��
+>Tc@so
dd
kZdd
k
Z
dd
kZdd
kZdd
kZdd
kZeiZddkl	Z	l
Z

dd
kZeiei
d�
d�Zed�
o
dd
kZn

de	f
d��YZde
f
d	��YZd
fd��YZdef
d
��YZedjo]
eieiei�
eid�

ed�
o

e�Zn

e�Zeiei��

n

d
S(i����N(tOptionParsertIndentedHelpFormattertc

Csti
d
i|�
d
jS(Ni(tsystargvtfind(
tname((s#/usr/share/authconfig/authconfig.pytrunsAs#s
sauthconfig-tuitUnihelpOptionParsercBseZ
d
d�
ZRS(cCs�|
djo

t
i}
n

ti�}t|
d
d�}|p

|djo

|}n

|
i|i�i|�
i	|d��

dS(Ntencodingtasciitreplace(
tNoneRtstdouttlocaletgetpreferredencodingtgetattrtwritetformat_helptdecodetencode(tselftfiletsrcencodingR	((s#/usr/share/authconfig/authconfig.pyt
print_help*s









N(t__name__t
__module__RR(((s#/usr/share/authconfig/authconfig.pyR)s
tNonWrapFormatterc
BseZ
d�ZRS(
cCs
g}|i|
}|i
|id
}t|�
|jo#
d|id|f}|i
}n9
d|id||f}d|id||f}d}|i|�

|
io-
|i|
�
}|id|d|f�

n#
|ddjo
|id�

n

di|�
S(Nis%*s%s
Rs	%*s%-*s  ii����s

(toption_stringst
help_positiontcurrent_indenttlentappendthelptexpand_defaulttjoin(Rtoptiontresulttoptst	opt_widthtindent_firstt	help_text((s#/usr/share/authconfig/authconfig.pyt
format_option4s 

















(RRR*(((s#/usr/share/authconfig/authconfig.pyR3s
t
Authconfigc
Bs}eZ
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�ZRS(
c

CsCt|_
t|_t|_t|_t|_t|_d
|_dS(Ni(tFalset	nis_availtkerberos_availt
ldap_availt
sssd_availtcache_availt
fprintd_availtretval(
R((s#/usr/share/authconfig/authconfig.pyt__init__Xs
	
	
	
	
	
	
c


Csd
S(Nt
authconfig((
R((s#/usr/share/authconfig/authconfig.pytmoduleas
cCs$ti
id
|i�|
f�

dS(Ns%s: %s
(RtstderrRR6(Rterror((s#/usr/share/authconfig/authconfig.pyt
printErrords
cCsyd
}d}x\|
D]T}|d
jo
|d7}n

|o
|t|�
d7}n

||7}|d7}qW|d7}|S(Nit
<t
|t
=i
t
>(
tstr(Rt
ltaddidxtidxR!titem((s#/usr/share/authconfig/authconfig.pytlistHelpgs













c
	Cstd
�
|i
�}
|i
�djo
|
d7}
n

t|
dtdt��
}|idddd	d	td
�
�
|idddd
d	td�
�
|iddd
d	td�
�

|idddd
d	td�
�
|iddd
d	td�
�

|idd|itit�d	td�
�

|iddd
d	td�
�

|iddd
d	td�
�

|iddtd�
d	td�
�

|id dtd!�
d	td"�
�

|id#dd
d	td$�
�

|id%dd
d	td&�
�

|id'dd
d	td(�
�

|id)dd
d	td*�
�

|id+dtd!�
d	td,�
�

|id-dtd.�
d	td/�
�

|id0d1dd
d	td2�
�
|id3d4dd
d	td5�
�
|id6dd
d	td7�
�

|id8dd
d	td9�
�

|id:dtd;�
d	td<�
�

|id=dd
d	td>�
�

|id?dd
d	td@�
�

|idAdd
d	tdB�
�

|idCdd
d	tdD�
�

|idEdtdF�
d	tdG�
�

|iti	�t
�}|idHd|d	tdI�
�

|idJdd
d	tdK�
�

|idLdd
d	tdM�
�

|idNdd
d	tdO�
�

|idPdd
d	tdQ�
�

|idRdtd!�
d	tdS�
�

|idTdtd!�
d	tdU�
�

|idVdtdW�
d	tdX�
�

|idYdd
d	tdZ�
�

|id[dd
d	td\�
�

|id]dd
d	td^�
�

|id_dd
d	td`�
�

|idadd
d	tdb�
�

|idcdd
d	tdd�
�

|idedd
d	tdf�
�

|idgdd
d	tdh�
�

|ididdjd	tdk�
�

|idldtdW�
d	tdm�
�

|idndtdo�
d	tdp�
�

|idqdtdr�
d	tds�
�

|idtdudvdtdw�
d	tdx�
�
|idyddzd	td{�
�

|id|dd}d	td~�
�

|iddd�d	td��
�

|id�dd�d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd�d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dtd�
d	td��
�

|id�dtdW�
d	td��
�

|id�dtdo�
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd�d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd�d	td��
�

|id�dd�d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dd
d	td��
�

|i
�d�joB
|id�dd
d	td��
�

|id�dd
d	td��
�

n#
|id�d�dd
d	td��
�
|id�dd
d	td��
�

|id�dd
d	td��
�

|id�dtd��
d	td��
�

|id�dtd��
d	td��
�

|id�dd
d	td��
�

|i�\|_}|o$
|i
td��
�

tid��

n

|i
�d�jo}
|iioo
|iioa
|iioS
|iioE
|iio7
|iio)
|iio
|i�
tid��

n

dS(�Nsusage: %s [options]R5se {--update|--updateall|--test|--probe|--restorebackup <name>|--savebackup <name>|--restorelastbackup}tadd_help_optiont	formatters-hs--helptactionR!sshow this help message and exits--enableshadows--useshadowt
store_trues$enable shadowed passwords by defaults--disableshadows%disable shadowed passwords by defaults--enablemd5s--usemd5senable MD5 passwords by defaults--disablemd5s disable MD5 passwords by defaults
--passalgotmetavars&hash/crypt algorithm for new passwordss--enableniss*enable NIS for user information by defaults--disableniss+disable NIS for user information by defaults--nisdomains<domain>sdefault NIS domains--nisservers<server>sdefault NIS servers--enableldaps+enable LDAP for user information by defaults
--disableldaps,disable LDAP for user information by defaults--enableldapauths)enable LDAP for authentication by defaults--disableldapauths*disable LDAP for authentication by defaults--ldapservers#default LDAP server hostname or URIs--ldapbasedns<dn>sdefault LDAP base DNs--enableldaptlss--enableldapstarttlss&enable use of TLS with LDAP (RFC-2830)s--disableldaptlss--disableldapstarttlss'disable use of TLS with LDAP (RFC-2830)s--enablerfc2307bissBenable use of RFC-2307bis schema for LDAP user information lookupss--disablerfc2307bissCdisable use of RFC-2307bis schema for LDAP user information lookupss--ldaploadcacerts<URL>s load CA certificate from the URLs--enablesmartcards0enable authentication with smart card by defaults--disablesmartcards1disable authentication with smart card by defaults--enablerequiresmartcards0require smart card for authentication by defaults--disablerequiresmartcards7do not require smart card for authentication by defaults--smartcardmodules<module>s default smart card module to uses--smartcardactions(action to be taken on smart card removals--enablefingerprints9enable authentication with fingerprint readers by defaults--disablefingerprints:disable authentication with fingerprint readers by defaults--enablekrb5s)enable kerberos authentication by defaults
--disablekrb5s*disable kerberos authentication by defaults	--krb5kdcsdefault kerberos KDCs--krb5adminserversdefault kerberos admin servers--krb5realms<realm>sdefault kerberos realms--enablekrb5kdcdnss'enable use of DNS to find kerberos KDCss--disablekrb5kdcdnss(disable use of DNS to find kerberos KDCss--enablekrb5realmdnss)enable use of DNS to find kerberos realmss--disablekrb5realmdnss*disable use of DNS to find kerberos realmss--enablewinbinds.enable winbind for user information by defaults--disablewinbinds/disable winbind for user information by defaults--enablewinbindauths,enable winbind for authentication by defaults--disablewinbindauths-disable winbind for authentication by defaults
--smbsecuritys<user|server|domain|ads>s*security mode to use for samba and winbinds
--smbrealms5default realm for samba and winbind when security=adss--smbserverss	<servers>s(names of servers to authenticate againsts--smbworkgroups<workgroup>s'workgroup authentication servers are ins--smbidmapranges
--smbidmapuids
--smbidmapgids<lowest-highest>s4uid range winbind will assign to domain or ads userss--winbindseparators<\>s�the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enableds--winbindtemplatehomedirs
</home/%D/%U>sGthe directory which winbind-created users will have as home directoriess--winbindtemplateprimarygroups<nobody>sFthe group which winbind-created users will have as their primary groups--winbindtemplateshells</bin/false>sDthe shell which winbind-created users will have as their login shells--enablewinbindusedefaultdomains[configures winbind to assume that users with no domain in their user names are domain userss --disablewinbindusedefaultdomains_configures winbind to assume that users with no domain in their user names are not domain userss--enablewinbindofflines)configures winbind to allow offline logins--disablewinbindofflines+configures winbind to prevent offline logins
--winbindjoins<Administrator>s>join the winbind domain or ads realm now as this administrators
--enableipav2s?enable IPAv2 for user information and authentication by defaults--disableipav2s@disable IPAv2 for user information and authentication by defaults
--ipav2domains-the IPAv2 domain the system should be part ofs--ipav2realmsthe realm for the IPAv2 domains
--ipav2serversthe server for the IPAv2 domains--enableipav2nontps-do not setup the NTP against the IPAv2 domains--disableipav2nontps0setup the NTP against the IPAv2 domain (default)s--ipav2joins	<account>s%join the IPAv2 domain as this accounts--enablewinss#enable wins for hostname resolutions
--disablewinss$disable wins for hostname resolutions--enablepreferdnss3prefer dns over wins or nis for hostname resolutions--disablepreferdnss:do not prefer dns over wins or nis for hostname resolutions--enablehesiods-enable hesiod for user information by defaults--disablehesiods.disable hesiod for user information by defaults--hesiodlhss<lhs>sdefault hesiod LHSs--hesiodrhss<rhs>sdefault hesiod RHSs--enablesssdsOenable SSSD for user information by default with manually managed configurations
--disablesssdsVdisable SSSD for user information by default (still used for supported configurations)s--enablesssdauthsMenable SSSD for authentication by default with manually managed configurations--disablesssdauthsSdisable SSSD for authentication by default (still used for supported configurationss--enableforcelegacys;never use SSSD implicitly even for supported configurationss--disableforcelegacys4use SSSD implicitly if it supports the configurations--enablecachecredss5enable caching of user credentials in SSSD by defaults--disablecachecredss6disable caching of user credentials in SSSD by defaults
--enablecachesXenable caching of user information by default (automatically disabled when SSSD is used)s--disablecaches.disable caching of user information by defaults--enablelocauthorizes1local authorization is sufficient for local userss--disablelocauthorizes1authorize local users also through remote services--enablepamaccesss.check access.conf during account authorizations--disablepamaccesss5do not check access.conf during account authorizations--enablesysnetauths0authenticate system accounts by network servicess--disablesysnetauths0authenticate system accounts by local files onlys--enablemkhomedirs6create home directories for users on their first logins--disablemkhomedirs=do not create home directories for users on their first logins	--nostarts+do not start/stop portmap, ypbind, and nscds--tests>do not update the configuration files, only print new settingssauthconfig-tuis--backs<display Back instead of Cancel in the main dialog of the TUIs--kickstarts1do not display the deprecated text user interfaces--updatesDopposite of --test, update configuration files with changed settingss--updateallsupdate all configuration filess--probes)probe network for defaults and print thems--savebackups<name>s(save a backup of all configuration filess--restorebackups)restore the backup of configuration filess--restorelastbackupsXrestore the backup of configuration files saved before the previous configuration changesunexpected argumenti(t
_R6RR,Rt
add_optionRCtauthinfotpassword_algorithmstgetSmartcardActionstTruet
parse_argstoptionsR9Rtexittprobettesttupdatet	updateallt
savebackupt
restorebackuptrestorelastbackupR(Rtusagetparsertactshelptargs((s#/usr/share/authconfig/authconfig.pytparseOptionsts�
























































































































































































































































































"
*



c
Cs�ti
|i�
}
|
i�
|
io#
|
io
d
|
i|
ifGHn

|
io#
|
io
d|
i|
ifGHn

|
io-
d|
i|
i	p
d|
i
p
dfGHn

dS(Nshesiod %s/%ssldap %s/%s
skrb5 %s/%s/%s
R(RKtAuthInfoR9RRt	hesiodLHSt	hesiodRHSt
ldapServert
ldapBaseDNt
kerberosRealmtkerberosKDCtkerberosAdminServer(Rtinfo((s#/usr/share/authconfig/authconfig.pyRRp
s




	


	



	
c

CsNti
|i�
|_|ii�|_|iidjo
t|i_n

dS(
N(	RKtreadR9RftcopytpristineinfotenableLocAuthorizeRRN(
R((s#/usr/share/authconfig/authconfig.pytreadAuthInfo}
s


c

Cs�ti
titi�o
ti
titi�|_ti
titi�|_ti
ti	ti�o
ti
ti
ti�|_ti
titi�o
ti
ti
ti�|_ti
titi�|_ti
titi�|_dS(
N(tostaccessRKtPATH_YPBINDtX_OKtPATH_LIBNSS_NISR-t
PATH_PAM_KRB5R.t
PATH_PAM_LDAPtPATH_LIBNSS_LDAPR/tPATH_PAM_SSStPATH_LIBNSS_SSSR0t	PATH_NSCDR1tPATH_PAM_FPRINTDR2(
R((s#/usr/share/authconfig/authconfig.pyttestAvailableSubsys�
s








c

Cs�hd
d6dd6dd6dd6d	d
6dd6d
d6dd6dd6dd6dd6dd6dd6dd6dd6dd 6d!d"6d#d$6d%d&6d'd(6d)d*6d+d,6d-d.6d/d06d1d26d3d46d5d66d7d86d9d:6d;d<6}
hd=d>6d?d@6dAdB6dCdD6dEdF6dGdH6dIdJ6dKdL6dMdN6dOdP6dQdR6dSdT6dUdV6dWdX6dYdZ6d[d\6d]d^6d_d`6dadb6dcdd6dedf6dgdh6didj6dkdl6dmdn6}xv|
i�D]h\}}t
|ido|�o
t|i|t�
n

t
|idp|�o
t|i|t�
q�

q�
Wy-|iio
d|i_n

dq|i_Wnt	j
o



n
X|ii
oY
|ii
|iijo@
|ii|ii
�
|i_
|ii|ii
�
|i_n

xV|i�D]H\}}t
|i|�djo#
t|i|t
|i|��
q�
q�W|iioS
|iiidrds�}|dt|i_t|�
dsjo
|ds|i_qh
n

|iidjo
|ii|i_n

|iiok
y,t|ii�
}ti�||i_Wq	ttfj
o&



|itdu�
�

dq|i_q	
Xn

|ii p>
|ii!o
dv|i_"n

|ii#o
dw|i_"q�
nC
|ii ti$jo,
|itdx�
�

dy|i_"dz|_%n

dS({NtenableShadowtshadowRjtlocauthorizetenablePAMAccesst	pamaccesstenableSysNetAutht
sysnetauthtenableMkHomeDirt	mkhomedirtenableCachetcachetenableHesiodthesiodt
enableLDAPtldaptenableLDAPStldaptlstenableRFC2307bist
rfc2307bistenableLDAPAuthtldapauthtenableKerberostkrb5t	enableNIStnistkerberosKDCviaDNSt
krb5kdcdnstkerberosRealmviaDNStkrb5realmdnstenableSmartcardt	smartcardt
enableFprintdtfingerprinttforceSmartcardtrequiresmartcardt
enableWinbindtwinbindtenableWinbindAuthtwinbindauthtwinbindUseDefaultDomaintwinbindusedefaultdomaintwinbindOfflinetwinbindofflinetenableIPAv2tipav2t
ipav2NoNTPt
ipav2nontpt
enableWINStwinst
enableSSSDtsssdtenableSSSDAuthtsssdauthtenableForceLegacytforcelegacytenableCacheCredst
cachecredstpreferDNSinHostst	preferdnstpasswordAlgorithmtpassalgoR_t	hesiodlhsR`t	hesiodrhsRat
ldapserverRbt
ldapbasednt
ldapCacertURLtldaploadcacertRct	krb5realmRdtkrb5kdcRetkrb5adminservertsmartcardModuletsmartcardmoduletsmartcardActiontsmartcardactiont	nisDomaint	nisdomaint	nisServert	nisservertsmbWorkgrouptsmbworkgroupt
smbServerst
smbserverstsmbSecuritytsmbsecuritytsmbRealmtsmbrealmt
smbIdmapRanget
smbidmaprangetwinbindSeparatortwinbindseparatortwinbindTemplateHomedirtwinbindtemplatehomedirtwinbindTemplatePrimaryGrouptwinbindtemplateprimarygrouptwinbindTemplateShelltwinbindtemplateshelltipav2Domaintipav2domaint
ipav2Realmt
ipav2realmtipav2Servertipav2servertenabletdisableRt
%i
is(Bad smart card removal action specified.tmd5tdescrypts;Unknown password hashing algorithm specified, using sha256.tsha256i(&t	iteritemsRRPtsetattrRfRNR,R�t
ldapSchematAttributeErrorR�RctgetKerberosKDCRdtgetKerberosAdminServerReRtwinbindjointsplittjoinUserRtjoinPasswordt	ipav2joinR�tintRKRMR�t
ValueErrort
IndexErrorR9RIR�t	enablemd5R�t
disablemd5RLR3(Rt
bool_settingststring_settingstopttaivaltlstRA((s#/usr/share/authconfig/authconfig.pytoverrideSettings�
s�



































































&

"


'























c


CstS(
N(
RN(
R((s#/usr/share/authconfig/authconfig.pytdoUI�
s
c
Csnt}
|i
io
|iit�
}
n

|i
idjo.
|iit�
o
|ii�
qj
t	}
n

|
S(
N(
RNRPR�Rft
joinDomainR�Rt
joinIPADomaintwriteSysconfigR,(Rtret((s#/usr/share/authconfig/authconfig.pyR��
s







c

Cs�|ii
�
|iio!
|ii�p

d
|_q;
n

|ii�
|iio!
|ii�p

d|_q�
n$
|ii	|i
�
p

d|_n

|i�p

d|_n

|ii|ii
�

dS(Niii(RfttestLDAPCACertsR�tdownloadLDAPCACertR3trehashLDAPCACertsRPRURtwriteChangedRiR�tposttnostart(
R((s#/usr/share/authconfig/authconfig.pyt
writeAuthInfos

















c
Cs�
|i�
|i
io
|i�
tid
�

n

|i
io7
ti�d
jo$
|it	d�
�

tid�

n

|i
�
|i
io'
|ii
�}
tit|
�
�

n

|i
io0
|ii|i
i�
}
tit|
�
�

n

|i
io0
|ii|i
i�
}
tit|
�
�

n

|i�
|i�
|i�p5
|i
io
|it	d�
�

n

tid�

n

|i
io
|ii�
n
|i�
|iS(Niscan only be run as rootisdialog was cancelledi
(R]RPRRRRQRSRltgetuidR9RIRkRXRftrestoreLastR�RWt
restoreBackupRVt
saveBackupRxR�R�t	printInfoR
R3(Rtrv((s#/usr/share/authconfig/authconfig.pytruns6







!






























(RRR4R6R9RCR]RRRkRxR�R�R�R
R

(((s#/usr/share/authconfig/authconfig.pyR+Ws
					
	�	
			k			t
AuthconfigTUIcBs�eZ
d�Zd
�Zd�Zd�Zddd�Zd�Zd�Z	d�Z
d�Zd	�Zd
�Z
d�Zd�Zd
�Zd�ZRS(c


Csd
S(Nsauthconfig-tui((
R((s#/usr/share/authconfig/authconfig.pyR6;s
c

Cs2|ii
o!
|iio
|iit�

n

dS(
N(RPt	kickstartR�RfR�RN(
R((s#/usr/share/authconfig/authconfig.pyR�>s
cCs�|
p
dS
x�|o�
|d
}|d}t|�
t
jo@
|ii�o
|d}|d}q}
|d
}|d
}n

ti|ti�pI
td�
||d|f}ti	|i
td�
|td�
g
�
n

|d}q
WdS(Niii
s�The %s file was not found, but it is required for %s support to work properly.
Install the %s package, which provides this file.tWarningtOki(ttypettupleRft
sssdSupportedRlRmtR_OKRItsnacktButtonChoiceWindowtscreen(Rttoggletwarningtpathtpackagettext((s#/usr/share/authconfig/authconfig.pytwarnCs"














	

,
c
#
CsMti
td
�
ddg}
titd�
ddg}titiftd�
d6dg}titiftd�
d7dg}titi	ftd
�
d8dg}ti
td�
d
dg}titd�
ddg}titd�
ddg}ti
td�
d|g}	titd�
d|	g}
tidd�}titd�
�
}|i|dddddd�
titd�
t|ii�
�}
}|i|dddddd�
titd�
t|ii�
�}}|i|dddddd�
titd�
t|ii�
�}}|i|dddddd�
titd�
t|ii�
�}}|i|dd dddd�
titd!�
t|ii�
�}}|i|dd"dddd�
tidd#�}titd$�
�
}|i|dddddd�
titd%�
t|iid&j�
�}}|i|dddddd�
titd'�
t|ii�
�}}|i|dddddd�
titd(�
t|ii�
�}}|i|dddddd�
titd)�
t|ii�
�}}|i|dd dddd�
titd*�
t|ii�
�}}|i|dd"dddd�
titd+�
t|ii �
�}}|i|dddddd�
titd,�
t|ii!�
�}}|i|dd-dddd�
tidd�}|i|ddddd.dd/d9�
|i|ddd0dd.dd/d:�
tidd�}ti"|i#i$o

td1�
p

td2�
�
}ti"td3�
�
}|i|dd�
|i|dd�
tidd�}|i|dddd�

|i|dddd�

ti%�} |i&i'|td4�
�
| i(|�

| i)�}||jo�

|
i*�|i_|i*�|i_|i*�|i_|i*�|i_|i*�|i_|i*�|i_|i*�o
d&|i_n$
|iid&jo
d5|i_n

|i*�|i_|i*�|i_|i*�|i_ |i*�|i_!|i*�|i_|ii|
f|ii|f|ii|f|ii|
f|ii|f|ii|f|ii|f|ii|f|ii |	fg	}!x*|!D]}"|i+|"d|"d�
qWn

|i&i,�
||jS(;NtcachingtnscdsFingerprint readertpam_fprintdtKerberostpam_krb5ssssd-clientsLDAP authenticationtpam_ldaptLDAPs
nss-pam-ldapdtNIStypbindsshadow passwordsshadow-utilstWinbindssamba-clientsWinbind authenticationssamba-commoni
isUser Informationit
anchorLefttgrowxsCache InformationsUse LDAPisUse NISis	Use IPAv2isUse WinbindiitAuthenticationsUse MD5 PasswordsR�sUse Shadow PasswordssUse LDAP AuthenticationsUse KerberossUse Fingerprint readersUse Winbind Authentications!Local authorization is sufficientit	anchorToptpaddingtanchorRighttBacktCanceltNextsAuthentication ConfigurationR�(R#
ssssd-client(R$
ssssd-client(s
nss-pam-ldapdssssd-client(i
ii
i
(iii
i
(-RKRvRIRRwRqRtRrRsRuRntPATH_PWCONVtPATH_WINBIND_NETtPATH_PAM_WINBINDtPATH_LIBNSS_WINBINDR
tGridtLabeltsetFieldtCheckboxtboolRfR�R�R�R�R�R�RyR�R�R�R�RjtButtonRPtbacktFormR
tgridWrappedWindowtaddR

tselectedR
t	popWindow(#Rt	warnCachetwarnFprintdtwarnKerberostwarnLDAPAuthtwarnLDAPtwarnNISt
warnShadowtwarnWinbindNettwarnWinbindAuthtwarnWinbindtinfoGridtcompR�tcbR�R�R�R�tauthGridR�RztldapaR�tfprintdR�R{tmechGridt
buttonGridtcanceltoktmainGridtformtallwarningsR
((s#/usr/share/authconfig/authconfig.pytgetMainChoicesWs�


$
$
$





(
(
(
(
(

.
(
(
(
(
(
(

%
%
/































 
cCst|�
}t
id
|�}d}	g}
xx|D]p\}}}
}|djop
t
i|tt|i|
��
�}|
i|�

|it
i	d�
d|	dd�

|i|d|	dd�

n�

|djo|
t
i	|�
}|i|d|	d	ddd�
t
i
d
t|i|
�d|�
}|
i|�

|i|d|	dd�

nO

|d
jo�
t
i	|�
}|i|d|	d	ddddd�
y#t|i|
�}|i|�

Wntj
o



|d}n
Xd}g}x*|D]"}|i||||jf�

q�
Wt
id|�}|
i|�

|i|d|	dd�

nV
|djoH
t
id|dddd�}|
i|�

|i|d|	dd�

n

|	d7}	q1Wt
i|o
dp
d
d�}t
i|�
}t
i|�
}|o
t
i|�
p
d}|i|dd�
|o
|i|dd�
n

|i||o
d
p
dd�
t
idd
�}|i|ddd	ddd�
|i|ddd	ddd�
t
i�}|ii||
�
|i|�

x)
to!

|i�}||jo
Pn

|
}x�|D]�\}}}
}|djo&
t|i|
|id�
i��
q
|djo&
t|i|
|id�
i��
q
|d
jo&
t|i|
|id�
i��
q
|djo
|id�

q
qW||jo
Pn

|o
|�
q�
q�
W|ii�
||jS(NiittfvalueRR.
i
R)
tsvalueR-
i(thiddenR*
trvalueR,
tlvaluei2tflexDowntflexUpi(iii
i(iii
i(iiii
(iiii(RR
R6
R9
R:
RRfR R8
R7
tEntrytindexR�RtRadioBartTextboxReflowedR;
R=
R
R>
R?
RNR

R�tpopR@
tvaluetgetSelectionRA
(Rtdtitletitemst	canceltxttoktxtt
anothertxtt	anothercbtrowstquestionGridtrowtwidgetst
ttdesctattrtvalRN
RM
tselt
buttonlistt
vtradioBarRS
RT
RU
tanotherRV
RW
twcopy((s#/usr/share/authconfig/authconfig.pytgetGenericChoices�s�





$


"




$




%








 








 






!












&

&

&







c	Cs�d
td�
ddfd
td�
ddfd
td�
ddfg}|i
td	�
|td
�
|
o

td�
p

td�
d
td�
d|i�S(NR[
sDomain:R�isRealm:R�sServer:R�sIPAv2 SettingsR/
R1
R
Rl
sJoin DomainRm
(RIR|
tmaybeGetJoinSettings(Rtnextt	questions((s#/usr/share/authconfig/authconfig.pytgetIPAv2Settings(s




,
cCs�d
td�
ddfdtd�
ddfdtd�
d	dfg}|itd
�
|td�
|
o

td�
p

td
�
�S(NRZ
sUse TLSR�R[
sServer:RaisBase DN:Rbs
LDAP SettingsR/
R1
R
(RIRR|
(RR~
R
((s#/usr/share/authconfig/authconfig.pytgetLDAPSettings0s





cCsld
td�
ddfd
td�
ddfg}|i
td�
|td�
|
o

td	�
p

td
�
�S(NR[
sDomain:R�isServer:R�sNIS SettingsR/
R1
R
(RIR|
(RR~
R
((s#/usr/share/authconfig/authconfig.pytgetNISSettings7s



cCs�d
td�
ddfd
td�
ddfd
td�
ddfd	td
�
ddfd	td�
d
dfg}|itd�
|td�
|
o

td�
p

td�
�S(NR[
sRealm:RcisKDC:Rds
Admin Server:ReRZ
s"Use DNS to resolve hosts to realmsR�s!Use DNS to locate KDCs for realmsR�sKerberos SettingsR/
R1
R
(RIRR|
(RR~
R
((s#/usr/share/authconfig/authconfig.pytgetKerberosSettings=s






c
Cs�d
td�
ddfd
td�
ddfg}
|i
ip
d|i
_n

|itd	�
|
td
�
td�
�om
|ii�
|i
i�
|i
io
|i
it	�

n"
|i
i
o
|i
it	�

n

|ii�
n

t	S(NR[
sDomain Administrator:R�is	Password:R�i
t
Administrators
Join SettingsR0
R
(
RIRfR�R|
R
tsuspendRTR�R�RNR�R�tresume(RR
((s#/usr/share/authconfig/authconfig.pytgetJoinSettingsFs


















c
Cs�d
td�
ddfg
}
ti|i�
}|i�
|ii�
t}|ii|�
o.
|i	td�
|
td�
td�
�}n

|o
|ii
�
n

|i�
tS(NR^
s�Some of the configuration changes you've made should be saved to disk before continuing.  If you do not save them, then your attempt to join the domain may fail.  Save changes?s
Save SettingstNotYes(
RIRRKRgR9RTRfR,tdiffersR|
RR�
RN(RR
t	orig_infoR�((s#/usr/share/authconfig/authconfig.pyR}
Vs

	














c	Cs�d
dg}ddddddg}d	�}t||�}d
t
d�
d|fd
t
d�
ddfd
t
d�
ddfd
t
d�
ddfd
t
d�
d|fg}|it
d�
|t
d�
|
o

t
d�
p

t
d�
dt
d�
d|i�S(Ntadstdomains
/sbin/nologins/bin/shs	/bin/bashs	/bin/tcshs/bin/kshs/bin/zshc

Ssti
|ti�S(
N(RlRmRo(
tshell((s#/usr/share/authconfig/authconfig.pytshellexistsks
R]
sSecurity Model:R�R[
sDomain:R�isDomain Controllers:R�s
ADS Realm:R�sTemplate Shell:R�sWinbind SettingsR/
R1
R
Rl
sJoin DomainRm
(tfilterRIR|
R}
(RR~
tsecuritytshellsR�
R
((s#/usr/share/authconfig/authconfig.pytgetWinbindSettingsfs


		




,
c
Csbd
}
t}xI|
djo;
|
dj
o.
|i
i�
|
d
jo
|i�}n�

|
djoq
|i
io`
|i
ip>
|i
ip1
|i
ip$
|i
ip
|i
i	p

|i
i
}|i|�
}q'
nW

|
djod
|i
ip

|i
ioF
|i
ip$
|i
ip
|i
i	p

|i
i
}|i|�
}q'
n�
|
djoJ
|i
io9
|i
ip
|i
i	p

|i
i
}|i
|�
}q'
n�
|
djo=
|i
io,
|i
i	p

|i
i
}|i|�
}q'
nE
|
djo7
|i
i	p

|i
i
o
t}|i|�
}q'
n

|i
i�
|o
|
d
7}
q
|
d
8}
q
W|
djS(	Ni
iiiiiii(R,RfRTRY
R�R�R�R�R�R�R�R�
R�
R�
R�
R�
(RR~
trctmore((s#/usr/share/authconfig/authconfig.pyt
getChoices{sV






























































c
CsBtd
�
|i
i}
ti|itd�
|
td�
g
�
dS(Ns�To connect to a LDAP server with TLS protocol enabled you need a CA certificate which signed your server's certificate. Copy the certificate in the PEM format to the '%s' directory.
Then press OK.R
R
(RIRft
ldapCacertDirR
R
R
(RR
((s#/usr/share/authconfig/authconfig.pytdisplayCACertsMessage�s
	

c
Cs�|ii
o
tS
z�ti�|_|i�}
|iitd
�
�

|ii	dd|
d�
|i
�p
|ii�
tS
|i
io
|i
i�o
|i�
n

Wd|ii�
XtS(NsN <Tab>/<Alt-Tab> between elements   |   <Space> selects   |  <F12> next screenis - (c) 1999-2005 Red Hat, Inc.(RPR
RNR
tSnackScreenR
R6tpushHelpLineRItdrawRootTextR�
tfinishR,RfR�R
R�
(Rtpackageversion((s#/usr/share/authconfig/authconfig.pyR��s












N(RRR6R�R
RY
RR|
R�
R�
R�
R�
R�
R}
R�
R�
R�
R�(((s#/usr/share/authconfig/authconfig.pyR
:s
				r_									-	t__main__R5(RKtacutiltgettextRltsignalRtlgettextRItoptparseRR
Rt	setlocaletLC_ALLRR
RRR+R
RtSIGINTtSIG_DFLt
textdomainR6RQR

(((s#/usr/share/authconfig/authconfig.pyt<module>s*
0
	


	


$����