PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` $Y,(55555 555 66.6>6P6j666"6'616@%75f7/7878&8 D8e87}888:8!969ZS9F919%':>M:3:*::B ;)N;)x;*;#;3;%%< K<l<<<<<#<% =2=#Q=u=====>>#4>X>r>>>*>&>;?'L?Pt?T?R@m@@#@!@@ A%A(AA&A3B2RB7BAB9B79C!qCCD4D.SD,D!DDD0D ,EJ8EEE=E&E!FP8F$F(FFFG,)G+VG.G2G,G3HEH#bH+H H HH"H6!I$XI*}II/IIJ/.J'^J%J'JSJJ(K"sK)K!K-K(L9L!QLsLL,L LL L6L$M9M PM[MjM*qM)MMM MN>NMNfN}NRNUNA:O)|O<OBOG&PFnP.PFP8+Q;dQZQEQ:AR;|R-R7RS9S MSXSFkSS4S4SV.TeT;TG'U;oU0U U'U2%V4XVV(V'V(V'"W!JW3lW WWWWW X1XGX`XxXX XXXY&YFY%aYYYYYY)Y*%Z:PZ%Z*Z$Z5[07[+h[#[[C[>\4O\9\\#\:]?=].}]']] ]] ^I^&e^f^^9_-=_,k_5__!_`&`)C`?m``<`=`)-a'Wa aaa/aa-bM0bM~bKb c&c*9c,dcc7c(c! d/d&Kdrdd dd%dee9eAeHe0[e+e2eee f=fWfApf?f6f)g5;g=qg>gKgQ:hMhWhM2iiiii+i(j /j:jQjmj j2jEj,$k,Qk/~k*kk0k*lIl(_lll=l5m19mkm-m"m$mmn /n*Pn/{n$nnn oH#oloo(ooo"op3.pbp{p(p-p)pq 3qAq/Wq$q7q7qr ;5z#'ԅ('%+M*y!Ɔ߆2!0 R>`8؇!*&AQ! ֈ+!E gۉq732!%T3z15/2F'y%5nj#!'5D](@ލ*DJE"Վi9b8DՏ86SA̐;=(@fAK>5Ttɒ-?CS5 ͓B'1*Y52ٔ9 F`y͕+ߕ$ $0U$t ͖$ 2F^wϗ,@!X7zʘ4J!Z"| "1CVr%Μ-6".Y5ݝ!4.Ds7۞D 9P.:՟*$; `?#'( 6$R'w"¡ ء'('P!x*Ţۢ-FYx!ɣ&*)0T$E@F1x+%ߥ'*Ǧ%(D,m41ϧ46zMȨߨ0',"Tw. ˩Kة$=7V!TǪ$8]s($Ы!0$H/mͬ !-7!e!+í"=%Z+KJC"]$&į"!2!Eg n {) а ڰ" )E^z ɱ@ڱa9}(Q926l5$ٳ--,6ZjJ=G'$,ҵ/7DK0*ѶXWU=N=:-x!2ȸ!$B"Z"}"%ù* 0>Ni$˺޺$?]p һ!:S'k+*'!4'P!x! ܽ94$9Y*#ھ+.*'Y ʿ6ٿ#W4(*-)H!XzE >-Q% $ $.1F`FL; U+c('!2Jfv %)D-n2 6#4Z.6::?DzJF PQF+'A$i 5-0'^'+"+<[j500O$h$!7Sk >'&#8\m$|8(4C(x+ 80:i+"Gj;~p&.. 3!'U6}$' $3$X%}%BVf''!$7Jd{ <<?| $=[x! # 0 ,Q ~&@;0F> %H2n#'3@5t(:!#0.TG= R$9w9!* R8/$$6.[U..,]'!"%"%@f3 1+6 bn!7,Fc2RL'' 3.C5r2:15H!~%,+'0=X D% 520h!O+ .7,f$)8372kF7<6Z?(,0=-n!9&>$['05R'a "" / 3=Rc"w "6H^v32Jf % cX)[f9q3Kg?VU~1<RPC6Y d>?Q"HSzbA02w,uu@kI(@!c^kpP8a}zHaJv~}|X6H zmxl;i9o^x]vSjt7Y\ g:5@_g3!1K$]O Q%q^9"'4Vej=o(N) *]+MGd`4~O.=%-,r=\$LNKN/FE$L}8T.iTZo0(hUc<M)W' QTi*|`{YCD&w?<+-VE>.vMWs dIO{n m'[sJyeE r/lfL \8_2;#R/ # >%CfAG&b|bq6y7n2+,p- !5ZSBhp4hDRZAX0"#D`x:*W1 j JB{F;:sut B  wmU[yGPa5ItlF37r&_enk %1$sIs a member of: %1$sMember groups: %s is not present in cache. - gecos: %s - group id: %d - home directory: %s - no env - - shell: %s - user id: %d - user name: %s %1$s must be run as root %1$s%2$sGroup: %3$s %1$sGID number: %2$d %1$sMember users: %s: Unable to read value [%d]: %s , your cached password will expire at: A group with the same name or GID already exists A list of extra attributes to download along with the user entryA mapping from user names to Kerberos principal namesA specific order of the domains to be looked upA user or group with the same name or ID already exists Access control providerActive Directory backup server addressActive Directory client hostnameActive Directory domainActive Directory primary group attribute for ID-mappingActive Directory server addressActive servers: Add an attribute/value pair. The format is attrname=value.Add debug timestampsAddress of backup IPA serverAfter changing the OTP password, you need to log out and back in order to acquire a ticketAll spaces in group or user names will be replaced with this characterAllow certificate based/Smartcard authentication.Allowed services for using smartcardsAlways query all the caches before querying the Data ProvidersAn error occurred, but no description can be found.An open file descriptor for the debug logsArchiving log files into %s... Attribute indicating that server side password policies are activeAttribute listing authorized PAM servicesAttribute listing authorized server hostsAttribute listing authorized server rhostsAttribute with the name of the viewAttribute with the reference to the original objectAuthenticated with cached credentialsAuthentication is denied until: Authentication providerAuthentication timeoutAutofs providerAutomatic full refresh periodAutomatic smart refresh periodAutomounter map entry key attributeAutomounter map entry value attributeAutomounter map name attributeBase DN for automounter map lookupsBase DN for group lookupsBase DN for netgroup lookupsBase DN for service lookupsBase DN for sudo rules lookupsBase DN for user lookupsBase for home directoriesBecome a daemon (default)Cache credentials for offline loginCache entry creation dateCache entry expiration timeCache entry last update timeCached in InfoPipeCannot create user's home directory: %1$s Cannot create user's mail spool: %1$s Cannot determine if the user was logged in on this platformCannot find group %1$s in local domain Cannot find group %1$s in local domain, only groups in local domain are allowed Cannot find group in local domain, modifying groups is allowed only in local domain Cannot find user in local domain, modifying users is allowed only in local domain Cannot get info about the user Cannot remove homedir: %1$s Cannot reset SELinux login context Cannot set SELinux login context Cannot set default values Check that SSSD is running and the InfoPipe responder is enabled. Make sure 'ifp' is listed in the 'services' option in sssd.conf. Comma separated list of allowed usersComma separated list of prohibited usersCommand to start serviceControl enumeration of trusted domainsCould not allocate ID for the group - domain full? Could not allocate ID for the user - domain full? Could not modify group - check if groupname is correct Could not modify group - check if member group names are correct Could not modify user - check if group names are correct Could not modify user - user already member of groups? Could not open available domains Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. Couldn't invalidate %1$s Couldn't invalidate %1$s %2$s Create clean cache files and import local dataCreate user's directory if it does not existCreating backup of local data... Current Password: DN for ppolicy queriesDNS service name for LDAP password change serverDebug levelDefault logon right (or permit/deny) to use for unmapped PAM service namesDefault shell, /bin/bashDefault subdomain homedir valueDelete an attribute/value pair. The format is attrname=value.Delete log files instead of truncatingDeleting log files... Directory on the filesystem where SSSD should store Kerberos replay cache files.Directory to store credential cachesDisable Active Directory range retrievalDisable netlink interfaceDisable the LDAP paging controlDiscovered %s servers: Display users/groups in fully-qualified formDo not remove home directory and mail spoolDomain of the information provider (mandatory)Domain to add to names without a domain component.Don't include group members in group lookupsEnable DNS sites - location based service discoveryEnable credential validationEnable enumerating all users/groupsEnable or disable the implicit files domainEnabled Active Directory domainsEnables FASTEnables enterprise principalsEnables principal canonicalizationEntry cache background update timeout length (seconds)Entry cache timeout length (seconds)Enumeration cache timeout length (seconds)Error initializing the tools Error initializing the tools - no local domain Error looking up public keys Error setting the locale Error while checking if the user was logged in Error while executing external command Error: Unable to get object [%d]: %s FAST options ('never', 'try', 'demand')File %1$s does not exist. SSSD will use default configuration with files provider. File ownership and permissions check failed. Expected root:root and 0600. File that contains CA certificatesFile that contains the client certificateFile that contains the client keyFiles negative cache timeout length (seconds)Filter PAM responses sent to the pam_sssFilter for user lookupsFirst Factor (Current Password): First Factor: Follow LDAP referralsForce removal of files not owned by the userFull NameGECOS attributeGID attributeGroup %1$s is outside the defined ID range for domain Group UUID attributeGroup member attributeGroup nameGroup passwordGroupsGroups must be in the same domain as user Groups that SSSD should explicitly ignoreGroups to add this group toGroups to add this user toGroups to remove this group fromGroups to remove this user fromHome directoryHome directory attributeHost identity providerHost not specified Hostnames and/or fully qualified domain names of this machine to filter sudo rulesHow long (minutes) to deny login after offline_failed_login_attempts has been reachedHow long can cached credentials be used for cached authenticationHow long the PAC data is considered validHow long to allow cached logins between online logins (days)How long to keep cached entries after last successful login (days)How long to retain a connection to the LDAP server before disconnectingHow long to wait for replies from DNS when resolving servers (seconds)How long will be in-memory cache records validHow many days before password expiration a warning should be displayedHow many failed logins attempts are allowed when offlineHow many maximum entries to fetch during a wildcard requestHow many seconds to keep a host in the known_hosts file after its host keys were requestedHow many seconds to keep identity information cached for PAM requestsHow many seconds will pam_sss wait for p11_child to finishHow often should expired entries be refreshed in backgroundHow often should subdomains list be refreshedHow often to periodically update the client's DNS entryHow to dereference aliasesIPA client hostnameIPA domainIPA server addressIPv4 or IPv6 addresses or network of this machine to filter sudo rulesIdentity providerIdle time before automatic disconnection of a clientIdle time before automatic shutdown of the responderIf a shell stored in central directory is allowed but not available, use this fallbackIf false peer's certificate may contain different hostname than proxy_url when https protocol is usedIf set to false, host argument given by PAM will be ignoredIf true peer's certificate is verified if proxy_url uses https protocolIf true, SSSD will switch back to lower-wins ordering logicInclude microseconds in timestamps in debug logsInclude timestamps in debug logsInfoPipe User lookup with [%s] failed. Informs that the responder has been dbus-activatedInforms that the responder has been socket-activatedInitgroups expiration timeInternal error while parsing parameters Internal error. Could not print group. Internal error. Could not remove group. Internal error. Could not remove user. Invalid domain specified in FQDN Invalid input, please provide either '%s' or '%s'. Invalid port Invalid result.Invalidate all SSH hostsInvalidate all autofs mapsInvalidate all cached entriesInvalidate all cached sudo rulesInvalidate all groupsInvalidate all netgroupsInvalidate all servicesInvalidate all usersInvalidate particular SSH hostInvalidate particular autofs mapInvalidate particular groupInvalidate particular netgroupInvalidate particular serviceInvalidate particular sudo ruleInvalidate particular userIssues identified by validators: %zu Kerberos backup server addressKerberos realmKerberos realm to useKerberos server addressKerberos service keytabKill users' processes before removing himLDAP filter to determine access privilegesLength of time between attempts to reconnect while offlineLength of time between cache cleanupsLength of time between enumeration updatesLength of time to attempt connectionLength of time to attempt synchronous LDAP operationsLength of time to wait for a enumeration requestLength of time to wait for a search requestLifetime of TGT for LDAP connectionLifetime of the TGTList of UIDs or user names allowed to access the InfoPipe responderList of UIDs or user names allowed to access the PAC responderList of domains accessible even for untrusted users.List of options that should be inherited into a subdomainList of possible ciphers suitesList of trusted uids or user's nameList of user attributes the InfoPipe is allowed to publishList of user attributes the NSS responder is allowed to publishLocation of the keytab to validate credentialsLocation of the user's credential cacheLock the accountLogin shellLower bound for ID-mappingMagic Private Maximum age in days before the machine account password should be renewedMaximum nesting level SSSD will followMaximum number of rules that can be refreshed at once. If this is exceeded, full refresh is performed.Maximum user IDMember groups must be in the same domain as parent group Message printed when user account is expired.Message printed when user account is locked.Messages generated during configuration merging: %zu Minimum user IDMode used to change user passwordModification time attributeModification time attribute for groupsModification time attribute for netgroupsNSS request failed (%1$d). Entry might remain in memory cache. NameName '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) Name of attribute that is used as object class for sudo rulesName of the default domain for ID-mappingNegative cache timeout length (seconds)Netgroup nameNetgroup triple attributeNetgroups members attributeNever create user's directory, overrides configNew Password: No cache object matched the specified search No such group in local domain. Printing groups only allowed in local domain. No such group in local domain. Removing groups only allowed in local domain. No such user in local domain. Removing users only allowed in local domain. None so far. Not enough memory Not removing home dir - not owned by user Number of IDs for each slice when ID-mappingNumber of secondary slicesNumber of times to attempt connection to Data ProvidersObject class for automounter map entriesObject class for automounter mapsObject class for sudo rulesObjectclass for group override objectsObjectclass for groupsObjectclass for netgroupsObjectclass for override objectsObjectclass for servicesObjectclass for user override objectsObjectclass for usersObjectclass for view containersOfflineOnlineOnline status: %s Only invalidate entries from a particular domainOperation mode for GPO-based access controlOption for tuning the machine account renewal taskOut of memory Out of memory!Out of memory! Override GID value from the identity provider with this valueOverride existing backupOverride homedir value from the identity provider with this valueOverride shell value from the identity provider with this valueOverride the DNS server used to perform the DNS updatePAM Environment: PAM action [auth|acct|setc|chau|open|clos], default: PAM service names for which GPO-based access is always deniedPAM service names for which GPO-based access is always grantedPAM service names that map to the GPO (Deny)BatchLogonRight policy settingsPAM service names that map to the GPO (Deny)InteractiveLogonRight policy settingsPAM service names that map to the GPO (Deny)NetworkLogonRight policy settingsPAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight policy settingsPAM service names that map to the GPO (Deny)ServiceLogonRight policy settingsPAM service, default: PAM stack to usePassword change failed. Password change providerPassword expired. Change your password now.Password reset by root is not supported.Password: Passwords do not matchPath of group file sources.Path of passwd file sources.Path to CA certificate directoryPath to certificate database with PKCS#11 modules.Path to directory where certificate authority certificates are storedPath to file containing client's certificatePath to file containing client's private keyPath to file containing server's CA certificatePath to storage of trusted CA certificatesPermission denied. Please select at least one object to invalidate Policy to evaluate the password expirationPrimary GID attributePrint indirect group members recursivelyPrint the host ssh public keysPrint version number and exitPrintf-compatible format for displaying fully-qualified namesPrivileged socket has wrong ownership or permissions.Public socket has wrong ownership or permissions.Reenter new Password: Refresh the configuration database, then exitRegex to parse username and domainRemove home directory and mail spoolRemoving cache files... Renewable lifetime of the TGTRequested lifetime of the ticketRequested renewable lifetime of the ticketRequests canonicalization of the principal nameRequire TLS certificate verificationRequire TLS for ID lookupsRestart SSSD after data importRestoring local data... Restrict or prefer a specific address family when performing DNS lookupsRun interactive (not a daemon)SELinux providerSID of the default domain for ID-mappingSSH public key attributeSSSD Domains to startSSSD InfoPipe user lookup result: SSSD Services to startSSSD backup of local data already exists, override?SSSD is already running SSSD is not run by root.SSSD must not be running. Stop SSSD now?SSSD needs to be restarted. Restart SSSD now?SSSD needs to be running. Start SSSD now?SSSD nss user lookup result: SUDO providerScope of user lookupsSearch base for Desktop Profile related objectsSearch base for HBAC related objectsSearch base for object containing info about IPA domainSearch base for objects containing info about ID rangesSearch base for view containersSearch by SIDSearch by group IDSearch by user IDSecond Factor (optional): Second Factor: Selects the principal to use for FASTSend the debug output to stderr directly.Server message: Server where the change password service is running if not on the KDCService name attributeService name for DNS service lookupsService port attributeService protocol attributeSession management providerSet an attribute to a name/value pair. The format is attrname=value. For multi-valued attributes, the command replaces the values already presentSet lower boundary for allowed IDs from the LDAP serverSet the verbosity of the debug loggingSet upper boundary for allowed IDs from the LDAP serverShell attributeShell to use if the provider does not list oneShould filtered users appear in groupsShow domain list including primary or trusted domain typeShow information about active serverShow list of discovered serversShow online statusShow timestamps with microsecondsSpecifies the server principal to use for FASTSpecify a non-default config fileSpecify an alternative skeleton directorySpecify debug level you want to setSpecify domain name.Specify group to add Specify group to add to Specify group to delete Specify group to modify Specify group to remove from Specify group to show Specify name.Specify the attribute name/value pair(s) Specify the maximal SSF for LDAP sasl authorizationSpecify the minimal SSF for LDAP sasl authorizationSpecify the sasl authorization id to useSpecify the sasl authorization realm to useSpecify the sasl mechanism to useSpecify user name.Specify user to add Specify user to delete Specify user to modify Start SSSD if it is not runningStart SSSD when the cache is removedStop SSSD before removing the cacheStore password hashesStore password if offline for later online authenticationSubstitute empty homedir value from the identity provider with this valueSudo rule command attributeSudo rule host attributeSudo rule nameSudo rule notafter attributeSudo rule notbefore attributeSudo rule option attributeSudo rule order attributeSudo rule runas attributeSudo rule runasgroup attributeSudo rule runasuser attributeSudo rule user attributeSystem is offline, password change not possibleThe GID of the groupThe GID of the userThe LDAP group external member attributeThe SELinux user for user's loginThe SSSD domain to useThe Schema Type in use on the LDAP server, rfc2307The TTL to apply to the client's DNS entry after updating itThe UID of the userThe URL Custodia server is listening onThe amount of time between lookups of the GPO policy files against the AD serverThe amount of time between lookups of the HBAC rules against the IPA serverThe amount of time in minutes between lookups of Desktop Profiles rules against the IPA server when the last request did not find any ruleThe amount of time in seconds between lookups of the Desktop Profile rules against the IPA serverThe amount of time in seconds between lookups of the SELinux maps against the IPA serverThe authentication token of the default bind DNThe automounter location this IPA client is usingThe comment stringThe debug level to run withThe default base DNThe default bind DNThe domain part of service discovery DNS queryThe group ID to run the server asThe group to create FAST ccache asThe interface whose IP should be used for dynamic DNS updatesThe list of shells that will be vetoed, and replaced with the fallback shellThe list of shells users are allowed to log in withThe list of the headers to forward to the Custodia server together with the requestThe maximum allowed number of nested containersThe maximum number of secrets that can be storedThe maximum number of secrets that can be stored per UIDThe maximum payload size of a secret in kilobytesThe method to use when authenticating to a Custodia serverThe name of the NSS library to useThe name of the headers that will be added into a HTTP request with the value defined in auth_header_valueThe number of file descriptors that may be opened by this responderThe number of members that must be missing to trigger a full derefThe number of preforked proxy children.The number of records to retrieve in a single LDAP queryThe password to use when authenticating to a Custodia server using basic_authThe path to the proxy command must be absolute The port to use to connect to the hostThe post-delete command failed: %1$s The provider where the secrets will be stored inThe selected GID is outside the allowed range The selected UID is outside the allowed range The type of the authentication token of the default bind DNThe user ID to run the server asThe user to create FAST ccache asThe user to drop privileges toThe username to use when authenticating to a Custodia server using basic_authThe value of the password field the NSS provider should returnThe value sssd-secrets would use for auth_header_nameTime between two checks for renewalTimeout for messages sent over the SBUSTransaction error. Could not add group. Transaction error. Could not add user. Transaction error. Could not modify group. Transaction error. Could not modify user. Treat usernames as case sensitiveTruncating log files... Tune certificate verificationTune sssd to honor or ignore netlink state changesType of the group and other flagsUID attributeURI of a backup LDAP server where password changes are allowedURI of an LDAP server where password changes are allowedUUID attributeUnable to archive log files Unable to connect to the InfoPipeUnable to create backup directory [%d]: %sUnable to create backup of local data, can not remove the cache. Unable to export group overrides Unable to export user overrides Unable to get online status Unable to get server list Unable to get user name attrUnable to get user objectUnable to import group overrides Unable to import user overrides Unable to parse name %s. Unable to read user input Unable to remove cache files Unable to remove log files Unable to truncate log files Unexpected argument(s) provided, options that invalidate a single object only accept a single provided argument. Unexpected error while looking for an error descriptionUnexpected format of the server credential message.Unlock the accountUpper bound for ID-mappingUse ID-mapping of objectSID instead of pre-set IDsUse Kerberos auth for LDAP connectionUse LDAPS port for LDAP and Global Catalog requestsUse LDAP_MATCHING_RULE_IN_CHAIN for group lookupsUse LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookupsUse autorid-compatible algorithm for ID-mappingUse custom version of krb5_get_init_creds_passwordUse only the upper case for realm namesUsed configuration snippet files: %u User %1$s is outside the defined ID range for domain User name lookup with [%s] failed. User not specified User principal attribute (for Kerberos)User's home directory already exists, not copying data from skeldir Username attributeUsers that SSSD should explicitly ignoreWARNING: The user (uid %1$lu) was still logged in when deleted. Watchdog timeout before restarting serviceWhat kind of authentication should be used to perform the DNS updateWhat kind of messages are displayed to the user during authenticationWhere to drop krb5 config snippetsWhether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bindWhether the domain is usable by the OS or by applicationsWhether the nsupdate utility should default to using TCPWhether the provider should explicitly update the PTR record as wellWhether to automatically create private groups for usersWhether to automatically update the client's DNS entryWhether to automatically update the client's DNS entry in FreeIPAWhether to create kdcinfo filesWhether to evaluate the time-based attributes in sudo rulesWhether to filter rules by hostname, IP addresses and networkWhether to hash host names and addresses in the known_hosts fileWhether to include rules that contains netgroup in host attributeWhether to include rules that contains regular expression in host attributeWhether to look up canonical group name from cache if possibleWhether to update the ldap_user_shadow_last_change attribute after a password changeWhether to use Token-GroupsWhether to use the Global Catalog for lookupsWhich PAM services are permitted to contact application domainsWhich attributes shall be used to evaluate if an account is expiredWhich rules should be used to evaluate access controlWrite debug messages to logfilesYour password has expired. You have %1$d grace login(s) remaining.Your password will expire in %1$d %2$s.a particular site to be used by the clientaccountExpires attribute of ADattribute containing the X509 certificate of the userattribute containing the email address of the userattribute listing allowed authentication types for a userdlopen failed with [%s]. dlsym failed with [%s]. entryUSN attributeerrorkrbLastPwdChange attributekrbPasswordExpiration attributelastUSN attributeldap_backup_uri, The URI of the LDAP serverldap_uri, The URI of the LDAP serverloginAllowedTimeMap attribute of NDSloginDisabled attribute of NDSloginExpirationTime attribute of NDSmalloc failed. memberOf attributenonot connectednsAccountLock attributeobjectSID attributepam_acct_mgmt: %s pam_authenticate for user [%s]: %s pam_chauthtok: %s pam_close_session: %s pam_get_item failed: %s pam_open_session: %s pam_setcred: [%s] pam_start failed: %s shadowExpire attributeshadowFlag attributeshadowInactive attributeshadowLastChange attributeshadowMax attributeshadowMin attributeshadowWarning attributesss_getpwnam_r failed with [%d]. sss_ssh_knownhostsproxy: Could not resolve hostname %s testing pam_acct_mgmt testing pam_authenticate testing pam_chauthtok testing pam_close_session testing pam_open_session testing pam_setcred unknown action user: %s action: %s service: %s userAccountControl attribute of ADyesProject-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2020-03-17 13:40+0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PO-Revision-Date: 2020-05-18 01:08+0000 Last-Translator: Copied by Zanata Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/language/zh_CN/) Language: zh_CN Plural-Forms: nplurals=1; plural=0; X-Generator: Zanata 4.6.2 %1$sIs 一个成员: %1$sMember 组: %s 没有存在于缓存中。 - gecos: %s - 组 id: %d - 家目录 : %s -没有环境- - shell: %s - 用户 id: %d - 用户名 : %s %1$s 必须以 root 运行 %1$s%2$sGroup: %3$s %1$sGID 号:%2$d %1$sMember 用户:%s: 无法读取值 [%d]: %s ,您缓存的密码将过期于: 具有相同名称或 GID 的组已经存在 要与用户条目一起下载的其他属性的列表从用户名到 Kerberos 主体名称的映射要查询的域的特定顺序具有相同名称或 ID 的用户或组已经存在 访问控制提供者没动目录备份服务器地址活动目录客户端主机名活动目录域用于 ID 映射的活动目录的主组属性没动目录服务器地址活动服务器: 添加一个属性/值对。格式为 attrname=value。添加调试时间戳IPA 备份服务器地址更改 OTP 密码后,您需要注销并重新登录以获得票证组或用户名中的所有空格都将替换为该字符允许基于证书/智能卡的身份验证。允许服务使用智能卡在查询 Data Providers 之前,始终查询所有缓存发生错误,但找不到描述信息。调试日志的打开文件描述符将日志文件归档到 %s ... 用来指示服务器端密码策略处于活动状态的属性列出授权的 PAM 服务的属性列出授权的服务器主机的属性列出授权的服务器 rhost 的属性具有视图名称的属性带有到原始对象参考的属性通过缓存的凭据进行身份验证身份验证被拒绝,直到: 身份验证提供者验证超时Autofs 提供者自动完整刷新周期自动智能刷新周期自动挂载器映射条目键的属性自动挂载器映射条目值的属性自动挂载器映射名称属性自动挂载程序映射查找的基本 DN组查找的基本 DNnetgroup 查找的基本 DN服务查找的基本 DNsudo 规则查找的基本DN用户查找的基本 DN家目录的基础成为守护进程(默认)为脱机登录缓存凭据缓存条目创建日期缓存条目过期的时间缓存条目最新更新的时间在 InfoPipe 中缓存无法创建用户的家目录:%1$s 无法创建用户的邮件 spool: %1$s 无法确定用户是否已在此平台上登录无法在本的域中找到组 %1$s 无法在本地域中找到组 %1$s,只允许在本地域中的组 在本地域中找不到组,仅允许在本地域中修改组 在本地域中找不到用户,仅允许在本地域中修改用户 无法获得用户的信息 无法删除主目录:%1$s 无法重新设置 SELinux 登录上下文 无法设置 SELinux 登录上下文 无法设置默认值 检查 SSSD 是否正在运行,并且 InfoPipe 响应器已启用。确保 sssd.conf 的 'services' 选项中列出了 'ifp'。 以逗号分隔的允许的用户列表以逗号分隔的不允许的用户列表启动服务命令信任域的控制枚举无法为组分配 ID - 域已满? 无法为用户分配 ID - 域已满? 无法修改组 - 检查组名是否正确 无法修改组 - 检查成员组名称是否正确 无法修改用户 - 检查组名称是否正确 无法修改用户 - 用户是否已是组成员? 无法打开可用域 无法打开域 %1$s 。如果域是子域(受信任的域),请使用完全限定名而不是 --domain/-d 参数。 无法使 %1$s 无效 无法使 %1$s %2$s 无效 创建干净的缓存文件并导入本地数据创建用户目录(如果不存在)正在创建本地数据备份... 当前密码:ppolicy 查询的 DNLDAP 密码更改服务器的 DNS 服务名称调试级别用于未映射的 PAM 服务名称的默认登录权(或允许/拒绝)默认 shell、/bin/bash默认子域 homedir 值删除一个属性/值对。格式为 attrname=value。删除日志文件而不是截断删除日志文件... SSSD 应该在其中存储 Kerberos 重放缓存文件的文件系统上的目录。存储凭证缓存的目录禁用 Active Directory 范围检索禁用 netlink 接口禁用 LDAP 分页控制发现的 %s 服务器: 以完全限定的形式显示用户/组不删除主目录和邮件假脱机信息提供者的域(强制)要添加到名称中的域,没有域组件。在组查询中不包括的组成员启用 DNS 站点 - 基于位置的服务发现启用凭证验证启用枚举所有用户/组启用或禁用隐式文件域启用活动目录域启用 FAST启用企业主体启用主体规范化条目缓存后台更新超时时间(秒)输入缓存超时时间(秒)枚举缓存超时时间(秒)初始化工具出错。 初始化工具时出错 - 没有本地域 查找公钥时出错 地区设置错误 检查用户是否登录时出错 执行外部命令时出错 错误:无法获得对象 [%d]: %s FAST 选项('never'、'try'、'demand')文件%1$s 不存在。 SSSD 将使用文件提供程序的默认配置。 文件所有权和权限检查失败。预期的是 root:root 和 0600。 包含 CA 证书的文件包含客户端 CA 证书的文件包含客户端密钥的文件文件负缓存超时时间(秒)过滤发送到 pam_sss 的 PAM 响应用户查找过滤第一因素(当前密码): 第一因素: 遵循 LDAP 引用用户不允许强制删除文件全称GECOS 属性GID 属性组 %1$s 在域的定义 ID 范围之外 组 UUID 属性组成员属性组名称组密码组组必须与用户在同一域中 SSSD 应该明确忽略的组把这个组添加到的组这个用户加入的组要从中删除该组的组要从中删除该用户的组家目录家目录属性主机身份提供者未指定主机 本机的主机名和/或限定域名,用于过滤 sudo 规则当达到 offline_failed_login_attempts 之后多长时间要拒绝登录(以分钟为单位)可以使用缓存凭证用于缓存身份验证的时间PAC 数据被视为有效的时间长度在线登录间隔多长时间内允许使用缓存的登录(以天为单位)上次成功登录后保留缓存条目的时间(天)断开连接前与 LDAP 服务器保持连接的时间解析服务器时等待 DNS 回复的时间(秒)内存缓存记录有效期的长度在密码过期前几天应显示警告信息离线时允许多少次失败的登录尝试在通配符请求期间要提取多少个最大条目当请求了它的主机密钥后,将主机保留在 known_hosts 文件中的时间(以秒为单位)为 PAM 请求保留多长时间的身份信息缓存(以秒为单位)pam_sss 等待 p11_child 完成的时间(以秒为单位)过期条目应在后台刷新的频率子域列表应该多久刷新一次定期更新客户端的 DNS 条目的频率如何取消引用别名IPA 客户端主机名IPA 域IPA 服务器地址IPv4 或 IPv6 地址或本机器的网络,用于过滤 sudo 规则身份提供者客户端自动断开连接之前的空闲时间自动关闭响应者之前的空闲时间如果允许使用存储在中央目录中的 shell 但并不存在,使用这个后备使用 https 协议时,错误的对等方证书的主机名可能与 proxy_url 不同如果设置为 false,PAM 提供的主机参数将被忽略如果 proxy_url 使用 https 协议,是否验证真实的对等方的证书如果为 true,SSSD 将切换回 lower-wins ordering 逻辑在调试日志中的时间戳中包含微秒在调试日志中包含时间戳使用 [%s] 进行 InfoPipe 用户查找失败。 通知响应者已被 dbus 激活通知响应者已被套接字激活Initgroups 过期时间解析参数时发生内部错误 内部错误。无法打印组。 内部错误。无法删除组。 内部错误。无法删除用户。 FQDN 中指定的域无效 无效输入,请提供 '%s' 或 '%s'。 无效端口 结果无效。使所有 SSH 主机无效使所有 autofs 映射无效使所有缓存的条目无效使所有缓存的 sudo 规则无效使所有组无效使所有 netgroup 无效使所有服务无效使所有用户无效使特定 SSH 主机无效使特定 autofs 映射无效使特定组无效使特定 netgroup 无效使特定服务无效使特定 sudo 规则无效使特定用户无效验证者发现了问题: %zu Kerberos 备份服务器地址Kerberos realm使用的 kerberos realmKerberos 服务器地址Kerberos服务密钥表在删除用户前终止用户的进程用于决定访问权限 的 LDAP 过滤器离线时尝试重新连接的时间间隔两次缓存清除之间的时间长度枚举更新之间的时间长度尝试连接的时间长度尝试同步 LDAP 操作的时间长度等待枚举请求的时间长度等待搜索请求的时间长度TGT 的 LDAP 连接生命周期TGT 的寿命允许访问 InfoPipe 响应者的 UID 或用户名列表允许访问 PAC 响应者的 UID 或用户名列表即使不受信任的用户也可以访问的域列表。应该被继承到子域中的选项列表可能的加密套件列表受信任的 uid 或用户名列表允许 InfoPipe 发布的用户属性列表NSS 响应者可以发布的用户属性列表用于验证凭据的密钥表的位置用户凭证缓存的位置锁定账户登陆 shellID 映射的下限Magic Private 机器帐户密码需要续订的最长期限(天)将遵循的最大嵌套级别 SSSD一次可以刷新的最大规则数。如果超出此范围,则执行完全刷新。最大用户 ID成员组必须与父组在同一域中 当用户帐户过期时显示的消息。当用户帐户被锁住时显示的消息。配置合并期间生成的消息: %zu 最小用户 ID用来修改用户密码的模式修改时间属性组的修改时间属性netgroup 的修改时间属性NSS 请求失败(%1$d)。条目可能保留在内存缓存中。 名称名称 '%1$s' 似乎不是 FQDN(设置了 '%2$s =TRUE‘) 用作 sudo 规则的对象类的属性名称用于 ID 映射的默认域的名称负缓存超时时间(秒)Netgroup 名Netgroup triple 属性Netgroups 成员属性不创建用户目录,覆盖配置新密码:没有符合指定搜索条件的缓存对象 本地域中没有这样的组。只在本地域中允许打印组。 本地域中没有这样的组。只在本地域中允许删除组。 本地域中没有这样的用户。只在本地域中允许删除用户。 到目前为止没有。 内存不足 没有删除主目录 - 不归用户所有 ID 映射时每个片的 ID 数次要切片数试图连接到 Data Providers 的次数自动挂载器映射条目的对象类自动挂载器映射的对象类sudo 规则的对象类组覆盖对象的对象类组的对象类netgroup 的对象类覆盖对象的对象类服务的对象类用户覆盖对象的对象类用户的对象类查看容器的对象类离线在线在线状态: %s 使来自特定域的项无效基于 GPO 的访问控制的操作模式用于调整机器帐户续订任务的选项无可用内存 无可用的内存!无可用的内存! 使用此值覆盖来自身份提供者的 GID 值覆盖现有的备份使用此值覆盖来自身份提供者的 homedir 值使用此值覆盖来自身份提供者的 shell 值覆盖用于执行 DNS 更新的 DNS 服务器PAM 环境: PAM 操作 [auth|acct|setc|chau|open|clos],默认:基于 GPO 的访问始终会被拒绝的 PAM 服务名称基于 GPO 的访问始终会被授予的 PAM 服务名称映射到 GPO (Deny)BatchLogonRight 策略设置的 PAM 服务名称映射到 GPO (Deny)InteractiveLogonRight 策略设置的 PAM 服务名称映射到 GPO (Deny)NetworkLogonRight 策略设置的 PAM 服务名称映射到 GPO (Deny)RemoteInteractiveLogonRight 策略设置的 PAM 服务名称映射到 GPO (Deny)ServiceLogonRight 策略设置的 PAM 服务名称PAM 服务,默认:使用的 PAM 堆栈更改密码失败。密码改变提供者密码已过期。立即更改密码。不支持通过 root 重置密码。密码:密码不匹配group 文件源的路径。passwd 文件源的路径。CA 证书目录的路径带有 PKCS#11 模块的证书数据库的路径。证书颁发机构证书存储目录的路径包含客户端证书的文件的路径包含客户端私钥的文件的路径包含服务器 CA 证书的文件的路径到可信 CA 证书存储的路径权限被拒绝。请选择至少一个对象以使其无效 评估密码有效期的策略主 GID 属性递归打印间接组成员打印主机 ssh 公钥显示版本号并退出兼容 Printf 的格式用于显示完全限定名称特权套接字有错误的所有权或权限。公共套接字有错误的所有权或权限。重新输入新密码:刷新配置数据库,然后退出正则表达式解析用户名和域删除主目录和邮件假脱机删除缓存文件... TGT 的可更新寿命要求的票证寿命要求的可续约票证寿命要求规范化主体名称调整 TLS 证书验证需要 TLS 进行 ID 查找数据导入后重新启动 SSSD恢复本地数据... 执行 DNS 查找时限制或首选使用特定的地址系列交互式运行(不是守护程序)SELinux 提供者用于 ID 映射的默认域的 SIDSSH 公钥属性SSSD 域启动SSSD InfoPipe 用户查找结果: SSSD 服务启动SSSD 本地数据备份已经存在,可以覆盖吗?SSSD 已运行 SSSD 没有由 root 运行。SSSD 不能运行。现在停止 SSSD?需要重新运行 SSSD。现在重新运行 SSSD?需要运行 SSSD。现在启动 SSSD?SSSD nss 用户查找结果: SUDO 提供者用户查找范围Desktop Profile 相关对象的搜索基础HBAC 相关对象的搜索基础搜索包含有关 IPA 域信息的对象的搜索基础搜索包含有关 ID 范围信息的对象的搜索基础查看容器的搜索基础使用 SID 搜索使用组 ID 搜索使用用户 ID 搜索第二因素(可选): 第二因素: 选择用于 FAST 的主体将调试直接输出到 stderr。服务器消息: 如果不在 KDC 上,运行更改密码服务的服务器服务名属性DNS 服务查找的服务名称服务端口属性服务协议属性会话管理提供者将属性设置为名称/值对。格式为 attrname=value。对于多值属性,替换值的命令已存在。设置 LDAP 服务器允许的 ID 的下边界设定调试日志记录等级设置 LDAP 服务器允许的 ID 的上边界Shell 属性如果提供程序未列出,则使用这个 shell出现在组中的应将过滤的用户显示域列表,包括主要或受信任的域类型显示有关活动服务器的信息显示发现的服务器列表显示在线状态显示时间戳(以微秒为单位)指定用于 FAST 的服务器主体指定一个非默认的配置文件指定一个备用的 skeleton 目录指定要设置的调试级别指定域名。指定添加的组 指定添加到的组 指定删除的组 指定修改的组 指定要从中删除的组 指定显示的组 指定名称。指定属性名称/值对 为 LDAP sasl 授权指定最大的 SSF为 LDAP sasl 授权指定最小的 SSF指定要使用的 sasl 授权 ID指定要使用的 sasl 授权 realm指定要使用的 sasl 机制指定用户名。指定要添加的用户 指定删除的用户 指定要修改的用户 如果未运行,启动 SSSD删除缓存后启动 SSSD在删除缓存之前停止 SSSD存储密码哈希离线时存储密码,以便以后进行在线身份验证使用此值替换来自身份提供者的空的 homedir 值sudo 规则命令属性sudo 规则主机属性sudo 规则名sudo 规则 notafter 属性sudo 规则 notbefore 属性sudo 规则选项属性sudo 规则顺序属性sudo 规则 runas 属性sudo 规则 runasgroup 属性sudo 规则 runasuser 属性sudo 规则用户属性系统离线,无法更改密码组的 GID用户的 GIDLDAP 组外部成员属性用于用户登录的 SELinux用户要使用的 SSSD 域LDAP 服务器上使用的 Schema Type,rfc2307更新后应用于客户端 DNS 条目的TTL用户的 UID正在侦听的 URL Custodia 服务器针对 IPA 服务器查找 GPO 策略文件之间的时间间隔针对 IPA 服务器查找 HBAC 规则之间的时间间隔当最后一个请求未找到任何规则时,针对 IPA 服务器的Desktop Profiles 规则查找之间的时间间隔(以分钟为单位)针对 IPA 服务器查找 Desktop Profile 规则之间的时间间隔针对 IPA 服务器查找 SELinux 映射之间的时间间隔默认绑定 DN 的身份验证令牌此 IPA 客户端使用的自动挂载器的位置注释字符串要运行的调试级别默认基本 DN默认绑定 DN服务发现 DNS 查询的域部分运行服务器的组 ID组创建 FAST 缓存为应该用于动态 DNS 更新的接口的 IP 地址将被否决并替换为后备 shell 的 shell 列表允许进行登陆的 shell 用户列表与请求一起转发到 Custodia 服务器的标头列表允许嵌套的最大容器数量可以存储的最大 secret 数量每个 UID 可以存储的最大 secret 数量一个 secret 的最大有效负载的大小(以千字节为单位)当向 Custodia 服务器进行身份验证时使用的方法使用的 NSS 库的名称将使用 auth_header_value 中定义的值添加到 HTTP 请求中的标头名称可能会被该响应者打开的文件描述符的数量触发完全取消引用请最少需要缺少的成员数预分支代理子代的数量。单个 LDAP 查询中要检索的记录数当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的密码到 proxy 命令的路径必须是绝对路径 用于连接主机的端口后删除命令失败: %1$s 存储 secret 的提供者所选的 GID 超出了允许范围 所选的 UID 超出了允许范围 默认绑定 DN 的身份验证令牌的类型运行服务器的用户 ID用户创建 FAST 缓存为放弃特权的用户当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的用户名NSS 提供程序应返回的密码字段的值用于 auth_header_name 的 sssd-secrets 值两次更新检查之间的间隔时间通过 SBUS 发送的消息超时交易错误。无法添加组。 交易错误。无法添加用户。 交易错误。无法修改组。 交易错误。无法修改用户。 用户名区分大小写截断日志文件... 调整证书验证调整 sssd 来接受或忽略 netlink 状态更改组的类型和其他标志UID 属性允许更改密码的备份 LDAP 服务器的 URI允许更改密码的 LDAP 服务器的 URIUUID 属性无法归档日志文件 无法连接至 InfoPipe无法创建备份目录 [%d]: %s无法创建本地数据备份,无法删除缓存。 无法导出组覆盖 无法导出用户覆盖 无法获得在线状态 无法获取服务器列表 无法获得用户名属性无法获得用户对象无法导入组覆盖 无法导入用户覆盖 无法解析名称 %s 。 无法读取用户输入 无法删除缓存文件 无法删除日志文件 无法截断日志文件 提供了意外的参数,使单个对象无效的选项仅接受单个参数。 查找错误说明时出现意外错误服务器凭证消息的格式异常。解锁账户ID 映射的上限使用 objectSID 的 ID 映射而不是预设的 ID使用 Kerberos 身份验证进行 LDAP 连接将 LDAPS 端口用于 LDAP 和 Global Catalog 请求使用 LDAP_MATCHING_RULE_IN_CHAIN 进行组查找使用 LDAP_MATCHING_RULE_IN_CHAIN 进行 initgroup 查找使用与 autorid 兼容的算法进行 ID 映射使用自定义版本的 krb5_get_init_creds_passwordrealm 名称仅使用大写字母所使用的配置摘要文件: %u 用户 %1$s 在域的定义 ID 范围之外 使用 [%s] 进行用户名查找失败。 未指定用户 用户主体属性(用于 Kerberos)用户的家目录已存在,无法从 skeldir 复制数据 用户名属性SSSD 应该明确忽略的用户警告:用户(uid %1$lu )在删除后仍处于登录状态。 重新启动服务前 Watchdog 超时在执行 DNS 更新时应该使用哪种身份验证在身份验证期间向用户显示什么信息在哪里放置 krb5 配置片段在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化主机名域是否可以被 OS 或应用程序使用nsupdate 实用程序是否应默认使用 TCP提供者是否应该明确更新 PTR 记录是否自动为用户创建私人组是否自动更新客户端的 DNS 条目是否在 FreeIPA 中自动更新客户端的 DNS 条目是否创建 kdcinfo 文件是否在 sudo 规则中评估基于时间的属性是否按主机名,IP地址和网络过滤规则在 known_hosts 文件中是否对主机名和地址进行哈希处理是否在主机属性中包含带有 netgroup 的规则是否在主机属性中包含带有正则表达式的规则如果可能,是否从缓存中查找规范的组名更改密码后是否更新 ldap_user_shadow_last_change 属性是否使用令牌组是否使用 Global Catalog 进行查找允许哪些 PAM 服务联系应用程序域应使用哪些属性来评估帐户是否过期应该使用哪些规则来评估访问控制写入调试信息到日志文件您的密码已过期。您有 %1$d 剩余宽限登陆。您的密码将于 %1$d %2$s 过期。客户要使用的特定站点AD 的 accountExpires 属性包含用户的 X509 证书的属性包含用户电子邮件地址的属性列出用户允许的身份验证类型的属性dlopen 失败 [%s]。 dlsym 失败 [%s]。 entryUSN 属性错误krbLastPwdChange 属性krbPasswordExpiration 属性lastUSN 属性ldap_backup_uri,LDAP 服务器的 URIldap_uri,LDAP 服务器的 URINDS 的 loginAllowedTimeMap 属性NDS 的 loginDisabled 属性NDS 的 loginExpirationTime 属性malloc 失败。 memberOf 属性否未连接nsAccountLock 属性objectSID 属性pam_acct_mgmt: %s pam_authenticate 用户 [%s]: %s pam_chauthtok: %s pam_close_session: %s pam_get_item 失败:%s pam_open_session: %s pam_setcred: [%s] pam_start 失败:%s shadowExpire 属性shadowFlag 属性shadowInactive 属性shadowLastChange 属性shadowMax 属性shadowMin 属性shadowWarning 属性sss_getpwnam_r 失败 [%d]。 sss_ssh_knownhostsproxy:无法解析主机名 %s 测试 pam_acct_mgmt testing pam_authenticate testing pam_chauthtok testing pam_close_session 测试 pam_open_session 测试 pam_setcred 未知操作 用户:%s 操作:%s 服务:%s AD 的 userAccountControl 属性是