n"
|
|
" ipa migrate-ds --group-overwrite-gid \\\n"
|
|
" --user-container='cn=users,cn=accounts' \\\n"
|
|
" --group-container='cn=groups,cn=accounts' \\\n"
|
|
" ldap://ds.example.com:389\n"
|
|
"\n"
|
|
" Migrated users or groups may have object class and accompanied attributes\n"
|
|
" unknown to the IPA v2 server. These object classes and attributes may be\n"
|
|
" left out of the migration process:\n"
|
|
" ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
|
|
" --group-container='cn=groups,cn=accounts' \\\n"
|
|
" --user-ignore-objectclass=radiusprofile \\\n"
|
|
" --user-ignore-attribute=radiusgroupname \\\n"
|
|
" ldap://ds.example.com:389\n"
|
|
"\n"
|
|
"LOGGING\n"
|
|
"\n"
|
|
"Migration will log warnings and errors to the Apache error log. This\n"
|
|
"file should be evaluated post-migration to correct or investigate any\n"
|
|
"issues that were discovered.\n"
|
|
"\n"
|
|
"For every 100 users migrated an info-level message will be displayed to\n"
|
|
"give the current progress and duration to make it possible to track\n"
|
|
"the progress of migration.\n"
|
|
"\n"
|
|
"If the log level is debug, either by setting debug = True in\n"
|
|
"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
|
|
"printed\n"
|
|
"for each user added plus a summary when the default user group is\n"
|
|
"updated.\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"Unable to determine if Kerberos principal %s already exists. Use 'ipa user-"
|
|
"mod' to set it manually."
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Failed to add user to the default group. Use 'ipa group-add-member' to add "
|
|
"manually."
|
|
msgstr ""
|
|
|
|
msgid "Migration of LDAP search reference is not supported."
|
|
msgstr ""
|
|
|
|
msgid "Malformed DN"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%(user)s is not a POSIX user"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
". Check GID of the existing group. Use --group-overwrite-gid option to "
|
|
"overwrite the GID"
|
|
msgstr ""
|
|
|
|
msgid "Invalid LDAP URI."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s to exclude from migration"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"search results for objects to be migrated\n"
|
|
"have been truncated by the server;\n"
|
|
"migration process might be incomplete\n"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"%(container)s LDAP search did not return any result (search base: "
|
|
"%(search_base)s, objectclass: %(objectclass)s)"
|
|
msgstr ""
|
|
|
|
msgid "Failed to authenticate to CA REST API"
|
|
msgstr ""
|
|
|
|
msgid "REST API is not logged in."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Non-2xx response from CA REST API: %(status)d. %(explanation)s"
|
|
msgstr ""
|
|
|
|
msgid "Unable to communicate with CMS"
|
|
msgstr ""
|
|
|
|
msgid "Response from CA was not valid JSON"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"\n"
|
|
"Classes to manage trust joins using DCE-RPC calls\n"
|
|
"\n"
|
|
"The code in this module relies heavily on samba4-python package\n"
|
|
"and Samba4 python bindings.\n"
|
|
msgstr ""
|
|
|
|
msgid "CIFS server denied your credentials"
|
|
msgstr ""
|
|
|
|
msgid "communication with CIFS server was unsuccessful"
|
|
msgstr ""
|
|
|
|
msgid "AD domain controller"
|
|
msgstr ""
|
|
|
|
msgid "unsupported functional level"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"AD domain controller complains about communication sequence. It may mean "
|
|
"unsynchronized time on both sides, for example"
|
|
msgstr ""
|
|
|
|
msgid "Cannot find specified domain or server name"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"AD DC was unable to reach any IPA domain controller. Most likely it is a DNS "
|
|
"or firewall issue"
|
|
msgstr ""
|
|
|
|
msgid "At least the domain or IP address should be specified"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"CIFS server communication error: code \"%(num)s\", message \"%(message)s"
|
|
"\" (both may be \"None\")"
|
|
msgstr ""
|
|
|
|
msgid "no trusted domain is configured"
|
|
msgstr ""
|
|
|
|
msgid "domain is not configured"
|
|
msgstr ""
|
|
|
|
msgid "SID is not valid"
|
|
msgstr ""
|
|
|
|
msgid "SID does not match exactlywith any trusted domain's SID"
|
|
msgstr ""
|
|
|
|
msgid "SID does not match any trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "Trust setup"
|
|
msgstr ""
|
|
|
|
msgid "Our domain is not configured"
|
|
msgstr ""
|
|
|
|
msgid "No trusted domain is not configured"
|
|
msgstr ""
|
|
|
|
msgid "trusted domain object"
|
|
msgstr ""
|
|
|
|
msgid "domain is not trusted"
|
|
msgstr ""
|
|
|
|
msgid "no trusted domain matched the specified flat name"
|
|
msgstr ""
|
|
|
|
msgid "trusted domain object not found"
|
|
msgstr ""
|
|
|
|
msgid "Object does not belong to a trusted domain"
|
|
msgstr ""
|
|
|
|
msgid "SSSD was unable to resolve the object to a valid SID"
|
|
msgstr ""
|
|
|
|
msgid "Ambiguous search, user domain was not specified"
|
|
msgstr ""
|
|
|
|
msgid "Trusted domain did not return a unique object"
|
|
msgstr ""
|
|
|
|
msgid "Trusted domain did not return a valid SID for the object"
|
|
msgstr ""
|
|
|
|
msgid "trusted domain user not found"
|
|
msgstr ""
|
|
|
|
msgid "Cannot retrieve trusted domain GC list"
|
|
msgstr ""
|
|
|
|
msgid "CIFS credentials object"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "CIFS server %(host)s denied your credentials"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"the IPA server and the remote domain cannot share the same NetBIOS name: %s"
|
|
msgstr ""
|
|
|
|
#, python-brace-format
|
|
msgid ""
|
|
"There is already a trust to {ipa_domain} with unsupported type {trust_type}. "
|
|
"Please remove it manually on AD DC side."
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"IPA master denied trust validation requests from AD DC %(count)d times. Most "
|
|
"likely AD DC contacted a replica that has no trust information replicated "
|
|
"yet. Additionally, please check that AD DNS is able to resolve %(records)s "
|
|
"SRV records to the correct IPA server."
|
|
msgstr ""
|
|
|
|
msgid "Credentials"
|
|
msgstr ""
|
|
|
|
msgid "Missing credentials for cross-forest communication"
|
|
msgstr ""
|
|
|
|
msgid "Trusting forest"
|
|
msgstr ""
|
|
|
|
msgid "Trusted forest"
|
|
msgstr ""
|
|
|
|
msgid "Established and verified"
|
|
msgstr ""
|
|
|
|
msgid "Waiting for confirmation by remote side"
|
|
msgstr ""
|
|
|
|
msgid "Unknown"
|
|
msgstr ""
|
|
|
|
msgid "Non-Active Directory domain"
|
|
msgstr ""
|
|
|
|
msgid "RFC4120-compliant Kerberos realm"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Non-transitive external trust to a domain in another Active Directory forest"
|
|
msgstr ""
|
|
|
|
msgid "Non-transitive external trust to an RFC4120-compliant Kerberos realm"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"\n"
|
|
"Replication topology in suffix '%(suffix)s' is disconnected:\n"
|
|
"%(errors)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid ""
|
|
"\n"
|
|
"Removal of '%(hostname)s' leads to disconnected topology in suffix "
|
|
"'%(suffix)s':\n"
|
|
"%(errors)s"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "Topology does not allow server %(server)s to replicate with servers:"
|
|
msgstr ""
|
|
|
|
msgid "Request must be a dict"
|
|
msgstr ""
|
|
|
|
msgid "Request is missing \"method\""
|
|
msgstr ""
|
|
|
|
msgid "Request is missing \"params\""
|
|
msgstr ""
|
|
|
|
msgid "params must be a list"
|
|
msgstr ""
|
|
|
|
msgid "params must contain [args, options]"
|
|
msgstr ""
|
|
|
|
msgid "params[0] (aka args) must be a list"
|
|
msgstr ""
|
|
|
|
msgid "params[1] (aka options) must be a dict"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "all masters must have %(role)s role enabled"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must have %(role)s role enabled"
|
|
msgstr ""
|
|
|
|
msgid "must be enabled only on a single master"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "must equal %r"
|
|
msgstr ""
|
|
|
|
msgid "Hello world"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "%s: RADIUS proxy server not found"
|
|
msgstr ""
|
|
|
|
#, python-format
|
|
msgid "RADIUS proxy server with name \"%s\" already exists"
|
|
msgstr ""
|
|
|
|
msgid "must be at least 1"
|
|
msgstr ""
|
|
|
|
msgid "Out of memory\n"
|
|
msgstr ""
|
|
|
|
msgid "Warning unrecognized encryption type.\n"
|
|
msgstr ""
|
|
|
|
msgid "Warning unrecognized salt type.\n"
|
|
msgstr ""
|
|
|
|
msgid "Out of memory!?\n"
|
|
msgstr ""
|
|
|
|
msgid "Enctype comparison failed!\n"
|
|
msgstr ""
|
|
|
|
#, fuzzy
|
|
#| msgid "Passwords do not match!"
|
|
msgid "Password is too long!\n"
|
|
msgstr "पासवर्ड जुळत नाही!"
|
|
|
|
msgid "Failed to create random key!\n"
|
|
msgstr ""
|
|
|
|
msgid "Failed to create key!\n"
|
|
msgstr ""
|
|
|
|
msgid "Bad or unsupported salt type.\n"
|
|
msgstr ""
|
|
|
|
#, c-format
|
|
msgid "Unable to initialize connection to ldap server %1$s: %2$s\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to set LDAP_OPT_PROTOCOL_VERSION\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to set LDAP_OPT_X_SASL_NOCANON\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to set LDAP_OPT_X_TLS_CACERTFILE\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to set LDAP_OPT_X_TLS_PROTOCOL_MIN\n"
|
|
msgstr ""
|
|
|
|
msgid ""
|
|
"Unable to create new TLS context (OpenSSL failed to initialize or to load "
|
|
"certificates)\n"
|
|
msgstr ""
|
|
|
|
msgid "Unable to initialize STARTTLS session\n"
|
|
msgstr ""
|