[Pkg-sssd-devel] sssd: Changes to 'debian-experimental'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Tue Aug 21 11:47:03 UTC 2012
BUILD.txt | 4
Makefile.am | 246
configure.ac | 17
contrib/sssd.spec.in | 77
debian/changelog | 85
debian/control | 2
debian/patches/fix-CVE-2012-3462.diff | 16
debian/patches/fix-upstream-1297.diff | 254
debian/patches/fix-upstream-1298.diff | 51
debian/patches/fix-upstream-1330.diff | 40
debian/patches/fix-upstream-1343.diff | 52
debian/patches/series | 5
debian/rules | 6
debian/sssd.preinst | 26
debian/sssd.prerm | 7
po/LINGUAS | 2
po/POTFILES.in | 2
po/ca.po | 1625 +++++
po/de.po | 715 +-
po/es.po | 756 +-
po/eu.po | 1649 +++++
po/fr.po | 830 +-
po/hu.po | 727 +-
po/id.po | 730 +-
po/it.po | 745 +-
po/ja.po | 785 +-
po/nb.po | 712 +-
po/nl.po | 762 +-
po/pl.po | 826 +-
po/pt.po | 749 +-
po/ru.po | 740 +-
po/sssd.pot | 706 +-
po/sv.po | 734 +-
po/tg.po | 715 +-
po/tr.po | 1650 +++++
po/uk.po | 823 +-
po/zh_TW.po | 730 +-
src/conf_macros.m4 | 48
src/confdb/confdb.c | 101
src/confdb/confdb.h | 26
src/config/SSSDConfig.py | 1998 ------
src/config/SSSDConfig/__init__.py.in | 2025 ++++++
src/config/SSSDConfig/ipachangeconf.py | 588 +
src/config/SSSDConfig/sssd_upgrade_config.py | 436 +
src/config/SSSDConfigTest.py | 40
src/config/etc/sssd.api.conf | 10
src/config/etc/sssd.api.d/sssd-ad.conf | 125
src/config/etc/sssd.api.d/sssd-ipa.conf | 14
src/config/etc/sssd.api.d/sssd-krb5.conf | 2
src/config/etc/sssd.api.d/sssd-ldap.conf | 13
src/config/ipachangeconf.py | 588 -
src/config/setup.py | 36
src/config/setup.py.in | 32
src/config/sssd_upgrade_config.py | 436 -
src/db/sysdb.c | 34
src/db/sysdb.h | 70
src/db/sysdb_ops.c | 246
src/db/sysdb_private.h | 4
src/db/sysdb_ranges.c | 345 +
src/db/sysdb_selinux.c | 56
src/db/sysdb_selinux.h | 2
src/db/sysdb_subdomains.c | 283
src/db/sysdb_sudo.c | 382 -
src/db/sysdb_sudo.h | 15
src/db/sysdb_upgrade.c | 147
src/external/krb5.m4 | 5
src/external/pac_responder.m4 | 37
src/krb5_plugin/sssd_krb5_locator_plugin.c | 3
src/ldb_modules/memberof.c | 47
src/lib/idmap/sss_idmap.c | 6
src/lib/idmap/sss_idmap.h | 121
src/lib/idmap/sss_idmap_conv.c | 211
src/lib/idmap/sss_idmap_private.h | 19
src/man/Makefile.am | 13
src/man/include/failover.xml | 12
src/man/include/ldap_id_mapping.xml | 2
src/man/include/seealso.xml | 84
src/man/pam_sss.8.xml | 10
src/man/po/ca.po | 8091 +++++++++++++++++++++++++
src/man/po/cs.po | 2845 +++++---
src/man/po/es.po | 3129 +++++----
src/man/po/eu.po | 8022 ++++++++++++++++++++++++
src/man/po/fr.po | 3279 +++++-----
src/man/po/ja.po | 3523 ++++++----
src/man/po/nl.po | 2865 +++++---
src/man/po/po4a.cfg | 6
src/man/po/pt.po | 2976 +++++----
src/man/po/ru.po | 2833 +++++---
src/man/po/sssd-docs.pot | 2737 +++++---
src/man/po/tg.po | 2832 +++++---
src/man/po/uk.po | 3949 +++++++-----
src/man/sss_cache.8.xml | 3
src/man/sss_debuglevel.8.xml | 3
src/man/sss_groupadd.8.xml | 25
src/man/sss_groupdel.8.xml | 25
src/man/sss_groupmod.8.xml | 25
src/man/sss_groupshow.8.xml | 22
src/man/sss_obfuscate.8.xml | 11
src/man/sss_seed.8.xml | 165
src/man/sss_ssh_authorizedkeys.1.xml | 16
src/man/sss_ssh_knownhostsproxy.1.xml | 18
src/man/sss_useradd.8.xml | 25
src/man/sss_userdel.8.xml | 25
src/man/sss_usermod.8.xml | 25
src/man/sssd-ad.5.xml | 253
src/man/sssd-ipa.5.xml | 40
src/man/sssd-krb5.5.xml | 30
src/man/sssd-ldap.5.xml | 210
src/man/sssd-simple.5.xml | 13
src/man/sssd-sudo.5.xml | 210
src/man/sssd.8.xml | 28
src/man/sssd.conf.5.xml | 380 -
src/man/sssd_krb5_locator_plugin.8.xml | 16
src/monitor/monitor.c | 6
src/providers/ad/ad_access.c | 96
src/providers/ad/ad_access.h | 35
src/providers/ad/ad_common.c | 730 ++
src/providers/ad/ad_common.h | 93
src/providers/ad/ad_id.c | 37
src/providers/ad/ad_id.h | 29
src/providers/ad/ad_init.c | 327 +
src/providers/ad/ad_opts.h | 238
src/providers/data_provider.h | 5
src/providers/data_provider_be.c | 143
src/providers/data_provider_callbacks.c | 35
src/providers/data_provider_fo.c | 215
src/providers/dp_backend.h | 29
src/providers/fail_over.c | 87
src/providers/fail_over.h | 7
src/providers/ipa/ipa_access.c | 32
src/providers/ipa/ipa_access.h | 5
src/providers/ipa/ipa_autofs.c | 2
src/providers/ipa/ipa_common.c | 161
src/providers/ipa/ipa_common.h | 8
src/providers/ipa/ipa_hosts.c | 5
src/providers/ipa/ipa_id.c | 3
src/providers/ipa/ipa_init.c | 118
src/providers/ipa/ipa_netgroups.c | 2
src/providers/ipa/ipa_opts.h | 23
src/providers/ipa/ipa_selinux.c | 702 ++
src/providers/ipa/ipa_selinux.h | 40
src/providers/ipa/ipa_selinux_common.c | 41
src/providers/ipa/ipa_selinux_common.h | 4
src/providers/ipa/ipa_selinux_maps.c | 3
src/providers/ipa/ipa_session.c | 599 -
src/providers/ipa/ipa_session.h | 40
src/providers/ipa/ipa_subdomains.c | 851 ++
src/providers/ipa/ipa_subdomains.h | 13
src/providers/ipa/ipa_subdomains_id.c | 6
src/providers/krb5/krb5_auth.c | 350 -
src/providers/krb5/krb5_auth.h | 12
src/providers/krb5/krb5_become_user.c | 2
src/providers/krb5/krb5_child.c | 446 +
src/providers/krb5/krb5_child_handler.c | 146
src/providers/krb5/krb5_common.c | 204
src/providers/krb5/krb5_common.h | 18
src/providers/krb5/krb5_init.c | 78
src/providers/krb5/krb5_init_shared.c | 94
src/providers/krb5/krb5_init_shared.h | 29
src/providers/krb5/krb5_opts.h | 6
src/providers/krb5/krb5_utils.c | 635 +
src/providers/krb5/krb5_utils.h | 47
src/providers/ldap/ldap_child.c | 31
src/providers/ldap/ldap_common.c | 137
src/providers/ldap/ldap_common.h | 8
src/providers/ldap/ldap_id.c | 14
src/providers/ldap/ldap_id_cleanup.c | 2
src/providers/ldap/ldap_id_enum.c | 8
src/providers/ldap/ldap_id_netgroup.c | 4
src/providers/ldap/ldap_id_services.c | 3
src/providers/ldap/ldap_init.c | 10
src/providers/ldap/ldap_opts.h | 19
src/providers/ldap/sdap.c | 38
src/providers/ldap/sdap.h | 19
src/providers/ldap/sdap_async.c | 211
src/providers/ldap/sdap_async.h | 38
src/providers/ldap/sdap_async_autofs.c | 8
src/providers/ldap/sdap_async_connection.c | 123
src/providers/ldap/sdap_async_groups.c | 663 +-
src/providers/ldap/sdap_async_groups_ad.c | 250
src/providers/ldap/sdap_async_initgroups.c | 201
src/providers/ldap/sdap_async_initgroups_ad.c | 292
src/providers/ldap/sdap_async_private.h | 13
src/providers/ldap/sdap_async_services.c | 3
src/providers/ldap/sdap_async_sudo.c | 609 +
src/providers/ldap/sdap_async_sudo_hostinfo.c | 563 +
src/providers/ldap/sdap_async_sudo_timer.c | 178
src/providers/ldap/sdap_async_users.c | 6
src/providers/ldap/sdap_id_op.c | 42
src/providers/ldap/sdap_range.c | 3
src/providers/ldap/sdap_sudo.c | 1383 ++--
src/providers/ldap/sdap_sudo.h | 49
src/providers/ldap/sdap_sudo_cache.c | 95
src/providers/ldap/sdap_sudo_cache.h | 8
src/providers/ldap/sdap_sudo_timer.c | 236
src/providers/ldap/sdap_sudo_timer.h | 41
src/providers/proxy/proxy_id.c | 16
src/providers/simple/simple_access.c | 4
src/resolv/async_resolv.c | 17
src/responder/autofs/autofssrv_cmd.c | 4
src/responder/common/negcache.c | 15
src/responder/common/negcache.h | 1
src/responder/common/responder.h | 19
src/responder/common/responder_common.c | 245
src/responder/common/responder_get_domains.c | 2
src/responder/nss/nsssrv.c | 28
src/responder/nss/nsssrv.h | 1
src/responder/nss/nsssrv_cmd.c | 413 -
src/responder/nss/nsssrv_mmap_cache.c | 4
src/responder/nss/nsssrv_mmap_cache.h | 2
src/responder/nss/nsssrv_netgroup.c | 14
src/responder/nss/nsssrv_private.h | 2
src/responder/nss/nsssrv_services.c | 18
src/responder/pac/pacsrv.c | 261
src/responder/pac/pacsrv.h | 108
src/responder/pac/pacsrv_cmd.c | 532 +
src/responder/pac/pacsrv_utils.c | 586 +
src/responder/pam/pamsrv.c | 3
src/responder/pam/pamsrv_cmd.c | 225
src/responder/ssh/sshsrv_cmd.c | 4
src/responder/sudo/sudosrv.c | 19
src/responder/sudo/sudosrv_cache.c | 328 -
src/responder/sudo/sudosrv_cmd.c | 219
src/responder/sudo/sudosrv_dp.c | 97
src/responder/sudo/sudosrv_get_sudorules.c | 422 -
src/responder/sudo/sudosrv_private.h | 117
src/responder/sudo/sudosrv_query.c | 243
src/sbus/sssd_dbus_server.c | 2
src/sss_client/common.c | 66
src/sss_client/krb5_authdata_int.h | 185
src/sss_client/nss_mc_common.c | 17
src/sss_client/nss_services.c | 16
src/sss_client/pam_sss.c | 79
src/sss_client/ssh/sss_ssh_client.c | 8
src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 94
src/sss_client/sss_cli.h | 15
src/sss_client/sssd_pac.c | 280
src/sss_client/sudo/sss_sudo.c | 107
src/sss_client/sudo/sss_sudo.h | 62
src/sss_client/sudo/sss_sudo_private.h | 1
src/sss_client/sudo/sss_sudo_response.c | 13
src/sss_client/sudo_testcli/sudo_testcli.c | 65
src/tests/ad_ldap_opt-tests.c | 109
src/tests/common.c | 12
src/tests/crypto-tests.c | 49
src/tests/debug-tests.c | 3
src/tests/fail_over-tests.c | 16
src/tests/krb5_child-test.c | 568 +
src/tests/krb5_utils-tests.c | 93
src/tests/pac_responder-tests.c | 106
src/tests/resolv-tests.c | 3
src/tests/responder_socket_access-tests.c | 178
src/tests/simple_access-tests.c | 3
src/tests/sss_idmap-tests.c | 155
src/tests/sysdb-tests.c | 60
src/tests/sysdb_ssh-tests.c | 447 +
src/tools/sss_cache.c | 10
src/tools/sss_groupdel.c | 2
src/tools/sss_groupmod.c | 4
src/tools/sss_groupshow.c | 54
src/tools/sss_seed.c | 829 ++
src/tools/sss_useradd.c | 6
src/tools/sss_userdel.c | 8
src/tools/sss_usermod.c | 4
src/tools/tools_util.c | 2
src/tools/tools_util.h | 2
src/util/check_and_open.c | 4
src/util/crypto/libcrypto/crypto_base64.c | 103
src/util/crypto/libcrypto/crypto_hmac_sha1.c | 60
src/util/crypto/libcrypto/crypto_obfuscate.c | 285
src/util/crypto/libcrypto/crypto_sha512crypt.c | 3
src/util/debug.c | 5
src/util/domain_info_utils.c | 1
src/util/murmurhash3.c | 3
src/util/server.c | 6
src/util/sss_krb5.c | 215
src/util/sss_krb5.h | 41
src/util/sss_ldap.h | 8
src/util/sss_selinux.c | 94
src/util/sss_selinux.h | 11
src/util/usertools.c | 155
src/util/util.h | 1
version.m4 | 2
283 files changed, 69793 insertions(+), 26979 deletions(-)
New commits:
commit 82b964a85583973b05a20ace7af8b78140358e28
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 14:07:07 2012 +0300
control: Drop libunistring-dev from build-depends and add libglib2.0-dev for unicode support.
diff --git a/debian/changelog b/debian/changelog
index d4f18ab..2179c2f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -59,6 +59,8 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
* Added fix-CVE-2012-3462.diff from upstream git.
+ * control: Drop libunistring-dev from build-depends and add libglib2.0-dev
+ for unicode support.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/control b/debian/control
index 681044e..eb0a49d 100644
--- a/debian/control
+++ b/debian/control
@@ -30,12 +30,12 @@ Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release,
libc-ares-dev,
python-dev (>= 2.6.6-3~),
libsemanage1-dev,
- libunistring-dev,
libdhash-dev,
libcollection-dev,
libini-config-dev,
check,
dh-apparmor,
+ libglib2.0-dev,
Standards-Version: 3.9.3
Vcs-Git: git://git.debian.org/git/pkg-sssd/sssd
Vcs-Browser: http://git.debian.org/?p=pkg-sssd/sssd.git
commit e3708d7d4ab5e9ed966b1b347cdc7c231fd8b9c8
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:59:42 2012 +0300
Added fix-CVE-2012-3462.diff from upstream git.
diff --git a/debian/changelog b/debian/changelog
index 90003cc..d4f18ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -58,6 +58,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
+ * Added fix-CVE-2012-3462.diff from upstream git.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/patches/fix-CVE-2012-3462.diff b/debian/patches/fix-CVE-2012-3462.diff
new file mode 100644
index 0000000..4d4ce5c
--- /dev/null
+++ b/debian/patches/fix-CVE-2012-3462.diff
@@ -0,0 +1,16 @@
+commit ffcf27b0b773b580289d596f796aaf86c45ba920
+Author: Jakub Hrozek <jhrozek at redhat.com>
+Date: Wed Aug 8 19:26:35 2012 +0200
+
+ Abort PAM access phase if HBAC does not return PAM_SUCCESS
+
+--- a/src/providers/data_provider_be.c
++++ b/src/providers/data_provider_be.c
+@@ -766,6 +766,7 @@
+ pd = talloc_get_type(req->req_data, struct pam_data);
+
+ if (pd->cmd == SSS_PAM_ACCT_MGMT &&
++ pd->pam_status == PAM_SUCCESS &&
+ req->phase == REQ_PHASE_ACCESS &&
+ dp_err_type == DP_ERR_OK) {
+ if (!becli->bectx->bet_info[BET_SELINUX].bet_ops) {
diff --git a/debian/patches/series b/debian/patches/series
index a82d1b4..09cc687 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1 @@
-#placeholder
+fix-CVE-2012-3462.diff
commit b162728f34075009578089a30e2ab4ce6fd3c76f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:57:56 2012 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 6577497..90003cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,6 @@
-sssd (1.9.0~beta1-1) UNRELEASED; urgency=low
+sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- * New upstream prerelease 1.9.0beta1. Highlights:
+ * New upstream prerelease 1.9.0beta6. Highlights:
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active
@@ -9,6 +9,51 @@ sssd (1.9.0~beta1-1) UNRELEASED; urgency=low
relationships)
- Add a new fast in-memory cache to speed up lookups of cached data
on repeated requests
+ - Add support for the Kerberos DIR cache for storing multiple TGTs
+ automatically
+ - Major performance enhancement when storing large groups in the cache
+ - Major performance enhancement when performing initgroups() against
+ Active Directory
+ - SSSDConfig data file default locations can now be set during
+ configure for easier packaging
+ - Add a new PAC responder for dealing with cross-realm Kerberos trusts
+ - Terminate idle connections to the NSS and PAM responders
+ - Switch from libunistring to glib2 for unicode support
+ - Add a new AD provider to improve integration with Active Directory
+ 2008 R2 or later servers
+ - SUDO integration was completely rewritten. The new implementation
+ works with multiple domains and uses an improved refresh mechanism to
+ download only the necessary rules
+ - The IPA authentication provider now supports subdomains
+ - Fixed regression for setups that were setting default_tkt_enctypes
+ manually by reverting a previous workaround.
+ - Many fixes for the support for setting default SELinux user context
+ from FreeIPA, most notably fixed the specificity evaluation
+ - Fixed an incorrect default in the krb5_canonicalize option of the AD
+ provider which was preventing password change operation
+ - The shadowLastChange attribute value is now correctly updated with the
+ number of days since the Epoch, not seconds
+ - A new option, override_shell was added. If this option is set, all
+ users managed by SSSD will have their shell set to its value.
+ - Many fixes for the support for setting default SELinux user context
+ from FreeIPA. Most notably, the SELinux mappings can now link to HBAC
+ rules as the source of users and hosts they apply to.
+ - Fixed a regression introduced in beta 5 that prevented LDAP SASL binds
+ from working unless the value of ldap_sasl_minssf was explicitly specified.
+ - The SSSD supports the concept of a Primary Server and a Back Up
+ Server. Certain servers in the fail over list can be marked as back up
+ only. If the SSSD switches to a back up server because a primary server
+ is not available, it would later try to re-establish a connection to the
+ primary server. This feature would mainly benefit users who configure
+ fail over servers from different data centers or geographies.
+ - A new command-line tool sss_seed is available. This tool is able to
+ prime the internal cache with a user record and a cached password to
+ support the scenario when a user needs to log in to the client before
+ the network connection to the centralized identity source is established,
+ such as the first log in to a new machine.
+ - In scenarios, where the SSSD is acting as an IPA client, it is able to
+ discover and save the DNS domain-Kerberos realm mappings between an IPA
+ server and a trusted Active Directory server.
* Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
commit 16e6509622935b05f1ec023dc9f6dbbf167f6ce2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:13:14 2012 +0300
sssd.{preinst,postrm}: Install the apparmor profile in force-complain mode on install
and remove the profile directory on purge (if empty). Also migrate from previous setup which installed it as disabled.
diff --git a/debian/changelog b/debian/changelog
index 52a59ed..18b8fcb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ sssd (1.8.4-2) UNRELEASED; urgency=low
* rules: Fix the current date format, and move the date mangling to
happen before dh_install is run. (Closes: #670019)
+ * sssd.{preinst,postrm}: Install the apparmor profile in force-complain
+ mode on install, and remove the profile directory on purge (if empty). Also
+ migrate from previous setup which installed it as disabled.
-- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 05 Jun 2012 11:39:33 +0300
diff --git a/debian/sssd.preinst b/debian/sssd.preinst
index d90db96..7ba9f2b 100755
--- a/debian/sssd.preinst
+++ b/debian/sssd.preinst
@@ -23,20 +23,21 @@ rm_conffile() {
fi
}
-disable_profile() {
- APP_CONFFILE="/etc/apparmor.d/usr.sbin.sssd"
- APP_DISABLE="/etc/apparmor.d/disable/usr.sbin.sssd"
+APP_PROFILE="usr.sbin.sssd"
+APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE"
+APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE"
+APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE"
+
+inst_complain_profile() {
# Create a symlink to the yet-to-be-unpacked profile
- if [ ! -e "$APP_CONFFILE" ]; then
- mkdir -p `dirname $APP_DISABLE` 2>/dev/null || true
- ln -sf $APP_CONFFILE $APP_DISABLE
- fi
+ mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true
+ ln -sf $APP_CONFFILE $APP_COMPLAIN
}
case "$1" in
install)
- # Disable AppArmor profile on install
- disable_profile
+ # Force the AppArmor profile to complain mode on install
+ inst_complain_profile
;;
upgrade)
if dpkg --compare-versions "$2" le "1.0.5-1"; then
@@ -48,8 +49,11 @@ upgrade)
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf"
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf"
fi
- if dpkg --compare-versions "$2" lt "1.8.4-1"; then
- disable_profile
+ if dpkg --compare-versions "$2" lt "1.8.4-2"; then
+ inst_complain_profile
+ if [ -e "$APP_DISABLE" ]; then
+ rm_conffile sssd "$APP_DISABLE"
+ fi
fi
;;
esac
diff --git a/debian/sssd.prerm b/debian/sssd.prerm
index 3122dd8..f277ac1 100644
--- a/debian/sssd.prerm
+++ b/debian/sssd.prerm
@@ -5,5 +5,12 @@ invoke_failure() {
return
}
+if [ "$1" = "purge" ]; then
+ APP_PROFILE="usr.sbin.sssd"
+ rm -f /etc/apparmor.d/force-complain/$APP_PROFILE >/dev/null 2>&1 || true
+ rm -f /etc/apparmor.d/disable/$APP_PROFILE >/dev/null 2>&1 || true
+ rmdir /etc/apparmor.d/disable >/dev/null 2>&1 || true
+fi
+
#DEBHELPER#
commit 65a9065538fd85e6ead925d344e6b421900eb8c2
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Aug 1 22:56:36 2012 +0200
Update translations for 1.9.0 beta 6 release
diff --git a/po/de.po b/po/de.po
index 616d594..bc3a400 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel at lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-07-10 15:56+0200\n"
+"POT-Creation-Date: 2012-08-01 22:54+0200\n"
"PO-Revision-Date: 2012-07-10 14:15+0000\n"
"Last-Translator: jhrozek <jhrozek at redhat.com>\n"
"Language-Team: German <trans-de at lists.fedoraproject.org>\n"
@@ -95,7 +95,7 @@ msgid "Entry cache background update timeout length (seconds)"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:61
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "Negative cache timeout length (seconds)"
msgstr ""
@@ -125,850 +125,877 @@ msgid ""
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:68
-msgid "The list of shells users are allowed to log in with"
+msgid "Override shell value from the identity provider with this value"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:69
+msgid "The list of shells users are allowed to log in with"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:70
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:77
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:89
+#: src/config/SSSDConfig/__init__.py.in:90
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "Identity provider"
msgstr "Identity Provider"
-#: src/config/SSSDConfig/__init__.py.in:96
+#: src/config/SSSDConfig/__init__.py.in:97
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:97
+#: src/config/SSSDConfig/__init__.py.in:98
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:100
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:101
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:102
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:106
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:107
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:111
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:112
#: src/config/SSSDConfig/__init__.py.in:119
#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:121
#: src/config/SSSDConfig/__init__.py.in:122
#: src/config/SSSDConfig/__init__.py.in:123
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:113
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:127
msgid "IPA domain"
msgstr "IPA-Domain"
-#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
msgid "IPA server address"
msgstr "IPA-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+msgid "Address of backup IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:130
msgid "IPA client hostname"
msgstr "IPA-Client-Rechnername"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:131
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:134
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:135
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:136
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:137
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:142
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:143
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:144
+#, fuzzy
+msgid "Active Directory backup server address"
+msgstr "Kerberos-Serveradresse"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:145
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:150
+#, fuzzy
+msgid "Kerberos backup server address"
+msgstr "Kerberos-Serveradresse"
+
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "Kerberos realm"
msgstr "Kerberos Realm"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:155
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:156
+#: src/config/SSSDConfig/__init__.py.in:160
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:161
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:162
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:169
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:172
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:173
+msgid "ldap_backup_uri, The URI of the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:170
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:171
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:179
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:180
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "List of possible ciphers suites"
More information about the Pkg-sssd-devel
mailing list