keystone/releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po

# Andi Chandler <andi@gowling.com>, 2017. #zanata
# Andi Chandler <andi@gowling.com>, 2018. #zanata
msgid ""
msgstr ""
"Project-Id-Version: keystone\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-08-08 22:56+0000\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2018-08-08 09:01+0000\n"
"Last-Translator: Andi Chandler <andi@gowling.com>\n"
"Language-Team: English (United Kingdom)\n"
"Language: en_GB\n"
"X-Generator: Zanata 4.3.3\n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"

msgid "'/' and ',' are not allowed to be in a tag"
msgstr "'/' and ',' are not allowed to be in a tag"

msgid ""
"**Experimental** - Domain specific configuration options can be stored in "
"SQL instead of configuration files, using the new REST APIs."
msgstr ""
"**Experimental** - Domain specific configuration options can be stored in "
"SQL instead of configuration files, using the new REST APIs."

msgid ""
"**Experimental** - Keystone now supports tokenless authorization with X.509 "
"SSL client certificate."
msgstr ""
"**Experimental** - Keystone now supports tokenless authorisation with X.509 "
"SSL client certificate."

msgid "10.0.0"
msgstr "10.0.0"

msgid "10.0.1"
msgstr "10.0.1"

msgid "10.0.3"
msgstr "10.0.3"

msgid "11.0.0"
msgstr "11.0.0"

msgid "11.0.1"
msgstr "11.0.1"

msgid "11.0.3"
msgstr "11.0.3"

msgid "11.0.4"
msgstr "11.0.4"

msgid "12.0.0"
msgstr "12.0.0"

msgid "12.0.1"
msgstr "12.0.1"

msgid "13.0.0"
msgstr "13.0.0"

msgid "13.0.1"
msgstr "13.0.1"

msgid "14.0.0.0b1"
msgstr "14.0.0.0b1"

msgid "14.0.0.0b2"
msgstr "14.0.0.0b2"

msgid "14.0.0.0b3"
msgstr "14.0.0.0b3"

msgid "8.0.1"
msgstr "8.0.1"

msgid "8.1.0"
msgstr "8.1.0"

msgid "9.0.0"
msgstr "9.0.0"

msgid "9.2.0"
msgstr "9.2.0"

msgid ""
"A new ``secure_proxy_ssl_header`` configuration option is available when "
"running keystone behind a proxy."
msgstr ""
"A new ``secure_proxy_ssl_header`` configuration option is available when "
"running keystone behind a proxy."

msgid ""
"A new config option, `insecure_debug`, is added to control whether debug "
"information is returned to clients. This used to be controlled by the "
"`debug` option. If you'd like to return extra information to clients set the "
"value to ``true``. This extra information may help an attacker."
msgstr ""
"A new config option, `insecure_debug`, is added to control whether debug "
"information is returned to clients. This used to be controlled by the "
"`debug` option. If you'd like to return extra information to clients set the "
"value to ``true``. This extra information may help an attacker."

msgid ""
"A new interface called `list_federated_users_info` is added to shadow "
"backend. It's used to get the shadow user information internally. If you are "
"maintaining any out-tree shadow backends, please implement this function for "
"them as well."
msgstr ""
"A new interface called `list_federated_users_info` is added to shadow "
"backend. It's used to get the shadow user information internally. If you are "
"maintaining any out-tree shadow backends, please implement this function for "
"them as well."

msgid ""
"Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
"issued tokens to validation cache thus reducing the first validation time as "
"if token is already validated and token data cached."
msgstr ""
"Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
"issued tokens to validation cache thus reducing the first validation time as "
"if token is already validated and token data cached."

msgid ""
"Add ``keystone-manage mapping_populate`` command, which should be used when "
"domain-specific LDAP backend is used."
msgstr ""
"Add ``keystone-manage mapping_populate`` command, which should be used when "
"domain-specific LDAP backend is used."

msgid ""
"Add ``keystone-manage mapping_populate`` command. This command will pre-"
"populate a mapping table with all users from LDAP, in order to improve "
"future query performance. It should be used when an LDAP is first "
"configured, or after calling ``keystone-manage mapping_purge``, before any "
"queries related to the domain are made. For more information see ``keystone-"
"manage mapping_populate --help``"
msgstr ""
"Add ``keystone-manage mapping_populate`` command. This command will pre-"
"populate a mapping table with all users from LDAP, in order to improve "
"future query performance. It should be used when an LDAP is first "
"configured, or after calling ``keystone-manage mapping_purge``, before any "
"queries related to the domain are made. For more information see ``keystone-"
"manage mapping_populate --help``"

msgid ""
"Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
"allow a user to check the status of rolling upgrades in the database."
msgstr ""
"Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
"allow a user to check the status of rolling upgrades in the database."

msgid ""
"Adjust configuration tools as necessary, see the ``fixes`` section for more "
"details on this change."
msgstr ""
"Adjust configuration tools as necessary, see the ``fixes`` section for more "
"details on this change."

msgid ""
"Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
"methods`` option are ignored when the rules are processed. Empty rules are "
"not allowed. If a rule is empty due to no-valid auth methods existing within "
"it, the rule is discarded at authentication time. If there are no rules or "
"no valid rules for the user, authentication occurs in the default manner: "
"any single configured auth method is sufficient to receive a token."
msgstr ""
"Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
"methods`` option are ignored when the rules are processed. Empty rules are "
"not allowed. If a rule is empty due to no-valid auth methods existing within "
"it, the rule is discarded at authentication time. If there are no rules or "
"no valid rules for the user, authentication occurs in the default manner: "
"any single configured auth method is sufficient to receive a token."

msgid ""
"As a performance improvement, the base mapping driver's method "
"``get_domain_mapping_list`` now accepts an optional named argument "
"``entity_type`` that can be used to get the mappings for a given entity type "
"only. As this new call signature is already used in the ``identity.core`` "
"module, authors/maintainers of out-of-tree custom mapping drivers are "
"expected to update their implementations of ``get_domain_mapping_list`` "
"method accordingly."
msgstr ""
"As a performance improvement, the base mapping driver's method "
"``get_domain_mapping_list`` now accepts an optional named argument "
"``entity_type`` that can be used to get the mappings for a given entity type "
"only. As this new call signature is already used in the ``identity.core`` "
"module, authors/maintainers of out-of-tree custom mapping drivers are "
"expected to update their implementations of ``get_domain_mapping_list`` "
"method accordingly."

msgid "Bug Fixes"
msgstr "Bug Fixes"

msgid ""
"Certain deprecated methods from the assignment manager were removed in favor "
"of the same methods in the [resource] and [role] manager."
msgstr ""
"Certain deprecated methods from the assignment manager were removed in "
"favour of the same methods in the [resource] and [role] manager."

msgid ""
"Certain variables in ``keystone.conf`` now have options, which determine if "
"the user's setting is valid."
msgstr ""
"Certain variables in ``keystone.conf`` now have options, which determine if "
"the user's setting is valid."

msgid "Configuring per-Identity Provider WebSSO is now supported."
msgstr "Configuring per-Identity Provider WebSSO is now supported."

msgid "Critical Issues"
msgstr "Critical Issues"

msgid "Current Series Release Notes"
msgstr "Current Series Release Notes"

msgid "Deprecation Notes"
msgstr "Deprecation Notes"

msgid ""
"Domain name information can now be used in policy rules with the attribute "
"``domain_name``."
msgstr ""
"Domain name information can now be used in policy rules with the attribute "
"``domain_name``."

msgid ""
"Domains are now represented as top level projects with the attribute "
"`is_domain` set to true. Such projects will appear as parents for any "
"previous top level projects. Projects acting as domains can be created, "
"read, updated, and deleted via either the project API or the domain API (V3 "
"only)."
msgstr ""
"Domains are now represented as top level projects with the attribute "
"`is_domain` set to true. Such projects will appear as parents for any "
"previous top level projects. Projects acting as domains can be created, "
"read, updated, and deleted via either the project API or the domain API (V3 "
"only)."

msgid ""
"Each list of methods specifies a rule. If the auth methods provided by a "
"user match (or exceed) the auth methods in the list, that rule is used. The "
"first rule found (rules will not be processed in a specific order) that "
"matches will be used. If a user has the ruleset defined as ``[[\"password\", "
"\"totp\"]]`` the user must provide both password and totp auth methods (and "
"both methods must succeed) to receive a token. However, if a user has a "
"ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
"may use the ``password`` method on it's own but would be required to use "
"both ``password`` and ``totp`` if ``totp`` is specified at all."
msgstr ""
"Each list of methods specifies a rule. If the auth methods provided by a "
"user match (or exceed) the auth methods in the list, that rule is used. The "
"first rule found (rules will not be processed in a specific order) that "
"matches will be used. If a user has the ruleset defined as ``[[\"password\", "
"\"totp\"]]`` the user must provide both password and totp auth methods (and "
"both methods must succeed) to receive a token. However, if a user has a "
"ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
"may use the ``password`` method on it's own but would be required to use "
"both ``password`` and ``totp`` if ``totp`` is specified at all."

msgid "Each project can have up to 100 tags"
msgstr "Each project can have up to 100 tags"

msgid "Each tag can be up to 255 characters"
msgstr "Each tag can be up to 255 characters"

msgid ""
"Features that were \"extensions\" in previous releases (OAuth delegation, "
"Federated Identity support, Endpoint Policy, etc) are now enabled by default."
msgstr ""
"Features that were \"extensions\" in previous releases (OAuth delegation, "
"Federated Identity support, Endpoint Policy, etc) are now enabled by default."

msgid ""
"Fixes a bug related to the password create date.  If you deployed master "
"during Newton development, the password create date may be reset. This would "
"only be apparent if you have security compliance features enabled."
msgstr ""
"Fixes a bug related to the password create date.  If you deployed master "
"during Newton development, the password create date may be reset. This would "
"only be apparent if you have security compliance features enabled."

msgid ""
"For additional details see: `event notifications <See https://docs.openstack."
"org/developer/keystone/event_notifications.html>`_"
msgstr ""
"For additional details see: `event notifications <See https://docs.openstack."
"org/developer/keystone/event_notifications.html>`_"

msgid ""
"If PCI support is enabled, via the ``[security_compliance]`` configuration "
"options, then the ``password_expires_at`` field will be populated with a "
"timestamp. Otherwise, it will default to ``null``, indicating the password "
"does not expire."
msgstr ""
"If PCI support is enabled, via the ``[security_compliance]`` configuration "
"options, then the ``password_expires_at`` field will be populated with a "
"timestamp. Otherwise, it will default to ``null``, indicating the password "
"does not expire."

msgid ""
"If a password does not meet the specified criteria. See "
"``[security_compliance] password_regex``."
msgstr ""
"If a password does not meet the specified criteria. See "
"``[security_compliance] password_regex``."

msgid ""
"If a user attempts to change their password too often. See "
"``[security_compliance] minimum_password_age``."
msgstr ""
"If a user attempts to change their password too often. See "
"``[security_compliance] minimum_password_age``."

msgid ""
"If a user does not change their passwords at least once every X days. See "
"``[security_compliance] password_expires_days``."
msgstr ""
"If a user does not change their passwords at least once every X days. See "
"``[security_compliance] password_expires_days``."

msgid ""
"If a user is locked out after many failed authentication attempts. See "
"``[security_compliance] lockout_failure_attempts``."
msgstr ""
"If a user is locked out after many failed authentication attempts. See "
"``[security_compliance] lockout_failure_attempts``."

msgid ""
"If a user submits a new password that was recently used. See "
"``[security_compliance] unique_last_password_count``."
msgstr ""
"If a user submits a new password that was recently used. See "
"``[security_compliance] unique_last_password_count``."

msgid ""
"If performing rolling upgrades, set `[identity] "
"rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
"to continue to hash passwords in a manner that older (pre Pike release) "
"keystones can still verify passwords. Once all upgrades are complete, ensure "
"this option is set back to `False`."
msgstr ""
"If performing rolling upgrades, set `[identity] "
"rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
"to continue to hash passwords in a manner that older (pre Pike release) "
"keystones can still verify passwords. Once all upgrades are complete, ensure "
"this option is set back to `False`."

msgid ""
"In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
"favor of the \"use\" directive, specifying an entrypoint."
msgstr ""
"In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
"favour of the \"use\" directive, specifying an entrypoint."

msgid ""
"In the [resource] and [role] sections of the ``keystone.conf`` file, not "
"specifying the driver and using the assignment driver is deprecated. In the "
"Mitaka release, the resource and role drivers will default to the SQL driver."
msgstr ""
"In the [resource] and [role] sections of the ``keystone.conf`` file, not "
"specifying the driver and using the assignment driver is deprecated. In the "
"Mitaka release, the resource and role drivers will default to the SQL driver."

msgid ""
"In the case a user should be exempt from MFA Rules, regardless if they are "
"set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
"for that user via the user create and update API (``POST/PATCH /v3/users``) "
"call. If this option is set to ``False`` the MFA rules will be ignored for "
"the user. Any other value except ``False`` will result in the MFA Rules "
"being processed; the option can only be a boolean (``True`` or ``False``) or "
"\"None\" (which will result in the default behavior (same as ``True``) but "
"the option will no longer be shown in the ``user[\"options\"]`` dictionary."
msgstr ""
"In the case a user should be exempt from MFA Rules, regardless if they are "
"set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
"for that user via the user create and update API (``POST/PATCH /v3/users``) "
"call. If this option is set to ``False`` the MFA rules will be ignored for "
"the user. Any other value except ``False`` will result in the MFA Rules "
"being processed; the option can only be a boolean (``True`` or ``False``) or "
"\"None\" (which will result in the default behaviour (same as ``True``) but "
"the option will no longer be shown in the ``user[\"options\"]`` dictionary."

msgid ""
"In the policy.json file, we changed `identity:list_projects_for_groups` to "
"`identity:list_projects_for_user`. Likewise, we changed `identity:"
"list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
"customized the policy.json file, you will need to make these changes. This "
"was done to better support new features around federation."
msgstr ""
"In the policy.json file, we changed `identity:list_projects_for_groups` to "
"`identity:list_projects_for_user`. Likewise, we changed `identity:"
"list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
"customized the policy.json file, you will need to make these changes. This "
"was done to better support new features around federation."

msgid ""
"It is no longer possible to, via the ``paste.ini`` file to inject middleware "
"into the running keystone application. This reduces the attack surface area. "
"While this is not a huge reduction in surface area, it is one less potential "
"place that malicious code could be loaded. Malicious middleware historically "
"could collect information and/or modify the requests and responses from "
"Keystone."
msgstr ""
"It is no longer possible to, via the ``paste.ini`` file to inject middleware "
"into the running Keystone application. This reduces the attack surface area. "
"While this is not a huge reduction in surface area, it is one less potential "
"place that malicious code could be loaded. Malicious middleware historically "
"could collect information and/or modify the requests and responses from "
"Keystone."

msgid ""
"It is recommended to have the ``healthcheck`` middleware first in the "
"pipeline::"
msgstr ""
"It is recommended to have the ``healthcheck`` middleware first in the "
"pipeline::"

msgid "Keystone Release Notes"
msgstr "Keystone Release Notes"

msgid ""
"Keystone cache backends have been removed in favor of their `oslo.cache` "
"counter-part. This affects:"
msgstr ""
"Keystone cache backends have been removed in favour of their `oslo.cache` "
"counter-part. This affects:"

msgid ""
"Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
"a fork of python-ldap and is a drop-in replacement with modifications to be "
"py3 compatible."
msgstr ""
"Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
"a fork of python-ldap and is a drop-in replacement with modifications to be "
"py3 compatible."

msgid ""
"Keystone now supports authorizing a request token by providing a role name. "
"A `role` in the `roles` parameter can include either a role name or role id, "
"but not both."
msgstr ""
"Keystone now supports authorising a request token by providing a role name. "
"A `role` in the `roles` parameter can include either a role name or role id, "
"but not both."

msgid ""
"Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
"classifiers have been added."
msgstr ""
"Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
"classifiers have been added."

msgid ""
"Keystone now supports encrypted credentials at rest. In order to upgrade "
"successfully to Newton, deployers must encrypt all credentials currently "
"stored before contracting the database. Deployers must run `keystone-manage "
"credential_setup` in order to use the credential API within Newton, or "
"finish the upgrade from Mitaka to Newton. This will result in a service "
"outage for the credential API where credentials will be read-only for the "
"duration of the upgrade process. Once the database is contracted credentials "
"will be writeable again. Database contraction phases only apply to rolling "
"upgrades."
msgstr ""
"Keystone now supports encrypted credentials at rest. In order to upgrade "
"successfully to Newton, deployers must encrypt all credentials currently "
"stored before contracting the database. Deployers must run `keystone-manage "
"credential_setup` in order to use the credential API within Newton, or "
"finish the upgrade from Mitaka to Newton. This will result in a service "
"outage for the credential API where credentials will be read-only for the "
"duration of the upgrade process. Once the database is contracted credentials "
"will be writeable again. Database contraction phases only apply to rolling "
"upgrades."

msgid ""
"Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
"conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
"``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
"See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
"additional documentation."
msgstr ""
"Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
"conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
"``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
"See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
"additional documentation."

msgid ""
"Keystone supports ``$(project_id)s`` in the catalog. It works the same as ``"
"$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalog "
"endpoints should be updated to use ``$(project_id)s``."
msgstr ""
"Keystone supports ``$(project_id)s`` in the catalogue. It works the same as "
"``$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalogue "
"endpoints should be updated to use ``$(project_id)s``."

msgid "Liberty Series Release Notes"
msgstr "Liberty Series Release Notes"

msgid "Mitaka Series Release Notes"
msgstr "Mitaka Series Release Notes"

msgid "New Features"
msgstr "New Features"

msgid "Newton Series Release Notes"
msgstr "Newton Series Release Notes"

msgid ""
"Not specifying a domain during a create user, group or project call, which "
"relied on falling back to the default domain, is now deprecated and will be "
"removed in the N release."
msgstr ""
"Not specifying a domain during a create user, group or project call, which "
"relied on falling back to the default domain, is now deprecated and will be "
"removed in the N release."

msgid ""
"OSprofiler support was added. This cross-project profiling library allows to "
"trace various requests through all OpenStack services that support it. To "
"initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
"added to the CLI command. Configuration and usage details can be foung in "
"[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
"api.html>`_]"
msgstr ""
"OSprofiler support was added. This cross-project profiling library allows to "
"trace various requests through all OpenStack services that support it. To "
"initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
"added to the CLI command. Configuration and usage details can be foung in "
"[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
"api.html>`_]"

msgid ""
"OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
"file needs to be modified to contain osprofiler middleware."
msgstr ""
"OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
"file needs to be modified to contain osprofiler middleware."

msgid "Ocata Series Release Notes"
msgstr "Ocata Series Release Notes"

msgid "Other Notes"
msgstr "Other Notes"

msgid "PKI and PKIz token formats have been removed in favor of Fernet tokens."
msgstr ""
"PKI and PKIz token formats have been removed in favour of Fernet tokens."

msgid "Pike Series Release Notes"
msgstr "Pike Series Release Notes"

msgid "Prelude"
msgstr "Prelude"

msgid ""
"Project tags are implemented following the guidelines set by the `API "
"Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
"html>`_"
msgstr ""
"Project tags are implemented following the guidelines set by the `API "
"Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
"html>`_"

msgid "Queens Series Release Notes"
msgstr "Queens Series Release Notes"

msgid ""
"Routes and SQL backends for the contrib extensions have been removed, they "
"have been incorporated into keystone and are no longer optional. This "
"affects:"
msgstr ""
"Routes and SQL backends for the contrib extensions have been removed, they "
"have been incorporated into Keystone and are no longer optional. This "
"affects:"

msgid ""
"Running keystone in eventlet remains deprecated and will be removed in the "
"Mitaka release."
msgstr ""
"Running Keystone in eventlet remains deprecated and will be removed in the "
"Mitaka release."

msgid ""
"SECURITY INFO: The MFA rules are only processed when authentication happens "
"through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
"circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
"recommended to disable V2 authentication for full enforcement of the MFA "
"rules."
msgstr ""
"SECURITY INFO: The MFA rules are only processed when authentication happens "
"through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
"circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
"recommended to disable V2 authentication for full enforcement of the MFA "
"rules."

msgid ""
"Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
"Only upgrades are supported."
msgstr ""
"Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
"Only upgrades are supported."

msgid "Security Issues"
msgstr "Security Issues"

msgid ""
"See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
"#project-tags>`_"
msgstr ""
"See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
"#project-tags>`_"

msgid ""
"Set the following user attributes to ``True`` or ``False`` in an API "
"request. To mark a user as exempt from the PCI password lockout policy::"
msgstr ""
"Set the following user attributes to ``True`` or ``False`` in an API "
"request. To mark a user as exempt from the PCI password lockout policy::"

msgid ""
"Several configuration options have been deprecated, renamed, or moved to new "
"sections in the ``keystone.conf`` file."
msgstr ""
"Several configuration options have been deprecated, renamed, or moved to new "
"sections in the ``keystone.conf`` file."

msgid ""
"Several features were hardened, including Fernet tokens, federation, domain "
"specific configurations from database and role assignments."
msgstr ""
"Several features were hardened, including Fernet tokens, federation, domain "
"specific configurations from database and role assignments."

msgid ""
"Several token issuance methods from the abstract class ``keystone.token."
"providers.base.Provider`` were removed (see below) in favor of a single "
"method to issue tokens (``issue_token``). If using a custom token provider, "
"updated the custom provider accordingly."
msgstr ""
"Several token issuance methods from the abstract class ``keystone.token."
"providers.base.Provider`` were removed (see below) in favour of a single "
"method to issue tokens (``issue_token``). If using a custom token provider, "
"updated the custom provider accordingly."

msgid ""
"Several token validation methods from the abstract class ``keystone.token."
"providers.base.Provider`` were removed (see below) in favor of a single "
"method to validate tokens (``validate_token``), that has the signature "
"``validate_token(self, token_ref)``. If using a custom token provider, "
"update the custom provider accordingly."
msgstr ""
"Several token validation methods from the abstract class ``keystone.token."
"providers.base.Provider`` were removed (see below) in favour of a single "
"method to validate tokens (``validate_token``), that has the signature "
"``validate_token(self, token_ref)``. If using a custom token provider, "
"update the custom provider accordingly."

msgid ""
"Support for writing to LDAP has been removed. See ``Other Notes`` for more "
"details."
msgstr ""
"Support for writing to LDAP has been removed. See ``Other Notes`` for more "
"details."

msgid ""
"Support has now been added to send notification events on user/group "
"membership. When a user is added or removed from a group a notification will "
"be sent including the identifiers of both the user and the group."
msgstr ""
"Support has now been added to send notification events on user/group "
"membership. When a user is added or removed from a group a notification will "
"be sent including the identifiers of both the user and the group."

msgid ""
"Support was improved for out-of-tree drivers by defining stable driver "
"interfaces."
msgstr ""
"Support was improved for out-of-tree drivers by defining stable driver "
"interfaces."

msgid "Tags are case sensitive"
msgstr "Tags are case sensitive"

msgid ""
"The EC2 token middleware, deprecated in Juno, is no longer available in "
"keystone. It has been moved to the keystonemiddleware package."
msgstr ""
"The EC2 token middleware, deprecated in Juno, is no longer available in "
"Keystone. It has been moved to the keystonemiddleware package."

msgid ""
"The LDAP driver now also maps the user description attribute after user "
"retrieval from LDAP. If this is undesired behavior for your setup, please "
"add `description` to the `user_attribute_ignore` LDAP driver config setting. "
"The default mapping of the description attribute is set to `description`. "
"Please adjust the LDAP driver config setting `user_description_attribute` if "
"your LDAP uses a different attribute name (for instance to `displayName` in "
"case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
"setting contains `description:description` you can remove this mapping, "
"since this is now the default behavior."
msgstr ""
"The LDAP driver now also maps the user description attribute after user "
"retrieval from LDAP. If this is undesired behaviour for your setup, please "
"add `description` to the `user_attribute_ignore` LDAP driver config setting. "
"The default mapping of the description attribute is set to `description`. "
"Please adjust the LDAP driver config setting `user_description_attribute` if "
"your LDAP uses a different attribute name (for instance to `displayName` in "
"case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
"setting contains `description:description` you can remove this mapping, "
"since this is now the default behaviour."

msgid ""
"The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
"users``) call; the options allow an admin to force a user to use specific "
"forms of authentication or combinations of forms of authentication to get a "
"token. The rules are specified as follows::"
msgstr ""
"The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
"users``) call; the options allow an admin to force a user to use specific "
"forms of authentication or combinations of forms of authentication to get a "
"token. The rules are specified as follows::"

msgid ""
"The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
"details."
msgstr ""
"The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
"details."

msgid ""
"The V8 Federation driver interface is deprecated in favor of the V9 "
"Federation driver interface. Support for the V8 Federation driver interface "
"is planned to be removed in the 'O' release of OpenStack."
msgstr ""
"The V8 Federation driver interface is deprecated in favour of the V9 "
"Federation driver interface. Support for the V8 Federation driver interface "
"is planned to be removed in the 'O' release of OpenStack."

msgid ""
"The V8 Resource driver interface is deprecated. Support for the V8 Resource "
"driver interface is planned to be removed in the 'O' release of OpenStack."
msgstr ""
"The V8 Resource driver interface is deprecated. Support for the V8 Resource "
"driver interface is planned to be removed in the 'O' release of OpenStack."

msgid ""
"The XML middleware stub has been removed, so references to it must be "
"removed from the ``keystone-paste.ini`` configuration file."
msgstr ""
"The XML middleware stub has been removed, so references to it must be "
"removed from the ``keystone-paste.ini`` configuration file."

msgid ""
"The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
"deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
"APIs. These APIs were originally marked as deprecated during the Juno "
"release cycle, but we never deprecated using ``versionutils`` from oslo. "
"More information regarding this deprecation can be found in the `patch "
"<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
msgstr ""
"The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
"deprecated in favour of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
"APIs. These APIs were originally marked as deprecated during the Juno "
"release cycle, but we never deprecated using ``versionutils`` from oslo. "
"More information regarding this deprecation can be found in the `patch "
"<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."

msgid ""
"The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
"in favor of strictly immutable domain IDs."
msgstr ""
"The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
"in favour of strictly immutable domain IDs."

msgid ""
"The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
"the ability to change the ``domain_id`` attribute of users, groups, and "
"projects. The behavior was introduced to allow deployers to migrate entities "
"from one domain to another by updating the ``domain_id`` attribute of an "
"entity. This functionality was deprecated in the Mitaka release is now "
"removed."
msgstr ""
"The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
"the ability to change the ``domain_id`` attribute of users, groups, and "
"projects. The behaviour was introduced to allow deployers to migrate "
"entities from one domain to another by updating the ``domain_id`` attribute "
"of an entity. This functionality was deprecated in the Mitaka release is now "
"removed."

msgid ""
"The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
"default assignment driver if one wasn't supplied through configuration has "
"been removed. Keystone only supports one assignment driver and it shouldn't "
"be changed unless you're deploying a custom assignment driver."
msgstr ""
"The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
"default assignment driver if one wasn't supplied through configuration has "
"been removed. Keystone only supports one assignment driver and it shouldn't "
"be changed unless you're deploying a custom assignment driver."

msgid ""
"The ``[endpoint_policy] enabled`` configuration option has been removed in "
"favor of always enabling the endpoint policy extension."
msgstr ""
"The ``[endpoint_policy] enabled`` configuration option has been removed in "
"favour of always enabling the endpoint policy extension."

msgid ""
"The ``[os_inherit] enabled`` config option has been removed, the `OS-"
"INHERIT` extension is now always enabled."
msgstr ""
"The ``[os_inherit] enabled`` config option has been removed, the `OS-"
"INHERIT` extension is now always enabled."

msgid ""
"The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
"default resource driver if one wasn't supplied through configuration has "
"been removed. Keystone only supports one resource driver and it shouldn't be "
"changed unless you're deploying a custom resource driver."
msgstr ""
"The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
"default resource driver if one wasn't supplied through configuration has "
"been removed. Keystone only supports one resource driver and it shouldn't be "
"changed unless you're deploying a custom resource driver."

msgid ""
"The ``[security_compliance] password_expires_ignore_user_ids`` option has "
"been removed. Each user that should ignore password expiry should have the "
"value set to \"true\" in the user's ``options`` attribute (e.g. "
"``user['options']['ignore_password_expiry'] = True``) with a user update "
"call."
msgstr ""
"The ``[security_compliance] password_expires_ignore_user_ids`` option has "
"been removed. Each user that should ignore password expiry should have the "
"value set to \"true\" in the user's ``options`` attribute (e.g. "
"``user['options']['ignore_password_expiry'] = True``) with a user update "
"call."

msgid ""
"The ``compute_port`` configuration option, deprecated in Juno, is no longer "
"available."
msgstr ""
"The ``compute_port`` configuration option, deprecated in Juno, is no longer "
"available."

msgid ""
"The ``enabled`` config option of the ``trust`` feature is deprecated and "
"will be removed in the next release. Trusts will then always be enabled."
msgstr ""
"The ``enabled`` config option of the ``trust`` feature is deprecated and "
"will be removed in the next release. Trusts will then always be enabled."

msgid ""
"The ``httpd/keystone.py`` file has been removed in favor of the ``keystone-"
"wsgi-admin`` and ``keystone-wsgi-public`` scripts."
msgstr ""
"The ``httpd/keystone.py`` file has been removed in favour of the ``keystone-"
"wsgi-admin`` and ``keystone-wsgi-public`` scripts."

msgid ""
"The ``keystone.conf`` file now references entrypoint names for drivers. For "
"example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
"rather than the full module path. See the sample configuration file for "
"other examples."
msgstr ""
"The ``keystone.conf`` file now references entrypoint names for drivers. For "
"example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
"rather than the full module path. See the sample configuration file for "
"other examples."

msgid ""
"The ``keystone/service.py`` file has been removed, the logic has been moved "
"to the ``keystone/version/service.py``."
msgstr ""
"The ``keystone/service.py`` file has been removed, the logic has been moved "
"to the ``keystone/version/service.py``."

msgid ""
"The ``memcache`` and ``memcache_pool`` token persistence backends have been "
"removed in favor of using Fernet tokens (which require no persistence)."
msgstr ""
"The ``memcache`` and ``memcache_pool`` token persistence backends have been "
"removed in favour of using Fernet tokens (which require no persistence)."

msgid ""
"The ``policies`` API is deprecated. Keystone is not a policy management "
"service."
msgstr ""
"The ``policies`` API is deprecated. Keystone is not a policy management "
"service."

msgid ""
"The ``token`` auth method typically should not be specified in any MFA "
"Rules. The ``token`` auth method will include all previous auth methods for "
"the original auth request and will match the appropriate ruleset. This is "
"intentional, as the ``token`` method is used for rescoping/changing active "
"projects."
msgstr ""
"The ``token`` auth method typically should not be specified in any MFA "
"Rules. The ``token`` auth method will include all previous auth methods for "
"the original auth request and will match the appropriate ruleset. This is "
"intentional, as the ``token`` method is used for rescoping/changing active "
"projects."

msgid ""
"The `keystone-paste.ini` file must be updated to remove extension filters, "
"and their use in ``[pipeline:api_v3]``. Remove the following filters: "
"``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
"endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
"sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
"keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
msgstr ""
"The `keystone-paste.ini` file must be updated to remove extension filters, "
"and their use in ``[pipeline:api_v3]``. Remove the following filters: "
"``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
"endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
"sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
"keystone/tree/etc/keystone-paste.ini>`_ file for guidance."

msgid ""
"The `keystone-paste.ini` file must be updated to remove extension filters, "
"and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
"pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
"``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
"openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
"for guidance."
msgstr ""
"The `keystone-paste.ini` file must be updated to remove extension filters, "
"and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
"pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
"``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
"openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
"for guidance."

msgid ""
"The `os_inherit` configuration option is disabled. In the future, this "
"option will be removed and this portion of the API will be always enabled."
msgstr ""
"The `os_inherit` configuration option is disabled. In the future, this "
"option will be removed and this portion of the API will be always enabled."

msgid ""
"The ability to validate a trust-scoped token against the v2.0 API has been "
"removed, in favor of using the version 3 of the API."
msgstr ""
"The ability to validate a trust-scoped token against the v2.0 API has been "
"removed, in favour of using the version 3 of the API."

msgid ""
"The admin_token method of authentication was never intended to be used for "
"any purpose other than bootstrapping an install. However many deployments "
"had to leave the admin_token method enabled due to restrictions on editing "
"the paste file used to configure the web pipelines.  To minimize the risk "
"from this mechanism, the `admin_token` configuration value now defaults to a "
"python `None` value.  In addition, if the value is set to `None`, either "
"explicitly or implicitly, the `admin_token` will not be enabled, and an "
"attempt to use it will lead to a failed authentication."
msgstr ""
"The admin_token method of authentication was never intended to be used for "
"any purpose other than bootstrapping an install. However many deployments "
"had to leave the admin_token method enabled due to restrictions on editing "
"the paste file used to configure the web pipelines.  To minimize the risk "
"from this mechanism, the `admin_token` configuration value now defaults to a "
"python `None` value.  In addition, if the value is set to `None`, either "
"explicitly or implicitly, the `admin_token` will not be enabled, and an "
"attempt to use it will lead to a failed authentication."

msgid ""
"The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
"favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
msgstr ""
"The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
"favour of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."

msgid ""
"The catalog backend ``endpoint_filter.sql`` has been removed. It has been "
"consolidated with the ``sql`` backend, therefore replace the "
"``endpoint_filter.sql`` catalog backend with the ``sql`` backend."
msgstr ""
"The catalogue backend ``endpoint_filter.sql`` has been removed. It has been "
"consolidated with the ``sql`` backend, therefore replace the "
"``endpoint_filter.sql`` catalogue backend with the ``sql`` backend."

msgid ""
"The check for admin token from ``build_auth_context`` middleware has been "
"removed. If your deployment requires the use of `admin token`, update "
"``keystone-paste.ini`` so that ``admin_token_auth`` is before "
"``build_auth_context`` in the paste pipelines, otherwise remove the "
"``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
msgstr ""
"The check for admin token from ``build_auth_context`` middleware has been "
"removed. If your deployment requires the use of `admin token`, update "
"``keystone-paste.ini`` so that ``admin_token_auth`` is before "
"``build_auth_context`` in the paste pipelines, otherwise remove the "
"``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."

msgid ""
"The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
"only used for rolling-upgrade from Ocata release to Pike release."
msgstr ""
"The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
"only used for rolling-upgrade from Ocata release to Pike release."

msgid ""
"The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
"`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
"using LDAP drivers are affected. Additional configuration options are "
"available in the `[ldap]` section to tune connection pool size, etc."
msgstr ""
"The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
"`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
"using LDAP drivers are affected. Additional configuration options are "
"available in the `[ldap]` section to tune connection pool size, etc."

msgid ""
"The credentials list call can now have its results filtered by credential "
"type."
msgstr ""
"The credentials list call can now have its results filtered by credential "
"type."

msgid ""
"The default setting for the `os_inherit` configuration option is changed to "
"True. If it is required to continue with this portion of the API disabled, "
"then override the default setting by explicitly specifying the os_inherit "
"option as False."
msgstr ""
"The default setting for the `os_inherit` configuration option is changed to "
"True. If it is required to continue with this portion of the API disabled, "
"then override the default setting by explicitly specifying the os_inherit "
"option as False."

msgid "The default token provider is now Fernet."
msgstr "The default token provider is now Fernet."

msgid ""
"The external authentication plugins ExternalDefault, ExternalDomain, "
"LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
"available."
msgstr ""
"The external authentication plugins ExternalDefault, ExternalDomain, "
"LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
"available."

msgid ""
"The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
"into the main auth middleware (``keystone.middleware.auth."
"AuthContextMiddleware``)."
msgstr ""
"The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
"into the main auth middleware (``keystone.middleware.auth."
"AuthContextMiddleware``)."

msgid ""
"The identity backend driver interface has changed. A new method, "
"`unset_default_project_id(project_id)`, was added to unset a user's default "
"project ID for a given project ID. Custom backend implementations must "
"implement this method."
msgstr ""
"The identity backend driver interface has changed. A new method, "
"`unset_default_project_id(project_id)`, was added to unset a user's default "
"project ID for a given project ID. Custom backend implementations must "
"implement this method."

msgid ""
"The identity backend driver interface has changed. We've added a new "
"``change_password()`` method for self service password changes. If you have "
"a custom implementation for the identity driver, you will need to implement "
"this new method."
msgstr ""
"The identity backend driver interface has changed. We've added a new "
"``change_password()`` method for self service password changes. If you have "
"a custom implementation for the identity driver, you will need to implement "
"this new method."

msgid ""
"The implementation for checking database state during an upgrade with the "
"use of `keystone-manage db_sync --check` has been corrected. This allows "
"users and automation to determine what step is next in a rolling upgrade "
"based on logging and command status codes."
msgstr ""
"The implementation for checking database state during an upgrade with the "
"use of `keystone-manage db_sync --check` has been corrected. This allows "
"users and automation to determine what step is next in a rolling upgrade "
"based on logging and command status codes."

msgid ""
"The list_project_ids_for_user(), list_domain_ids_for_user(), "
"list_user_ids_for_project(), list_project_ids_for_groups(), "
"list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
"list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
"version of the Assignment driver."
msgstr ""
"The list_project_ids_for_user(), list_domain_ids_for_user(), "
"list_user_ids_for_project(), list_project_ids_for_groups(), "
"list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
"list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
"version of the Assignment driver."

msgid "The method signature has changed from::"
msgstr "The method signature has changed from::"

msgid ""
"The resource backend cannot be configured to anything but SQL if the SQL "
"Identity backend is being used. The resource backend must now be SQL which "
"allows for the use of Foreign Keys to domains/projects wherever desired. "
"This makes managing project relationships and such much more straight "
"forward. The inability to configure non-SQL resource backends has been in "
"Keystone since at least Ocata. This is eliminating some complexity and "
"preventing the need for some really ugly back-port SQL migrations in favor "
"of a better model. Resource is highly relational and should be SQL based."
msgstr ""
"The resource backend cannot be configured to anything but SQL if the SQL "
"Identity backend is being used. The resource backend must now be SQL which "
"allows for the use of Foreign Keys to domains/projects wherever desired. "
"This makes managing project relationships and such much more straight "
"forward. The inability to configure non-SQL resource backends has been in "
"Keystone since at least Ocata. This is eliminating some complexity and "
"preventing the need for some really ugly back-port SQL migrations in favour "
"of a better model. Resource is highly relational and should be SQL based."

msgid ""
"The response's content type for creating request token or access token is "
"changed to `application/x-www-form-urlencoded`, the old value `application/x-"
"www-urlformencoded` is invalid and will no longer be used."
msgstr ""
"The response's content type for creating request token or access token is "
"changed to `application/x-www-form-urlencoded`, the old value `application/x-"
"www-urlformencoded` is invalid and will no longer be used."

msgid ""
"The rules are specified as a list of lists. The elements of the sub-lists "
"must be strings and are intended to mirror the required authentication "
"method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
"conf`` file in the ``[auth] methods`` option."
msgstr ""
"The rules are specified as a list of lists. The elements of the sub-lists "
"must be strings and are intended to mirror the required authentication "
"method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
"conf`` file in the ``[auth] methods`` option."

msgid ""
"The token provider API has removed the ``needs_persistence`` property from "
"the abstract interface. Token providers are expected to handle persistence "
"requirement if needed. This will require out-of-tree token providers to "
"remove the unused property and handle token storage."
msgstr ""
"The token provider API has removed the ``needs_persistence`` property from "
"the abstract interface. Token providers are expected to handle persistence "
"requirement if needed. This will require out-of-tree token providers to "
"remove the unused property and handle token storage."

msgid ""
"The token_formatter utility class has been moved from under fernet to the "
"default token directory. This is to allow for the reuse of functionality "
"with other token providers. Any deployments that are specifically using the "
"fernet utils may be affected and will need to adjust accordingly."
msgstr ""
"The token_formatter utility class has been moved from under fernet to the "
"default token directory. This is to allow for the reuse of functionality "
"with other token providers. Any deployments that are specifically using the "
"fernet utils may be affected and will need to adjust accordingly."

msgid ""
"The trusts table now has an expires_at_int column that represents the "
"expiration time as an integer instead of a datetime object. This will "
"prevent rounding errors related to the way date objects are stored in some "
"versions of MySQL. The expires_at column remains, but will be dropped in "
"Rocky."
msgstr ""
"The trusts table now has an expires_at_int column that represents the "
"expiration time as an integer instead of a datetime object. This will "
"prevent rounding errors related to the way date objects are stored in some "
"versions of MySQL. The expires_at column remains, but will be dropped in "
"Rocky."

msgid ""
"The use of `sha512_crypt` is considered inadequate for password hashing in "
"an application like Keystone. The use of bcrypt or scrypt is recommended to "
"ensure protection against password cracking utilities if the hashes are "
"exposed. This is due to Time-Complexity requirements for computing the "
"hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
"moved to bcrypt as a default and no longer hashes new passwords (and "
"password changes) with sha512_crypt. It is recommended passwords be changed "
"after upgrade to Pike. The risk of password hash exposure is limited, but "
"for the best possible protection against cracking the hash it is recommended "
"passwords be changed after upgrade. The password change will then result in "
"a more secure hash (bcrypt by default) being used to store the password in "
"the DB."
msgstr ""
"The use of `sha512_crypt` is considered inadequate for password hashing in "
"an application like Keystone. The use of bcrypt or scrypt is recommended to "
"ensure protection against password cracking utilities if the hashes are "
"exposed. This is due to Time-Complexity requirements for computing the "
"hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
"moved to bcrypt as a default and no longer hashes new passwords (and "
"password changes) with sha512_crypt. It is recommended passwords be changed "
"after upgrade to Pike. The risk of password hash exposure is limited, but "
"for the best possible protection against cracking the hash it is recommended "
"passwords be changed after upgrade. The password change will then result in "
"a more secure hash (bcrypt by default) being used to store the password in "
"the DB."

msgid ""
"The use of admin_token filter is insecure compared to the use of a proper "
"username/password. Historically the admin_token filter has been left enabled "
"in Keystone after initialization due to the way CMS systems work. Moving to "
"an out-of-band initialization using ``keystone-manage bootstrap`` will "
"eliminate the security concerns around a static shared string that conveys "
"admin access to keystone and therefore to the entire installation."
msgstr ""
"The use of admin_token filter is insecure compared to the use of a proper "
"username/password. Historically the admin_token filter has been left enabled "
"in Keystone after initialisation due to the way CMS systems work. Moving to "
"an out-of-band initialisation using ``keystone-manage bootstrap`` will "
"eliminate the security concerns around a static shared string that conveys "
"admin access to Keystone and therefore to the entire installation."

msgid ""
"Third-party extensions that extend the abstract class "
"(``ShadowUsersDriverBase``) should be updated according to the new parameter "
"names."
msgstr ""
"Third-party extensions that extend the abstract class "
"(``ShadowUsersDriverBase``) should be updated according to the new parameter "
"names."

msgid ""
"This release adds support for Application Credentials, a new way to allow "
"applications and automated tooling to authenticate with keystone. Rather "
"than storing a username and password in an application's config file, which "
"can pose security risks, you can now create an application credential to "
"allow an application to authenticate and acquire a preset scope and role "
"assignments. This is especially useful for LDAP and federated users, who can "
"now delegate their cloud management tasks to a keystone-specific resource, "
"rather than share their externally managed credentials with keystone and "
"risk a compromise of those external systems. Users can delegate a subset of "
"their role assignments to an application credential, allowing them to "
"strategically limit their application's access to the minimum needed. Unlike "
"passwords, a user can have more than one active application credential, "
"which means they can be rotated without causing downtime for the "
"applications using them."
msgstr ""
"This release adds support for Application Credentials, a new way to allow "
"applications and automated tooling to authenticate with keystone. Rather "
"than storing a username and password in an application's config file, which "
"can pose security risks, you can now create an application credential to "
"allow an application to authenticate and acquire a preset scope and role "
"assignments. This is especially useful for LDAP and federated users, who can "
"now delegate their cloud management tasks to a keystone-specific resource, "
"rather than share their externally managed credentials with keystone and "
"risk a compromise of those external systems. Users can delegate a subset of "
"their role assignments to an application credential, allowing them to "
"strategically limit their application's access to the minimum needed. Unlike "
"passwords, a user can have more than one active application credential, "
"which means they can be rotated without causing downtime for the "
"applications using them."

msgid "To mark a user as exempt from the PCI password expiry policy::"
msgstr "To mark a user as exempt from the PCI password expiry policy::"

msgid "To mark a user as exempt from the PCI reset policy::"
msgstr "To mark a user as exempt from the PCI reset policy::"

msgid "To mark a user exempt from the MFA Rules::"
msgstr "To mark a user exempt from the MFA Rules::"

msgid "To the properly written::"
msgstr "To the properly written::"

msgid "To::"
msgstr "To::"

msgid ""
"Token persistence driver/code (SQL) is deprecated with this patch since it "
"is only used by the UUID token provider.."
msgstr ""
"Token persistence driver/code (SQL) is deprecated with this patch since it "
"is only used by the UUID token provider.."

msgid "Tokens can now be cached when issued."
msgstr "Tokens can now be cached when issued."

msgid ""
"UUID token provider ``[token] provider=uuid`` has been deprecated in favor "
"of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
"the default UUID tokens can be slated for removal in the R release. This "
"also deprecates token-bind support as it was never implemented for fernet."
msgstr ""
"UUID token provider ``[token] provider=uuid`` has been deprecated in favour "
"of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
"the default UUID tokens can be slated for removal in the R release. This "
"also deprecates token-bind support as it was never implemented for fernet."

msgid "Upgrade Notes"
msgstr "Upgrade Notes"

msgid ""
"Use of ``$(tenant_id)s`` in the catalog endpoints is deprecated in favor of "
"``$(project_id)s``."
msgstr ""
"Use of ``$(tenant_id)s`` in the catalogue endpoints is deprecated in favour "
"of ``$(project_id)s``."

msgid ""
"Using LDAP as the resource backend, i.e for projects and domains, is now "
"deprecated and will be removed in the Mitaka release."
msgstr ""
"Using LDAP as the resource backend, i.e for projects and domains, is now "
"deprecated and will be removed in the Mitaka release."

msgid ""
"Using the full path to the driver class is deprecated in favor of using the "
"entrypoint. In the Mitaka release, the entrypoint must be used."
msgstr ""
"Using the full path to the driver class is deprecated in favour of using the "
"entrypoint. In the Mitaka release, the entrypoint must be used."

msgid ""
"We have added the ``password_expires_at`` attribute to the user response "
"object."
msgstr ""
"We have added the ``password_expires_at`` attribute to the user response "
"object."

msgid ""
"We now expose entrypoints for the ``keystone-manage`` command instead of a "
"file."
msgstr ""
"We now expose entrypoints for the ``keystone-manage`` command instead of a "
"file."

msgid ""
"Write support for the LDAP has been removed in favor of read-only support. "
"The following operations are no longer supported for LDAP:"
msgstr ""
"Write support for the LDAP has been removed in favour of read-only support. "
"The following operations are no longer supported for LDAP:"

msgid ""
"[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
"new PCI-DSS feature that will require users to immediately change their "
"password upon first use for new users and after an administrative password "
"reset. The new feature can be enabled by setting [security_compliance] "
"``change_password_upon_first_use`` to ``True``."
msgstr ""
"[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
"new PCI-DSS feature that will require users to immediately change their "
"password upon first use for new users and after an administrative password "
"reset. The new feature can be enabled by setting [security_compliance] "
"``change_password_upon_first_use`` to ``True``."

msgid ""
"[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
"default policy for listing revocation events has changed. Previously, any "
"authenticated user could list revocation events; it is now, by default, an "
"admin or service user only function. This can be changed by modifying the "
"policy file being used by keystone."
msgstr ""
"[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
"default policy for listing revocation events has changed. Previously, any "
"authenticated user could list revocation events; it is now, by default, an "
"admin or service user only function. This can be changed by modifying the "
"policy file being used by Keystone."

msgid ""
"[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
"+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
"in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
"json``. From::"
msgstr ""
"[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
"+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
"in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
"json``. From::"

msgid ""
"[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
"allow-expired>`_] An `allow_expired` flag is added to the token validation "
"call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
"expired. This allows for validating tokens in long running operations."
msgstr ""
"[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
"allow-expired>`_] An `allow_expired` flag is added to the token validation "
"call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
"expired. This allows for validating tokens in long running operations."

msgid ""
"[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
"allow-expired>`_] To allow long running operations to complete services must "
"be able to fetch expired tokens via the ``allow_expired`` flag. The length "
"of time a token is retrievable for beyond its traditional expiry is managed "
"by the ``[token] allow_expired_window`` option and so the data must be "
"retrievable for this about of time. When using fernet tokens this means that "
"the key rotation period must exceed this time so that older tokens are still "
"decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
"expiration`` + ``[token] allow_expired_window`` seconds."
msgstr ""
"[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
"allow-expired>`_] To allow long running operations to complete services must "
"be able to fetch expired tokens via the ``allow_expired`` flag. The length "
"of time a token is retrievable for beyond its traditional expiry is managed "
"by the ``[token] allow_expired_window`` option and so the data must be "
"retrievable for this about of time. When using fernet tokens this means that "
"the key rotation period must exceed this time so that older tokens are still "
"decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
"expiration`` + ``[token] allow_expired_window`` seconds."

msgid ""
"[`blueprint application-credentials <https://blueprints.launchpad.net/"
"keystone/+spec/application-credentials>`_] Users can now create Application "
"Credentials, a new keystone resource that can provide an application with "
"the means to get a token from keystone with a preset scope and role "
"assignments. To authenticate with an application credential, an application "
"can use the normal token API with the 'application_credential' auth method."
msgstr ""
"[`blueprint application-credentials <https://blueprints.launchpad.net/"
"keystone/+spec/application-credentials>`_] Users can now create Application "
"Credentials, a new keystone resource that can provide an application with "
"the means to get a token from keystone with a preset scope and role "
"assignments. To authenticate with an application credential, an application "
"can use the normal token API with the 'application_credential' auth method."

msgid ""
"[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
"bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
"so that a keystone install can be initialized without the need of the "
"admin_token filter in the paste-ini."
msgstr ""
"[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
"bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
"so that a keystone install can be initialised without the need of the "
"admin_token filter in the paste-ini."

msgid ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
"and PKIz token formats have been deprecated. They will be removed in the 'O' "
"release. Due to this change, the `hash_algorithm` option in the `[token]` "
"section of the configuration file has also been deprecated. Also due to this "
"change, the ``keystone-manage pki_setup`` command has been deprecated as "
"well."
msgstr ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
"and PKIz token formats have been deprecated. They will be removed in the 'O' "
"release. Due to this change, the `hash_algorithm` option in the `[token]` "
"section of the configuration file has also been deprecated. Also due to this "
"change, the ``keystone-manage pki_setup`` command has been deprecated as "
"well."

msgid ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
"auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
"recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
"``saml2`` plugin will be removed in the 'O' release."
msgstr ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
"auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
"recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
"``saml2`` plugin will be removed in the 'O' release."

msgid ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
"simple_cert_extension is deprecated since it is only used in support of the "
"PKI and PKIz token formats.  It will be removed in the 'O' release."
msgstr ""
"[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
"keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
"simple_cert_extension is deprecated since it is only used in support of the "
"PKI and PKIz token formats.  It will be removed in the 'O' release."

msgid ""
"[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
"was introduced in Queens that resulted in system role assignments being "
"returned when querying the role assignments API for a specific role. The "
"issue is fixed and the list of roles returned from ``GET /v3/"
"role_assignments?role.id={role_id}`` respects system role assignments."
msgstr ""
"[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
"was introduced in Queens that resulted in system role assignments being "
"returned when querying the role assignments API for a specific role. The "
"issue is fixed and the list of roles returned from ``GET /v3/"
"role_assignments?role.id={role_id}`` respects system role assignments."

msgid ""
"[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
"system role assignment will be removed when the user is deleted."
msgstr ""
"[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
"system role assignment will be removed when the user is deleted."

msgid ""
"[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
"group's system role assignments are removed when the group is deleted."
msgstr ""
"[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
"group's system role assignments are removed when the group is deleted."

msgid ""
"[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
"now can have the resource option ``lock_password`` set which prevents the "
"user from utilizing the self-service password change API. Valid values are "
"``True``, ``False``, or \"None\" (where ``None`` clears the option)."
msgstr ""
"[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
"now can have the resource option ``lock_password`` set which prevents the "
"user from utilizing the self-service password change API. Valid values are "
"``True``, ``False``, or \"None\" (where ``None`` clears the option)."

msgid ""
"[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
"filtering projects based on tags, the filtering will now be performed by "
"matching a subset containing the given tags against projects, rather than "
"exact matching. Providing more tags when performing a search will yield more "
"exact results while less will return any projects that match the given tags "
"but could contain other tags as well."
msgstr ""
"[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
"filtering projects based on tags, the filtering will now be performed by "
"matching a subset containing the given tags against projects, rather than "
"exact matching. Providing more tags when performing a search will yield more "
"exact results while less will return any projects that match the given tags "
"but could contain other tags as well."

msgid ""
"[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
"previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
"command would purge all mapping incorrectly instead of only purging the "
"specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
"`` now purges only specified type mappings as expected."
msgstr ""
"[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
"previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
"command would purge all mapping incorrectly instead of only purging the "
"specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
"`` now purges only specified type mappings as expected."

msgid ""
"[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
"``keystone-manage token_flush`` command no longer establishes a connection "
"to a database, or persistence backend. It's usage should be removed if "
"you're using a supported non-persistent token format. If you're relying on "
"external token providers that write tokens to disk and would like to "
"maintain this functionality, please consider porting it to a separate tool."
msgstr ""
"[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
"``keystone-manage token_flush`` command no longer establishes a connection "
"to a database, or persistence backend. It's usage should be removed if "
"you're using a supported non-persistent token format. If you're relying on "
"external token providers that write tokens to disk and would like to "
"maintain this functionality, please consider porting it to a separate tool."

msgid ""
"[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
"deleting a shadow user, the related cache info is not invalidated so that "
"Keystone will raise 404 UserNotFound error when authenticating with the "
"previous federation info. This bug has been fixed now."
msgstr ""
"[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
"deleting a shadow user, the related cache info is not invalidated so that "
"Keystone will raise 404 UserNotFound error when authenticating with the "
"previous federation info. This bug has been fixed now."

msgid "``delete group``"
msgstr "``delete group``"

msgid "``delete user``"
msgstr "``delete user``"

msgid "``issue_v2_token``"
msgstr "``issue_v2_token``"

msgid "``issue_v3_token``"
msgstr "``issue_v3_token``"

msgid ""
"``keystone-manage db_sync`` will no longer create the Default domain. This "
"domain is used as the domain for any users created using the legacy v2.0 "
"API. A default domain is created by ``keystone-manage bootstrap`` and when a "
"user or project is created using the legacy v2.0 API."
msgstr ""
"``keystone-manage db_sync`` will no longer create the Default domain. This "
"domain is used as the domain for any users created using the legacy v2.0 "
"API. A default domain is created by ``keystone-manage bootstrap`` and when a "
"user or project is created using the legacy v2.0 API."

msgid "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"
msgstr "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"

msgid "``keystone.common.kvs.backends.memcached.MemcachedBackend``"
msgstr "``keystone.common.kvs.backends.memcached.MemcachedBackend``"

msgid "``keystone.token.persistence.backends.kvs.Token``"
msgstr "``keystone.token.persistence.backends.kvs.Token``"

msgid "``keystone/common/cache/backends/memcache_pool``"
msgstr "``keystone/common/cache/backends/memcache_pool``"

msgid "``keystone/common/cache/backends/mongo``"
msgstr "``keystone/common/cache/backends/mongo``"

msgid "``keystone/common/cache/backends/noop``"
msgstr "``keystone/common/cache/backends/noop``"

msgid "``keystone/contrib/admin_crud``"
msgstr "``keystone/contrib/admin_crud``"

msgid "``keystone/contrib/endpoint_filter``"
msgstr "``keystone/contrib/endpoint_filter``"

msgid "``keystone/contrib/federation``"
msgstr "``keystone/contrib/federation``"

msgid "``keystone/contrib/oauth1``"
msgstr "``keystone/contrib/oauth1``"

msgid "``keystone/contrib/revoke``"
msgstr "``keystone/contrib/revoke``"

msgid "``keystone/contrib/simple_cert``"
msgstr "``keystone/contrib/simple_cert``"

msgid "``keystone/contrib/user_crud``"
msgstr "``keystone/contrib/user_crud``"

msgid ""
"``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
"added to SAML assertion in order to map user and project domains, "
"respectively."
msgstr ""
"``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
"added to SAML assertion in order to map user and project domains, "
"respectively."

msgid "``remove user from group``"
msgstr "``remove user from group``"

msgid "``update group``"
msgstr "``update group``"

msgid "``update user``"
msgstr "``update user``"

msgid "``validate_non_persistent_token``"
msgstr "``validate_non_persistent_token``"

msgid "``validate_v2_token``"
msgstr "``validate_v2_token``"

msgid "``validate_v3_token``"
msgstr "``validate_v3_token``"

msgid "all config options under ``[kvs]`` in `keystone.conf`"
msgstr "all config options under ``[kvs]`` in `keystone.conf`"

msgid "and will return a list of mappings for a given domain ID."
msgstr "and will return a list of mappings for a given domain ID."

msgid "eq - password expires at the timestamp"
msgstr "eq - password expires at the timestamp"

msgid "gt - password expires after the timestamp"
msgstr "gt - password expires after the timestamp"

msgid "gte - password expires at or after the timestamp"
msgstr "gte - password expires at or after the timestamp"

msgid "lt - password expires before the timestamp"
msgstr "lt - password expires before the timestamp"

msgid "lte - password expires at or before timestamp"
msgstr "lte - password expires at or before timestamp"

msgid "neq - password expires not at the timestamp"
msgstr "neq - password expires not at the timestamp"

msgid ""
"stats_monitoring and stats_reporting paste filters have been removed, so "
"references to it must be removed from the ``keystone-paste.ini`` "
"configuration file."
msgstr ""
"stats_monitoring and stats_reporting paste filters have been removed, so "
"references to it must be removed from the ``keystone-paste.ini`` "
"configuration file."

msgid "the config option ``[memcached] servers`` in `keystone.conf`"
msgstr "the config option ``[memcached] servers`` in `keystone.conf`"

msgid "to::"
msgstr "to::"