[debian-edu-commits] debian-edu/ 01/01: Update jessie manual and images from the wiki.

Mon Nov 24 20:56:23 UTC 2014

This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-doc.

commit 3207a2541d967e5e5dcdc549d9f4aa4665fb85f1
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Mon Nov 24 21:55:32 2014 +0100

    Update jessie manual and images from the wiki.
---
 .../images => }/Debian_Edu_Network_Jessie.png      | Bin
 .../debian-edu-jessie-manual.da.po                 | 145 ++++++++++++++++++--
 .../debian-edu-jessie-manual.de.po                 | 147 +++++++++++++++++++--
 .../debian-edu-jessie-manual.es.po                 | 144 ++++++++++++++++++--
 .../debian-edu-jessie-manual.fr.po                 | 145 ++++++++++++++++++--
 .../debian-edu-jessie-manual.it.po                 | 143 ++++++++++++++++++--
 .../debian-edu-jessie-manual.nb.po                 | 146 +++++++++++++++++---
 .../debian-edu-jessie-manual.nl.po                 | 145 ++++++++++++++++++--
 .../debian-edu-jessie/debian-edu-jessie-manual.pot | 112 +++++++++++++++-
 .../debian-edu-jessie/debian-edu-jessie-manual.xml |  60 ++++++++-
 .../images/Debian_Edu_Network_Jessie.png           | Bin 162062 -> 210469 bytes
 .../debian-edu-jessie/images/de/worldmap.png       | Bin 387040 -> 387059 bytes
 .../debian-edu-jessie/images/es/worldmap.png       | Bin 387147 -> 387164 bytes
 .../debian-edu-jessie/images/fr/worldmap.png       | Bin 387083 -> 387102 bytes
 .../debian-edu-jessie/images/worldmap.png          | Bin 387078 -> 387097 bytes
 15 files changed, 1107 insertions(+), 80 deletions(-)

diff --git a/documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png b/documentation/Debian_Edu_Network_Jessie.png
similarity index 100%
copy from documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png
copy to documentation/Debian_Edu_Network_Jessie.png
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.da.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.da.po
index b122581..7cc8724 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.da.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.da.po
@@ -10,7 +10,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: debian-edu-jessie-manual\n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-10-21 19:20+0100\n"
 "Last-Translator: Joe Hansen <joedalton2 at yahoo.dk>\n"
 "Language-Team: Danish <debian-l10n-danish at lists.debian.org>\n"
@@ -3790,19 +3790,19 @@ msgstr ""
 msgid "Printer Management"
 msgstr "Printerhåndtering"
 
-# engelsk fejl manglende punktum
 #. type: Content of: <article><section><para>
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"For printerhåndtering så peg din internetbrowser på <ulink url=\"https://"
-"www:631\"/>. Dette er den normale CUPS-håndteringsgrænseflade hvor du kan "
-"tilføje/slette/ændre dine printere og kan rydde op i udskrivningskøen. "
-"Ændringer som kræver et logind som administrator (root) kræver SSL-"
-"kryptering."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -6017,6 +6017,120 @@ msgstr ""
 "at besøge mappen »/tjener/nas-server/storage/« via ethvert program på enhver "
 "arbejdsstation, LTSP-klient eller LTSP-server."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+#| msgid "Restricting pupils' network access"
+msgid "Restrict ssh login access"
+msgstr "Begrænsning af elevers netværksadgang"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Lyd med LTSP-klienter"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid ""
+#| "This section explains how to use <computeroutput>apt-get upgrade</"
+#| "computeroutput>."
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"Dette afsnit forklarer hvordan du bruger <computeroutput>apt-get upgrade</"
+"computeroutput>."
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "run <computeroutput>apt-get update</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "kør <computeroutput>apt-get update</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Lyd med LTSP-klienter"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "Hjælp for skrivebordet"
@@ -11854,6 +11968,19 @@ msgstr ""
 "Yderligere information om endnu ældre versioner kan findes på <ulink url="
 "\"http://developer.skolelinux.no/info/cdbygging/news.html\"/>."
 
+# engelsk fejl manglende punktum
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "For printerhåndtering så peg din internetbrowser på <ulink url=\"https://"
+#~ "www:631\"/>. Dette er den normale CUPS-håndteringsgrænseflade hvor du kan "
+#~ "tilføje/slette/ændre dine printere og kan rydde op i udskrivningskøen. "
+#~ "Ændringer som kræver et logind som administrator (root) kræver SSL-"
+#~ "kryptering."
+
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Linuxkerne version 3.16.x"
 
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.de.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.de.po
index e59d16c..e9944f4 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.de.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.de.po
@@ -16,7 +16,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: debian-edu-jessie-manual.de\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-11-17 16:46+0100\n"
 "Last-Translator: Wolfgang Schweer <wschweer at arcor.de>\n"
 "Language-Team: German <debian-l10n-german at lists.debian.org>\n"
@@ -3872,14 +3872,15 @@ msgstr "Druckerverwaltung"
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"Um Drucker zu verwalten, öffnen Sie <ulink url=\"https://www:631\"/>. Dies "
-"ist die CUPS-Verwaltungsseite, auf der Sie Drucker hinzufügen, löschen oder "
-"deren Einstellungen ändern können. Auch können Sie Jobs aus der "
-"Warteschlange löschen. Änderungen, die ein Anmelden als Root erfordern, "
-"benötigen SSL-Verschlüsselung."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -6165,6 +6166,120 @@ msgstr ""
 "server/storage/' zugreifen - sei es von einer Workstation, einem LTSP-Client "
 "oder einem LTSP-Server aus."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+#| msgid "Restricting pupils' network access"
+msgid "Restrict ssh login access"
+msgstr "Den Netzwerkzugang von Schülern beschränken"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Sound auf LTSP-Clients"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid ""
+#| "This section explains how to use <computeroutput>apt-get upgrade</"
+#| "computeroutput>."
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"Dieser Abschnitt erklärt die Benutzung von <computeroutput>apt-get upgrade </"
+"computeroutput>."
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "run <computeroutput>apt-get update</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "führen Sie <computeroutput>apt-get update</computeroutput> aus"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Sound auf LTSP-Clients"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "HowTos für die graphische Arbeitsumgebung"
@@ -9782,8 +9897,8 @@ msgstr ""
 "translations, wenn Sie eine neue PO-Datei für Ihre Sprache anlegen oder "
 "Übersetzungen aktualisieren wollen."
 
-#. <remark>
-#. status ignore</remark>
+#.  <remark>
+#. status ignore</remark> 
 #. type: Content of: <article><section><section><para>
 msgid ""
 "Please keep in mind that this manual is still under development, so don't "
@@ -12124,6 +12239,18 @@ msgstr ""
 "url=\"http://developer.skolelinux.no/info/cdbygging/news.html\"/> gefunden "
 "werden."
 
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "Um Drucker zu verwalten, öffnen Sie <ulink url=\"https://www:631\"/>. "
+#~ "Dies ist die CUPS-Verwaltungsseite, auf der Sie Drucker hinzufügen, "
+#~ "löschen oder deren Einstellungen ändern können. Auch können Sie Jobs aus "
+#~ "der Warteschlange löschen. Änderungen, die ein Anmelden als Root "
+#~ "erfordern, benötigen SSL-Verschlüsselung."
+
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Linux-Kernel in der Version 3.16.x"
 
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.es.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.es.po
index 3922fd1..855a416 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.es.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.es.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: release-manual\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2013-12-02 00:31-0600\n"
 "Last-Translator: Norman Garcia Aguilar <norman at riseup.net>\n"
 "Language-Team: Debian Spanish <debian-l10n-spanish at lists.debian.org>\n"
@@ -3825,13 +3825,15 @@ msgstr "Gestión de impresoras"
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"Par gestionar las impresoras, dirija su navegador web a <ulink url=\"https://"
-"www:631\"/>. Este es el sitio de gestión de CUPS en el que puede añadir/"
-"borrar/modificar sus impresoras y limpiar la cola de impresión. Cambios que "
-"requieran ingresar como root, necesitan cifrado SSL."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -5801,6 +5803,115 @@ msgid ""
 "application on any workstation, LTSP client or LTSP server."
 msgstr ""
 
+#. type: Content of: <article><section><section><title>
+msgid "Restrict ssh login access"
+msgstr ""
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Sonido con clientes LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "click on the button <computeroutput>New password</computeroutput>"
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"haz click en el botón <computeroutput>Nueva contraseña</computeroutput>"
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "Run <computeroutput>invoke-rc.d slapd start</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "Ejecuta <computeroutput>invoke-rc.d slapd start</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Sonido con clientes LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 #, fuzzy
 msgid "HowTos for the desktop"
@@ -10834,6 +10945,18 @@ msgstr ""
 "Más información sobre versiones más anteriores puede encontrarse en <ulink "
 "url=\"http://developer.skolelinux.no/info/cdbygging/news.html\"/>."
 
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "Par gestionar las impresoras, dirija su navegador web a <ulink url="
+#~ "\"https://www:631\"/>. Este es el sitio de gestión de CUPS en el que "
+#~ "puede añadir/borrar/modificar sus impresoras y limpiar la cola de "
+#~ "impresión. Cambios que requieran ingresar como root, necesitan cifrado "
+#~ "SSL."
+
 #, fuzzy
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Versión del kernel linux 2.6.18"
@@ -13675,10 +13798,6 @@ msgstr ""
 #~ msgid "[attachment:lwat-edituser_squeeze.png]"
 #~ msgstr "[attachment:lwat-edituser_squeeze.png]"
 
-#~ msgid "click on the button <computeroutput>New password</computeroutput>"
-#~ msgstr ""
-#~ "haz click en el botón <computeroutput>Nueva contraseña</computeroutput>"
-
 #~ msgid ""
 #~ "note that by default it is not possible to set a self-chosen password, as "
 #~ "the corresponding field is not writable"
@@ -14118,9 +14237,6 @@ msgstr ""
 #~ "<emphasis role=\"strong\">POR CORREGIR</emphasis>, por ahora unas "
 #~ "indicaciones básicas:"
 
-#~ msgid "Run <computeroutput>invoke-rc.d slapd start</computeroutput>"
-#~ msgstr "Ejecuta <computeroutput>invoke-rc.d slapd start</computeroutput>"
-
 #, fuzzy
 #~ msgid ""
 #~ "stop slapd. <computeroutput> invoke-rc.d slapd stop </computeroutput>"
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.fr.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.fr.po
index 3e27660..66504b2 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.fr.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.fr.po
@@ -9,7 +9,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: debian-edu-doc\n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-09-23 07:24+0200\n"
 "Last-Translator: Cédric Boutillier <boutil at debian.org>\n"
 "Language-Team: French <debian-l10n-french at lists.debian.org>\n"
@@ -3925,15 +3925,15 @@ msgstr "Gestion des imprimantes"
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"Pour la gestion des imprimantes, faites pointer votre navigateur web sur "
-"<ulink url=\"https://www:631\"/>. C'est la page de l'interface de gestion de "
-"CUPS où vous pouvez ajouter/supprimer/modifier vos imprimantes et où vous "
-"pouvez vider la file d'impression. Pour les changements nécessitant de se "
-"connecter avec le mot de passe du superutilisateur, vous devrez utiliser le "
-"chiffrement SSL."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -6227,6 +6227,120 @@ msgstr ""
 "tjener/nas-server/storage/ » avec n'importe quelle application, depuis une "
 "station de travail, un client LTSP ou un serveur LTSP."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+#| msgid "Restricting pupils' network access"
+msgid "Restrict ssh login access"
+msgstr "Restriction de l'accès des élèves au réseau"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Le son avec les clients LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid ""
+#| "This section explains how to use <computeroutput>apt-get upgrade</"
+#| "computeroutput>."
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"Cette section explique comment utiliser <computeroutput>apt-get upgrade</"
+"computeroutput>."
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "run <computeroutput>apt-get update</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "exécutez <computeroutput>apt-get update</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Le son avec les clients LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "Manuels pour le bureau"
@@ -12247,5 +12361,18 @@ msgstr ""
 "ici <ulink url='http://developer.skolelinux.no/info/cdbygging/news."
 "html'>http://developer.skolelinux.no/info/cdbygging/news.html</ulink>"
 
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "Pour la gestion des imprimantes, faites pointer votre navigateur web sur "
+#~ "<ulink url=\"https://www:631\"/>. C'est la page de l'interface de gestion "
+#~ "de CUPS où vous pouvez ajouter/supprimer/modifier vos imprimantes et où "
+#~ "vous pouvez vider la file d'impression. Pour les changements nécessitant "
+#~ "de se connecter avec le mot de passe du superutilisateur, vous devrez "
+#~ "utiliser le chiffrement SSL."
+
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Noyau Linux version 3.16.x"
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.it.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.it.po
index 68a3777..4934226 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.it.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.it.po
@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: debian-edu-wheezy-manual\n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-10-23 23:32+0200\n"
 "Last-Translator: Claudio Carboncini <claudio.carboncini at gmail.com>\n"
 "Language-Team: Italian <debian-l10n-italian at list.debian.org>\n"
@@ -3843,14 +3843,15 @@ msgstr "Amministrazione delle stampanti"
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"Per l'amministrazione delle stampanti si può puntare il browser web a <ulink "
-"url=\"https://www:631\"/> Questo è l'indirizzo di CUPS dove si possono "
-"aggiungere/cancellare/modficare stampanti e pulire le code di stampa. Per "
-"fare cambiamenti occorre fare il login come root, con il protocollo che usa "
-"la cifratura SSL."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -6082,6 +6083,120 @@ msgstr ""
 "utilizzando qualsiasi applicazione su qualunque workstation, client LTSP o "
 "server LTSP."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+#| msgid "Restricting pupils' network access"
+msgid "Restrict ssh login access"
+msgstr "Limitare agli allievi l'accesso alla rete"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Suono nei client LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid ""
+#| "This section explains how to use <computeroutput>apt-get upgrade</"
+#| "computeroutput>."
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"Questa sezione spiega come usare <computeroutput>apt-get upgrade</"
+"computeroutput>."
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "run <computeroutput>apt-get update</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "eseguire <computeroutput>apt-get update</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Suono nei client LTSP"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "HowTo per il desktop"
@@ -11981,5 +12096,17 @@ msgstr ""
 "Maggiori informazioni sulle vecchie versioni possono essere trovate a <ulink "
 "url=\"http://developer.skolelinux.no/info/cdbygging/news.html\"/>."
 
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "Per l'amministrazione delle stampanti si può puntare il browser web a "
+#~ "<ulink url=\"https://www:631\"/> Questo è l'indirizzo di CUPS dove si "
+#~ "possono aggiungere/cancellare/modficare stampanti e pulire le code di "
+#~ "stampa. Per fare cambiamenti occorre fare il login come root, con il "
+#~ "protocollo che usa la cifratura SSL."
+
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Linux kernel 3.16.x"
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.nb.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.nb.po
index a6dbf1c..0f81879 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.nb.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.nb.po
@@ -11,7 +11,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: release-manual.nb\n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-06-15 16:48+0200\n"
 "Last-Translator: Ole-Erik Yrvin <oeyrvin at hagan.no>\n"
 "Language-Team: Norwegian Bokmål <i18n-nb at lister.ping.uio.no>\n"
@@ -3897,18 +3897,18 @@ msgid "Printer Management"
 msgstr "Skriverhåndtering"
 
 #. type: Content of: <article><section><para>
-#, fuzzy
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"For skriverhåndtering kan du gå til <ulink url='https://www:631'>https://"
-"www:631</ulink> med nettleseren din. Dette er den vanlige "
-"administrasjonsiden for cups der du kan legge til/slette/endre skriverne "
-"dine og kan renske utskriftskøer. For endringer der du må logge inn som root "
-"blir du tvunget til å bruke ssl-kryptering."
 
 #. type: Content of: <article><section><title>
 #, fuzzy
@@ -6225,6 +6225,113 @@ msgstr ""
 "ved hjelp av en hvilken som helstapp på alle arbeidsstasjoner, LTSP-klient "
 "eller LTSP-server."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+msgid "Restrict ssh login access"
+msgstr "Begrense nettadgang for elever"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Lyd med LTSP-klienter"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr "<computeroutput>git pull</computeroutput>"
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "Kall den <computeroutput>ExcludeProfileDirs</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Lyd med LTSP-klienter"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "Veiledninger for skrivebordet"
@@ -12147,6 +12254,19 @@ msgstr ""
 "skolelinux.no/info/cdbygging/news.html</ulink>."
 
 #, fuzzy
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "For skriverhåndtering kan du gå til <ulink url='https://www:631'>https://"
+#~ "www:631</ulink> med nettleseren din. Dette er den vanlige "
+#~ "administrasjonsiden for cups der du kan legge til/slette/endre skriverne "
+#~ "dine og kan renske utskriftskøer. For endringer der du må logge inn som "
+#~ "root blir du tvunget til å bruke ssl-kryptering."
+
+#, fuzzy
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Linux kjerneversjon 2.6.18"
 
@@ -15874,10 +15994,6 @@ msgstr ""
 #~ "Dette dokumentet ble plassert i pakken <computeroutput>debian-edu-doc</"
 #~ "computeroutput> på tidspunktet <computeroutput>209-01-15</computeroutput>."
 
-#, fuzzy
-#~ msgid "Run <computeroutput>invoke-rc.d slapd start</computeroutput>"
-#~ msgstr "Kall den <computeroutput>ExcludeProfileDirs</computeroutput>"
-
 #~ msgid ""
 #~ "Some new indexes have been added to openldap's configuration. in order to "
 #~ "benefit from these you need to regenerate indexes:"
@@ -16068,10 +16184,6 @@ msgstr ""
 #~ msgid "Load the resulting ldif file to the LDAP database."
 #~ msgstr "Legg den resulterende ldif fila til i LDAP databasen."
 
-#, fuzzy
-#~ msgid "Start <computeroutput>dhcp3-server</computeroutput>."
-#~ msgstr "<computeroutput>git pull</computeroutput>"
-
 #~ msgid ""
 #~ "tjener:~# cd /usr/share/doc/dhcp3-server-ldap/\n"
 #~ " tjener:/usr/share/doc/dhcp3-server-ldap# gunzip dhcpd-conf-to-ldap.pl."
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.nl.po b/documentation/debian-edu-jessie/debian-edu-jessie-manual.nl.po
index 2211cf3..dff1325 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.nl.po
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.nl.po
@@ -5,7 +5,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: 2014-10-24 14:51+0200\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert at yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch at lists.debian.org>\n"
@@ -3960,15 +3960,15 @@ msgstr "Printerbeheer"
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
-"Het beheer van printers gebeurt met een webbrowser op het adres <ulink url="
-"\"https://www:631\"/>. Dit is de normale interface van CUPS voor "
-"beheerstaken. U kunt er printers toevoegen, verwijderen en aanpassen en u "
-"kunt er printerwachtrijen opruimen. Voor wijzigingen waarvoor u het "
-"wachtwoord van de systeembeheerder moet ingeven, moet SSL-versleuteling "
-"gebruikt worden."
 
 #. type: Content of: <article><section><title>
 msgid "Clock synchronisation"
@@ -6300,6 +6300,120 @@ msgstr ""
 "server/storage/' te gaan met behulp van om het even welke toepassing op om "
 "het even welk werkstation of om het even welke LTSP-client of LTSP-server."
 
+#. type: Content of: <article><section><section><title>
+#, fuzzy
+#| msgid "Restricting pupils' network access"
+msgid "Restrict ssh login access"
+msgstr "De netwerktoegang voor leerlingen beperken"
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup without LTSP clients"
+msgstr "Geluid op LTSP-clients"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid ""
+#| "This section explains how to use <computeroutput>apt-get upgrade</"
+#| "computeroutput>."
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+"Deze paragraaf legt het gebruik van <computeroutput>apt-get upgrade</"
+"computeroutput> uit."
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+#, fuzzy
+#| msgid "run <computeroutput>apt-get update</computeroutput>"
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr "geef de opdracht <computeroutput>apt-get update</computeroutput>"
+
+#. type: Content of: <article><section><section><section><title>
+#, fuzzy
+#| msgid "Sound with LTSP clients"
+msgid "Setup with LTSP clients"
+msgstr "Geluid op LTSP-clients"
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr "HowTo's in verband met de bureaubladomgeving"
@@ -12395,6 +12509,19 @@ msgstr ""
 "Meer informatie over nog oudere uitgaven vindt men op <ulink url=\"http://"
 "developer.skolelinux.no/info/cdbygging/news.html\"/>."
 
+#~ msgid ""
+#~ "For Printer Management point your web browser to <ulink url=\"https://"
+#~ "www:631\"/> This is the normal CUPS management interface where you can "
+#~ "add/delete/modify your printers and can clean up the printing queue.  "
+#~ "Changes that require a root login need SSL encryption."
+#~ msgstr ""
+#~ "Het beheer van printers gebeurt met een webbrowser op het adres <ulink "
+#~ "url=\"https://www:631\"/>. Dit is de normale interface van CUPS voor "
+#~ "beheerstaken. U kunt er printers toevoegen, verwijderen en aanpassen en u "
+#~ "kunt er printerwachtrijen opruimen. Voor wijzigingen waarvoor u het "
+#~ "wachtwoord van de systeembeheerder moet ingeven, moet SSL-versleuteling "
+#~ "gebruikt worden."
+
 #~ msgid "Linux kernel 3.16.x"
 #~ msgstr "Linux kernel versie 3.16.x"
 
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.pot b/documentation/debian-edu-jessie/debian-edu-jessie-manual.pot
index c7eb7a7..bb105d7 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.pot
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.pot
@@ -7,7 +7,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2014-11-17 15:31+0100\n"
+"POT-Creation-Date: 2014-11-24 21:54+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
 "Language-Team: LANGUAGE <LL at li.org>\n"
@@ -2876,8 +2876,14 @@ msgstr ""
 msgid ""
 "For Printer Management point your web browser to <ulink url=\"https://"
 "www:631\"/> This is the normal CUPS management interface where you can add/"
-"delete/modify your printers and can clean up the printing queue.  Changes "
-"that require a root login need SSL encryption."
+"delete/modify your printers and can clean up the printing queue. By default "
+"only root is allowed but this can be changed: Open /etc/cups/cups-files.conf "
+"with an editor and add one or more valid group names matching your site "
+"policy to the line containing <computeroutput>SystemGroup lpadmin</"
+"computeroutput>. Existing GOsa² groups that might be used are "
+"<computeroutput>gosa-admins</computeroutput> (with the first user as "
+"member), <computeroutput>teachers</computeroutput> and "
+"<computeroutput>jradmins</computeroutput> (no members after installation)."
 msgstr ""
 
 #. type: Content of: <article><section><title>
@@ -4476,6 +4482,106 @@ msgid ""
 "application on any workstation, LTSP client or LTSP server."
 msgstr ""
 
+#. type: Content of: <article><section><section><title>
+msgid "Restrict ssh login access"
+msgstr ""
+
+#. type: Content of: <article><section><section><para>
+msgid "There are several ways to restrict ssh login, some are listed here."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "Setup without LTSP clients"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If no LTSP clients are used a simple solution is to create a new group (say "
+"<computeroutput>sshusers</computeroutput>) and to add a line to the "
+"machine's /etc/ssh/sshd_config file. Only members of the "
+"<computeroutput>sshusers</computeroutput> group will then be allowed to ssh "
+"into the machine from everywhere."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid "Managing this case with GOsa is quite simple:"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Create a group <computeroutput>sshusers</computeroutput> on the root level "
+"(where already other system management related groups like"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><itemizedlist><listitem><para>
+msgid "'gosa-admins' show up)."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Add users to the new group <computeroutput>sshusers</computeroutput>."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Add <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/"
+"sshd_config."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Execute <computeroutput>service ssh restart</computeroutput>."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "Setup with LTSP clients"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"The default LTSP client setup uses ssh connections to the LTSP server. So a "
+"different approach using PAM is needed."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid "Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><itemizedlist><listitem><para>
+msgid ""
+"Configure /etc/security/access.conf to allow connections for (sample) users "
+"alice, jane, bob and john from everywhere and for all other users only from "
+"the internal networks by adding these lines:"
+msgstr ""
+
+#. type: CDATA
+#, no-wrap
+msgid ""
+"+ : alice jane bob john : ALL\n"
+"+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24\n"
+"- : ALL : ALL\n"
+"#"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be "
+"dropped to disable internal ssh login access. Note: someone pluging in his "
+"box into the dedicated LTSP client network(s) will gain ssh access to the "
+"LTSP server(s) as well."
+msgstr ""
+
+#. type: Content of: <article><section><section><section><title>
+msgid "A note for more complex setups"
+msgstr ""
+
+#. type: Content of: <article><section><section><section><para>
+msgid ""
+"If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi "
+"server or LTSP cluster setup) things would be even more complicated and "
+"maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-"
+"identifier together with apropriate PAM configuration would allow to disable "
+"internal ssh login."
+msgstr ""
+
 #. type: Content of: <article><section><title>
 msgid "HowTos for the desktop"
 msgstr ""
diff --git a/documentation/debian-edu-jessie/debian-edu-jessie-manual.xml b/documentation/debian-edu-jessie/debian-edu-jessie-manual.xml
index ad95b41..66c508b 100644
--- a/documentation/debian-edu-jessie/debian-edu-jessie-manual.xml
+++ b/documentation/debian-edu-jessie/debian-edu-jessie-manual.xml
@@ -1190,7 +1190,7 @@ enter password: ]]></screen>
 <section id="GettingStarted--Printer_Management">
 <title>Printer Management
 </title>
-<para>For Printer Management point your web browser to <ulink url="https://www:631"/> This is the normal CUPS management interface where you can add/delete/modify your printers and can clean up the printing queue.  Changes that require a root login need SSL encryption.  
+<para>For Printer Management point your web browser to <ulink url="https://www:631"/> This is the normal CUPS management interface where you can add/delete/modify your printers and can clean up the printing queue. By default only root is allowed but this can be changed: Open /etc/cups/cups-files.conf with an editor and add one or more valid group names matching your site policy to the line containing <computeroutput>SystemGroup lpadmin</computeroutput>. Existing GOsa² groups that might b [...]
 </para>
 </section>
 
@@ -1916,6 +1916,64 @@ apt-get upgrade]]></screen>
 <para>Now users should be able to access the files on 'nas-server.intern' directly by just visiting the '/tjener/nas-server/storage/' directory using any application on any workstation, LTSP client or LTSP server. 
 </para>
 </section>
+
+<section id="AdvancedAdministration--Restrict_ssh_login_access">
+<title>Restrict ssh login access
+</title>
+<para>There are several ways to restrict ssh login, some are listed here. 
+</para>
+
+<section id="AdvancedAdministration--Setup_without_LTSP_clients">
+<title>Setup without LTSP clients
+</title>
+<para>If no LTSP clients are used a simple solution is to create a new group (say <computeroutput>sshusers</computeroutput>) and to add a line to the machine's /etc/ssh/sshd_config file. Only members of the <computeroutput>sshusers</computeroutput> group will then be allowed to ssh into the machine from everywhere. 
+</para>
+<para>Managing this case with GOsa is quite simple:  
+</para>
+<itemizedlist>
+<listitem>
+<para>Create a group <computeroutput>sshusers</computeroutput> on the root level (where already other system management related groups like 
+</para>
+<itemizedlist><listitem override="none">
+<para>'gosa-admins' show up). 
+</para></listitem></itemizedlist></listitem>
+<listitem>
+<para>Add users to the new group <computeroutput>sshusers</computeroutput>. 
+</para></listitem>
+<listitem>
+<para>Add  <computeroutput>AllowGroups sshusers</computeroutput> to /etc/ssh/sshd_config. 
+</para></listitem>
+<listitem>
+<para>Execute <computeroutput>service ssh restart</computeroutput>. 
+</para></listitem></itemizedlist>
+</section>
+
+<section id="AdvancedAdministration--Setup_with_LTSP_clients">
+<title>Setup with LTSP clients
+</title>
+<para>The default LTSP client setup uses ssh connections to the LTSP server. So a different approach using PAM is needed. 
+</para>
+<itemizedlist>
+<listitem>
+<para>Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file.  
+</para></listitem>
+<listitem>
+<para>Configure /etc/security/access.conf to allow connections for (sample) users alice, jane, bob and john from everywhere and for all other users only from the internal networks by adding these lines: 
+</para></listitem></itemizedlist><screen><![CDATA[+ : alice jane bob john : ALL
++ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24
+- : ALL : ALL
+#]]></screen>
+<para>If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be dropped to disable internal ssh login access. Note: someone pluging in his box into the dedicated LTSP client network(s) will gain ssh access to the LTSP server(s) as well. 
+</para>
+</section>
+
+<section id="AdvancedAdministration--A_note_for_more_complex_setups">
+<title>A note for more complex setups
+</title>
+<para>If LTSP clients were attached to the backbone network 10.0.0.0/8 (combi  server or LTSP cluster setup) things would be even more complicated and  maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-identifier together with apropriate PAM configuration would allow to disable internal ssh login. 
+</para>
+</section>
+</section>
 </section>
 
 
diff --git a/documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png b/documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png
index 2a227a1..e4da3db 100644
Binary files a/documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png and b/documentation/debian-edu-jessie/images/Debian_Edu_Network_Jessie.png differ
diff --git a/documentation/debian-edu-jessie/images/de/worldmap.png b/documentation/debian-edu-jessie/images/de/worldmap.png
index bf03c33..2b7fbbe 100644
Binary files a/documentation/debian-edu-jessie/images/de/worldmap.png and b/documentation/debian-edu-jessie/images/de/worldmap.png differ
diff --git a/documentation/debian-edu-jessie/images/es/worldmap.png b/documentation/debian-edu-jessie/images/es/worldmap.png
index cb61d41..1690306 100644
Binary files a/documentation/debian-edu-jessie/images/es/worldmap.png and b/documentation/debian-edu-jessie/images/es/worldmap.png differ
diff --git a/documentation/debian-edu-jessie/images/fr/worldmap.png b/documentation/debian-edu-jessie/images/fr/worldmap.png
index 035870a..2c44e45 100644
Binary files a/documentation/debian-edu-jessie/images/fr/worldmap.png and b/documentation/debian-edu-jessie/images/fr/worldmap.png differ
diff --git a/documentation/debian-edu-jessie/images/worldmap.png b/documentation/debian-edu-jessie/images/worldmap.png
index a0c85a7..b39d3dd 100644
Binary files a/documentation/debian-edu-jessie/images/worldmap.png and b/documentation/debian-edu-jessie/images/worldmap.png differ

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-doc.git

