From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 29 May 2017 11:02:04 +0000 (+1200)
Subject: Translations: update .po and .pot to latest texts
X-Git-Tag: M-staged-PR71~152
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=22f51801c5fecbf0d846e606d30ee14e4f0b5efd;p=thirdparty%2Fsquid.git

Translations: update .po and .pot to latest texts

Also, update the updater script for new helper locations after squid-4-14516

And fix one typo in the purge.8 manual.
---

diff --git a/doc/manuals/ar.po b/doc/manuals/ar.po
index 035840ae29..e53fb07e16 100644
--- a/doc/manuals/ar.po
+++ b/doc/manuals/ar.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2013-10-31 11:22+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Arabic <ar@li.org>\n"
@@ -21,406 +21,687 @@ msgstr ""
 "X-Launchpad-Export-Date: 2009-07-22 09:52+0000\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
 msgstr ""
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 2.0"
+msgstr "النسخة 1.0"
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr ""
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr "وصف"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-msgid "- Allows authentication of all known local users"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-msgid "- Allows authentication through nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-msgid "- Can handle NIS(+) requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-msgid "- Can handle LDAP requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-msgid "- Can handle PAM requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
+msgstr "خيارات"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
+msgid ""
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid ""
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid ""
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr "ترخيص"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr "حقوق الطبع"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr "تقرير عن ثغرة"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
 "SquidFaq/BugReporting for details of what you need to include with your bug "
@@ -428,3385 +709,3767 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
 "orgE<gt>>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr "قرآءه الكُل"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
+msgid "port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+#, fuzzy
+msgid "LDAP version"
+msgstr "النسخة 1.0"
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
-msgid "port"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
-msgstr "خيارات"
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
-msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
-msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
 msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
 msgid "B<base> object only,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
 msgid "B<one> level below the base object or"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
 msgid "B<sub>tree below the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
 msgstr ""
 
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
+msgid ""
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
+msgid ""
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
+msgstr "النسخة 1.0"
+
+#. type: Plain text
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
+msgid ""
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
 msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
-msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
-msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
 msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
 msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
 msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
-msgstr ""
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.3.0sq"
+msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
+msgid ""
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
 msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
+msgid ""
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
+msgid ""
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
-msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
+msgid ""
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
-msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
 msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
-msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
-msgstr ""
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+#, fuzzy
+msgid "LDAP server bind path."
+msgstr "B<-s >I<service-name>"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
+msgid ""
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
 msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
-msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
 msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
 msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
 #, no-wrap
-msgid "NOTES"
+msgid ""
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
+msgid ""
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
+msgid ""
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+msgid ""
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
+msgid ""
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
 msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
-msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
-msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+#, fuzzy
+msgid "Version 2.18"
+msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+msgid "base-DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
-msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+msgid "server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
-msgid ""
-"Specifies the port number or service name where the helper should connect."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-msgid "Specifies the RADIUS request timeout."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
+msgid ""
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
+msgid ""
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
-msgstr "النسخة 1.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
-msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
 msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
 msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
+msgid ""
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
+msgid ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-msgid "Basic authentication protocol"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 2.0"
-msgstr "النسخة 1.0"
-
-#. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
+msgid ""
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
+msgid ""
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
 msgstr ""
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
-msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
-msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
-msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
 msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
-msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
 msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
-msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
-msgstr ""
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.22"
+msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
-msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-msgid "file"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
-msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
 msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
+msgid ""
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
-msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
-msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+#: src/acl/external/session/ext_session_acl.8:5
+msgid "ext_session_acl - Squid session tracking external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/session/ext_session_acl.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.2"
+msgstr "النسخة 1.0"
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
-msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
+#: src/acl/external/session/ext_session_acl.8:36
 msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:49
 msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
+#: src/acl/external/session/ext_session_acl.8:62
+msgid ""
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
+#: src/acl/external/session/ext_session_acl.8:72
+msgid ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
+#: src/acl/external/session/ext_session_acl.8:79
+msgid ""
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/session/ext_session_acl.8:81
+msgid "Passive session configuration example using the default automatic mode"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/session/ext_session_acl.8:94
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
+msgid ""
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
+msgid ""
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
 msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
 msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
-msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
 msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
-msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
+msgid ""
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
 msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
-msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
+msgid ""
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
+msgid ""
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-#, fuzzy
-msgid "LDAP version"
-msgstr "النسخة 1.0"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
+msgid ""
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
+msgid ""
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
+msgid ""
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
+msgid ""
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
+msgid ""
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
+msgid ""
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
+msgid ""
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
 msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
+msgid ""
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
+msgid ""
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
+msgid ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+msgid "- Allows authentication of all known local users"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+msgid "- Allows authentication through nsswitch.conf"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+msgid "- Can handle NIS(+) requests"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+msgid "- Can handle LDAP requests"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+msgid "- Can handle PAM requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
+msgid ""
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
 msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
+msgid ""
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
+msgid ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
 msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
+msgid ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
+msgid ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 msgstr ""
 
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 1.3.0sq"
-msgstr "النسخة 1.0"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
+msgid ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
 msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
+msgid ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
+msgid ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
+msgid ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
+msgid ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
+msgid ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
+msgid ""
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
+msgid ""
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
+msgid ""
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
+msgid ""
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
+msgid ""
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
+msgid ""
+"B<basic_ncsa_auth> must have access to the password file to be executed."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
+msgid ""
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
+msgid ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
+msgid ""
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:18
+msgid ""
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:33
+msgid ""
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:38
+msgid ""
+"Do not perform the PAM account management group (account expiration etc)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
+#: src/auth/basic/PAM/basic_pam_auth.8:52
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:56
 msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
+msgstr ""
+
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
+#: src/auth/basic/PAM/basic_pam_auth.8:64
 msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
-msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
-msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
+msgid ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
+msgid ""
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-#, fuzzy
-msgid "LDAP server bind path."
-msgstr "B<-s >I<service-name>"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
+msgid ""
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
 msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+msgid "Specifies the RADIUS request timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
-msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
-msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
+msgid ""
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
-#, no-wrap
-msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
 #, no-wrap
-msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+msgid " - use PAM authentication database\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
+#, no-wrap
 msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
 #, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
+msgid ""
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
-msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
-msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
+msgid ""
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-#, fuzzy
-msgid "Version 2.17"
-msgstr "النسخة 1.0"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
-msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
-msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
+msgid ""
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
+msgid ""
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
+msgid ""
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
+#, no-wrap
 msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
-msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
-msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+#: src/auth/digest/file/digest_file_auth.8:5
+msgid "digest_file_auth - File based digest authentication helper for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.1"
+msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
-msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+msgid "file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/digest/file/digest_file_auth.8:17
+msgid ""
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
+#: src/auth/digest/file/digest_file_auth.8:20
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
-msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
-msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/digest/file/digest_file_auth.8:51
+msgid ""
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
+#: src/auth/digest/file/digest_file_auth.8:59
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
 #, fuzzy
 #| msgid "Version 1.0"
-msgid "Version 1.22"
+msgid "Version 3.0.4sq"
 msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
+msgid ""
+"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
+"authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
+msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
+msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+"This helper is intended to be used as an B<authentication> helper in B<squid."
+"conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
+msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
+msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
+msgid ""
+"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
+"(usually only possible in a 5 minute window) . If squid is under high load "
+"with Negotiate(Kerberos) proxy authentication requests the replay cache "
+"checks can create high CPU load. If the environment does not require high "
+"security the replay cache check can be disabled for MIT based Kerberos "
+"implementations by adding the below to the startup script or use the -t none "
+"option."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
+msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
 msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+"If negotiate_kerberos_auth doesn't determine for some reason the right "
+"service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
+"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
+"option with negotiate_kerberos_auth."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
+"Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
+msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
+msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 1.2"
-msgstr "النسخة 1.0"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
+msgid ""
+"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
+"provides native access to the Security Service Provider Interface of Windows "
+"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
+"NEGOTIATE packets."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
+msgid "Specify a Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
-msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
+msgid "Enables verbose NTLM packet debugging."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
+msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
 msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+"Optionally the authenticator can verify the NT LOCAL group membership of the "
+"user against the User Group specified in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it, it works only with MACHINE "
+"Local Groups, not Domain Local Groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
 msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+"Better group checking is available with external ACL, see B<ext_ad_group_acl."
+"exe> documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-msgid "Passive session configuration example using the default automatic mode"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
+msgid "B<squid.conf> typical minimal required changes:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
+msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"Internet Explorer has some problems with B<ftp://> URLs when handling "
+"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
+"when placed before the authentication ACL:"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
+msgid "Based on prior work in by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-msgid "Squid time quota external acl helper."
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
-msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
-msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
-msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
-msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
 msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
+msgid ""
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
+msgid ""
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
+msgid ""
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
-msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
-msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
+msgid ""
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
 msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
 msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
 msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+msgid "For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
-msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+#: src/squid.8.in:5
+msgid "squid - HTTP web proxy caching server"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
-#, no-wrap
-msgid "IMPLEMENTATION"
+#. type: Plain text
+#: src/squid.8.in:11
+msgid "facility"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
-msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+#: src/squid.8.in:13
+msgid "config-file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
-msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+#: src/squid.8.in:17
+msgid "signal"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
-msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
-msgstr ""
+#: src/squid.8.in:19
+#, fuzzy
+msgid "service-name"
+msgstr "B<-s >I<service-name>"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
-msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+#: src/squid.8.in:21
+msgid "command-line"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
+#. type: Plain text
+#: src/squid.8.in:30
+msgid ""
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
+#: src/squid.8.in:34
 msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
+#: src/squid.8.in:39
 msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
+#: src/squid.8.in:47
 msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
+#: src/squid.8.in:49
+msgid "Squid is derived from the ARPA-funded Harvest Project."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
+#: src/squid.8.in:55
+msgid ""
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/squid.8.in:64
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
+#: src/squid.8.in:68
+msgid "Do not catch fatal signals."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
+#: src/squid.8.in:72
+msgid "Write debugging to stderr also."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
+#: src/squid.8.in:84
 msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+#: src/squid.8.in:88
+msgid "Don't serve any requests until store is rebuilt."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
-msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+#: src/squid.8.in:92
+msgid "Print help message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
+#: src/squid.8.in:98
+msgid "Install as a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
+#: src/squid.8.in:105
+msgid ""
+"Parse configuration file, then send signal to running copy (except B<-k "
+"parse> ) and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 3.0.4sq"
-msgstr "النسخة 1.0"
+#: src/squid.8.in:110
+msgid "Use specified syslog facility. Implies B<-s>"
+msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/squid.8.in:115
 msgid ""
-"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
-"authenticate users via the Negotiate protocol and Kerberos."
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
-msgid "Remove realm from username before returning the username to squid."
+#: src/squid.8.in:119
+msgid "No daemon mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
-msgid "Provide Service Principal Name."
+#: src/squid.8.in:125
+msgid ""
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
-msgid ""
-"This helper is intended to be used as an B<authentication> helper in B<squid."
-"conf.>"
+#: src/squid.8.in:129
+msgid "Set Windows Service Command line options in Registry."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
-msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
+#: src/squid.8.in:135
+msgid "Remove a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
-msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
+#: src/squid.8.in:141
+msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
+#: src/squid.8.in:146
 msgid ""
-"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
-"(usually only possible in a 5 minute window) . If squid is under high load "
-"with Negotiate(Kerberos) proxy authentication requests the replay cache "
-"checks can create high CPU load. If the environment does not require high "
-"security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
-msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
+#: src/squid.8.in:150
+msgid "Double-check swap during rebuild."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
-msgid ""
-"If negotiate_kerberos_auth doesn't determine for some reason the right "
-"service principal you can provide it with -s HTTP/fqdn."
+#: src/squid.8.in:154
+msgid "Specify ICP port number (default: 3130), disable with 0."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
-msgid ""
-"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
-"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
-"option with negotiate_kerberos_auth."
+#: src/squid.8.in:158
+msgid "Print version and build details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
-msgid ""
-"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
-"Windows,"
+#: src/squid.8.in:162
+msgid "Force full debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
-msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
+#: src/squid.8.in:170
+msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
-msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
+#: src/squid.8.in:178
+msgid ""
+"Create missing swap directories and other missing cache_dir structures, then "
+"exit. All cache_dir types create the configured top-level directory if it is "
+"missing. Other actions are type-specific. For example, ufs-based storage "
+"systems create missing L1 and L2 directories while Rock creates the missing "
+"database file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
+#: src/squid.8.in:183
 msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+"This option does not enable validation of any present swap structures. Its "
+"focus is on creation of missing pieces. If nothing is missing, squid -z just "
+"exits. If you suspect cache_dir corruption, you must delete the top-level "
+"cache_dir directory before running squid -z."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/squid.8.in:188
 msgid ""
-"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
-"provides native access to the Security Service Provider Interface of Windows "
-"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
-"NEGOTIATE packets."
+"By default, squid -z runs in daemon mode (so that configuration macros and "
+"other SMP features work as expected). Use B<-N> option to overwrite this."
+msgstr ""
+
+#. type: SH
+#: src/squid.8.in:189
+#, no-wrap
+msgid "FILES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
-msgid "Specify a Windows Local Group name allowed to authenticate."
+#: src/squid.8.in:191
+msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/squid.8.in:197
 msgid ""
-"Specify a Windows Local Group name which is to be denied authentication."
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
-msgid "Enables verbose NTLM packet debugging."
+#: src/squid.8.in:201 src/squid.8.in:207
+msgid ""
+"Reference copy of the configuration file. Always kept up to date with the "
+"version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
-msgid "B<Allowing Users>"
+#: src/squid.8.in:203
+msgid ""
+"Use this to look up the default configuration settings and syntax after "
+"upgrading."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: src/squid.8.in:212
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights \"logon from the network\"."
+"Use this to read the documentation for configuration options available in "
+"your build of Squid. The online configuration manual is also available for a "
+"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
-msgid ""
-"Optionally the authenticator can verify the NT LOCAL group membership of the "
-"user against the User Group specified in the Authenticator's command line."
+#: src/squid.8.in:217
+msgid "The main configuration file for the web B<cachemgr.cgi> tools."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
-msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it, it works only with MACHINE "
-"Local Groups, not Domain Local Groups."
+#: src/squid.8.in:220
+msgid "The main configuration file for the Sample MSNT authenticator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: src/squid.8.in:225
 msgid ""
-"Better group checking is available with external ACL, see B<ext_ad_group_acl."
-"exe> documentation."
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
-msgid "B<squid.conf> typical minimal required changes:"
+#: src/squid.8.in:228
+msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
-msgid "Refer to Squid documentation for more details."
+#: src/squid.8.in:231
+msgid "MIME type mappings for FTP gatewaying"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
-msgid ""
-"Internet Explorer has some problems with B<ftp://> URLs when handling "
-"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
-"when placed before the authentication ACL:"
+#: src/squid.8.in:234
+msgid "Location of Squid error pages and templates."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
-msgid "Based on prior work in by"
+#: src/squid.8.in:237
+msgid ""
+"Squid was written over many years by a changing team of developers and "
+"maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
+#: src/squid.8.in:244
+msgid ""
+"With contributions from many others in the Squid community.  see "
+"CONTRIBUTORS for a full list of individuals who contributed code.  see "
+"CREDITS for a list of major code contributing copyright holders."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:13
-msgid "facility"
+#: tools/cachemgr.cgi.8.in:5
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:15
-msgid "config-file"
+#: tools/cachemgr.cgi.8.in:16
+msgid ""
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:19
-msgid "signal"
+#: tools/cachemgr.cgi.8.in:20
+msgid ""
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:21
-#, fuzzy
-msgid "service-name"
-msgstr "B<-s >I<service-name>"
+#: tools/cachemgr.cgi.8.in:32
+msgid ""
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:23
-msgid "command-line"
+#: tools/cachemgr.cgi.8.in:36
+msgid ""
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
+msgstr ""
+
+#. type: SH
+#: tools/cachemgr.cgi.8.in:41
+#, no-wrap
+msgid "SECURITY"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
+"Derived from Harvest. Further developed by numerous individuals from the "
+"internet community. Development is led by Duane Wessels of the National "
+"Laboratory for Applied Network Research and funded by the National Science "
+"Foundation."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
 msgid ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
+"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
+"you need to include with your bug report."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:51
-msgid "Squid is derived from the ARPA-funded Harvest Project."
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: tools/purge/purge.1:21
 msgid ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: tools/purge/purge.1:23
 msgid ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
+"This is a tool for expert usage only, use it under your own responsibility."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:70
-msgid "Do not catch fatal signals."
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:74
-msgid "Write debugging to stderr also."
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: tools/purge/purge.1:43
 msgid ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:90
-msgid "Don't serve any requests until store is rebuilt."
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:94
-msgid "Print help message."
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
-msgid "Install as a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: tools/purge/purge.1:56
 msgid ""
-"Parse configuration file, then send signal to running copy (except B<-k "
-"parse> ) and exit."
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
-msgid "Use specified syslog facility. Implies B<-s>"
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: tools/purge/purge.1:63
 msgid ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:121
-msgid "No daemon mode."
+#: tools/purge/purge.1:65
+msgid "default: 0"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:125
-msgid "Set Windows Service Command line options in Registry."
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
-msgid "Remove a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:137
-msgid "Do not set B<REUSEADDR> on port."
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: tools/purge/purge.1:91
 msgid ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:146
-msgid "Double-check swap during rebuild."
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
-msgid "Specify ICP port number (default: 3130), disable with 0."
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
-msgid "Print version and build details."
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
-msgid "Force full debugging."
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
-msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: tools/purge/purge.1:125
 msgid ""
-"Create missing swap directories and other missing cache_dir structures, then "
-"exit. All cache_dir types create the configured top-level directory if it is "
-"missing. Other actions are type-specific. For example, ufs-based storage "
-"systems create missing L1 and L2 directories while Rock creates the missing "
-"database file."
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
-msgid ""
-"This option does not enable validation of any present swap structures. Its "
-"focus is on creation of missing pieces. If nothing is missing, squid -z just "
-"exits. If you suspect cache_dir corruption, you must delete the top-level "
-"cache_dir directory before running squid -z."
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
-msgid ""
-"By default, squid -z runs in daemon mode (so that configuration macros and "
-"other SMP features work as expected). Use B<-N> option to overwrite this."
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
 msgstr ""
 
-#. type: SH
-#: src/squid.8.in:185
-#, no-wrap
-msgid "FILES"
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:187
-msgid "Squid configuration files located in @SYSCONFDIR@/:"
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: tools/purge/purge.1:145
 msgid ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: tools/purge/purge.1:152
 msgid ""
-"Reference copy of the configuration file. Always kept up to date with the "
-"version of Squid you are using."
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: tools/purge/purge.1:157
 msgid ""
-"Use this to look up the default configuration settings and syntax after "
-"upgrading."
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
-msgid ""
-"Use this to read the documentation for configuration options available in "
-"your build of Squid. The online configuration manual is also available for a "
-"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
-msgid "The main configuration file for the web B<cachemgr.cgi> tools."
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
-msgid "The main configuration file for the Sample MSNT authenticator."
-msgstr ""
+#: tools/purge/purge.1:166
+#, fuzzy
+#| msgid "I<*.default files>"
+msgid "default: off"
+msgstr "I<*.default files>"
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: tools/purge/purge.1:171
 msgid ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
+"be verbose in the things reported about the file. See the output section "
+"below."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:224
-msgid "Some files also located elsewhere:"
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
-msgid "MIME type mappings for FTP gatewaying"
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
 msgstr ""
 
-#. type: Plain text
-#: src/squid.8.in:230
-msgid "Location of Squid error pages and templates."
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: tools/purge/purge.1:198
 msgid ""
-"Squid was written over many years by a changing team of developers and "
-"maintained in turn by"
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: tools/purge/purge.1:205
+#, no-wrap
 msgid ""
-"With contributions from many others in the Squid community.  see "
-"CONTRIBUTORS for a full list of individuals who contributed code.  see "
-"CREDITS for a list of major code contributing copyright holders."
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:255
+#: tools/purge/purge.1:209
 msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:257
+#: tools/purge/purge.1:214
 msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
-msgid ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/purge/purge.1:232
 msgid ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
-msgid ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/purge/purge.1:238
 msgid ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
-msgid ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
 msgstr ""
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/purge/purge.1:241
 #, no-wrap
-msgid "SECURITY"
+msgid "TODO"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/purge/purge.1:248
 msgid ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/purge/purge.1:251
 msgid ""
-"Derived from Harvest. Further developed by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
-msgid ""
-"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
-"you need to include with your bug report."
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+msgid "This program and manual was written by"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/purge/purge.1:260
+msgid "Based on original squidpurge README."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:5
+msgid "squidclient - A simple HTTP web client tool"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr ""
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 #, fuzzy
 msgid "version"
 msgstr "النسخة 1.0"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr ""
 
@@ -3816,7 +4479,22 @@ msgid "interval"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -3826,167 +4504,191 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
+#: tools/squidclient/squidclient.1:122
 msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
 
 #, fuzzy
@@ -3997,9 +4699,6 @@ msgstr ""
 #~ msgid "basic_pam_auth"
 #~ msgstr "ncsa_auth"
 
-#~ msgid "I<*.default files>"
-#~ msgstr "I<*.default files>"
-
 #, fuzzy
 #~ msgid "B<-u >I<userattr>"
 #~ msgstr "B<-s >I<service-name>"
diff --git a/doc/manuals/cs.po b/doc/manuals/cs.po
index 6ce6124ed6..9de1759200 100644
--- a/doc/manuals/cs.po
+++ b/doc/manuals/cs.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2009-11-18 14:09+0000\n"
 "Last-Translator: Kuvaly <kuvaly@seznam.cz>\n"
 "Language-Team: Czech <cs@li.org>\n"
@@ -18,406 +18,685 @@ msgstr ""
 "X-Generator: Translate Toolkit 1.5.3\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
-msgstr "Pomocník autorizace  místních uživatelů pro Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
+msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr ""
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-msgid "- Allows authentication of all known local users"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-msgid "- Allows authentication through nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-msgid "- Can handle NIS(+) requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-msgid "- Can handle LDAP requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-msgid "- Can handle PAM requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
+msgid ""
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid ""
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid ""
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr "Tento program byl napsán"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr "Tento manuál byl napsán"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr "AUTORSKÁ PRÁVA"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr "DOTAZY"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr "OZNAMOVÁNÍ CHYB"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
 "SquidFaq/BugReporting for details of what you need to include with your bug "
@@ -425,3370 +704,3754 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
 "orgE<gt>>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr "VIZ TAKÉ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
-msgstr "název LDAP serveru"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
 msgid "port"
 msgstr "port"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
-msgstr "URI"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+msgid "LDAP version"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
-msgstr "LDAP vyhledávací filtr"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
-msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
-msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
-msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
-msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
-msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
-msgid "B<base> object only,"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
+msgid ""
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
-msgid "B<one> level below the base object or"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
-msgid "B<sub>tree below the base object"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
+msgid "B<base> object only,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
+msgid "B<one> level below the base object or"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
-msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
+msgid "B<sub>tree below the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
-msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
-msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
-msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
 msgstr ""
 
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
+msgid ""
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
 msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
+msgid ""
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
 msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
-msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
-msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
 msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
 msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
+msgid ""
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
+msgid ""
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
+msgid ""
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
 msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+msgid "Version 1.3.0sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
 msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
-msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
-msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
+msgid ""
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
+msgid ""
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
-msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
-msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
-msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+msgid "LDAP server bind path."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
-msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
-#, no-wrap
-msgid "NOTES"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
+msgid ""
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
+msgid ""
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
+msgid ""
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
+#, no-wrap
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
 msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
 msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
-msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+msgid ""
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
 msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
 msgid ""
-"Specifies the port number or service name where the helper should connect."
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-msgid "Specifies the RADIUS request timeout."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
-msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
-msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+msgid "Version 2.18"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
-msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+msgid "base-DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+msgid "server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
+msgstr "URI"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
+msgid ""
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
-msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-msgid "Basic authentication protocol"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
+msgid ""
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
 msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
+msgid ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
+msgid ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
+msgid ""
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
-msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
 msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
-msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
 msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
 msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
 msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-msgid "file"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
+msgid ""
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
+msgid ""
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
 msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:5
+msgid "ext_session_acl - Squid session tracking external acl helper."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:7
+msgid "Version 1.2"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/session/ext_session_acl.8:36
+msgid ""
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/session/ext_session_acl.8:49
+msgid ""
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
+#: src/acl/external/session/ext_session_acl.8:62
 msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
+#: src/acl/external/session/ext_session_acl.8:72
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
+#: src/acl/external/session/ext_session_acl.8:79
 msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/session/ext_session_acl.8:81
+msgid "Passive session configuration example using the default automatic mode"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
+#: src/acl/external/session/ext_session_acl.8:94
 msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
 msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
 msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
 msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
+msgid ""
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
+msgid ""
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
+msgid ""
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
+msgid ""
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
+msgid ""
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
+msgid ""
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
+msgid ""
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
+msgid ""
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
+msgid ""
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
+msgid ""
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
+msgid ""
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
+msgid ""
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
+msgid ""
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
+msgid ""
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
+msgid ""
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
+msgid ""
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
+msgid ""
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
+msgid ""
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
+msgid ""
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
+msgid ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+#, fuzzy
+#| msgid "Local Users auth helper for Squid"
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
+msgstr "Pomocník autorizace  místních uživatelů pro Squid"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
+msgid ""
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+msgid "- Allows authentication of all known local users"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+msgid "- Allows authentication through nsswitch.conf"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+msgid "- Can handle NIS(+) requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+msgid "- Can handle LDAP requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
-msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+msgid "- Can handle PAM requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
 msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
-msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
-msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
-msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
+msgstr "název LDAP serveru"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
-msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr "LDAP vyhledávací filtr"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
+msgid ""
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
+msgid ""
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
+msgid ""
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
+msgid ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
+msgid ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-msgid "LDAP version"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
+msgid ""
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
+msgid ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
+msgid ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
+msgid ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
+msgid ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
 msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
+msgid ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
+msgid ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
+msgid ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
+msgid ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
+msgid ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
-msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
+msgid ""
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
+msgid ""
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
+msgid ""
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
-msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
-msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"B<basic_ncsa_auth> must have access to the password file to be executed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
+msgid ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
 msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
-msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:18
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:33
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/auth/basic/PAM/basic_pam_auth.8:38
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"Do not perform the PAM account management group (account expiration etc)"
 msgstr ""
 
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+#: src/auth/basic/PAM/basic_pam_auth.8:52
+msgid ""
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-msgid "Version 1.3.0sq"
+#: src/auth/basic/PAM/basic_pam_auth.8:56
+msgid ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
+msgstr ""
+
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
+#: src/auth/basic/PAM/basic_pam_auth.8:64
 msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
-msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
-msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
-msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
 msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
+msgid ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
-msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
+msgid ""
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
+msgid ""
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-msgid "LDAP server bind path."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+msgid "Specifies the RADIUS request timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
 msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
-msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
 #, no-wrap
-msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+msgid " - use PAM authentication database\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
 #, no-wrap
 msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
 #, no-wrap
-msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
 msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
-#, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
+msgid ""
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
-msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
-msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
-msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
+msgid ""
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
+msgid ""
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
+#, no-wrap
 msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
-msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
-msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+#: src/auth/digest/file/digest_file_auth.8:5
+msgid "digest_file_auth - File based digest authentication helper for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
+#: src/auth/digest/file/digest_file_auth.8:7
+msgid "Version 1.1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
-msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+msgid "file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/digest/file/digest_file_auth.8:17
+msgid ""
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
+#: src/auth/digest/file/digest_file_auth.8:20
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
-msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
-msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
+#: src/auth/digest/file/digest_file_auth.8:51
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
+#: src/auth/digest/file/digest_file_auth.8:59
+msgid ""
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
+msgid "Version 3.0.4sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
+"authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
+msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
+msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
-msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+"This helper is intended to be used as an B<authentication> helper in B<squid."
+"conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
+msgid ""
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
+msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
+msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
 msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
+"(usually only possible in a 5 minute window) . If squid is under high load "
+"with Negotiate(Kerberos) proxy authentication requests the replay cache "
+"checks can create high CPU load. If the environment does not require high "
+"security the replay cache check can be disabled for MIT based Kerberos "
+"implementations by adding the below to the startup script or use the -t none "
+"option."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
-msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
+msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
+msgid ""
+"If negotiate_kerberos_auth doesn't determine for some reason the right "
+"service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
+"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
+"option with negotiate_kerberos_auth."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
+msgid ""
+"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
+"Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
+msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-msgid "Version 1.2"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
+msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
+"provides native access to the Security Service Provider Interface of Windows "
+"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
+"NEGOTIATE packets."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
-msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
+msgid "Specify a Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+"Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
-msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
+msgid "Enables verbose NTLM packet debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
-msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
+msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-msgid "Passive session configuration example using the default automatic mode"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
+msgid ""
+"Optionally the authenticator can verify the NT LOCAL group membership of the "
+"user against the User Group specified in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it, it works only with MACHINE "
+"Local Groups, not Domain Local Groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-msgid "Squid time quota external acl helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
+msgid ""
+"Better group checking is available with external ACL, see B<ext_ad_group_acl."
+"exe> documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
-msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
+msgid "B<squid.conf> typical minimal required changes:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
-msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
+msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+"Internet Explorer has some problems with B<ftp://> URLs when handling "
+"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
+"when placed before the authentication ACL:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
-msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
+msgid "Based on prior work in by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
-msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
-msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
+msgid ""
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
 msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
+msgid ""
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
 msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
-msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
 msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
-#, no-wrap
-msgid "IMPLEMENTATION"
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+msgid "For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
 msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
-msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+#: src/squid.8.in:5
+msgid "squid - HTTP web proxy caching server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
-msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+#: src/squid.8.in:11
+msgid "facility"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
+#. type: Plain text
+#: src/squid.8.in:13
+msgid "config-file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
-msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
+#: src/squid.8.in:17
+msgid "signal"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
-msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+#: src/squid.8.in:19
+msgid "service-name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
-msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
+#: src/squid.8.in:21
+msgid "command-line"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
+#: src/squid.8.in:30
+msgid ""
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
+#: src/squid.8.in:34
+msgid ""
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/squid.8.in:39
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
+#: src/squid.8.in:47
+msgid ""
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
+#: src/squid.8.in:49
+msgid "Squid is derived from the ARPA-funded Harvest Project."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
+#: src/squid.8.in:55
 msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
+#: src/squid.8.in:64
 msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:68
+msgid "Do not catch fatal signals."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/squid.8.in:72
+msgid "Write debugging to stderr also."
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:84
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
+#: src/squid.8.in:88
+msgid "Don't serve any requests until store is rebuilt."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
+#: src/squid.8.in:92
+msgid "Print help message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
-msgid "Version 3.0.4sq"
+#: src/squid.8.in:98
+msgid "Install as a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/squid.8.in:105
 msgid ""
-"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
-"authenticate users via the Negotiate protocol and Kerberos."
+"Parse configuration file, then send signal to running copy (except B<-k "
+"parse> ) and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
-msgid "Remove realm from username before returning the username to squid."
+#: src/squid.8.in:110
+msgid "Use specified syslog facility. Implies B<-s>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
-msgid "Provide Service Principal Name."
+#: src/squid.8.in:115
+msgid ""
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
-msgid ""
-"This helper is intended to be used as an B<authentication> helper in B<squid."
-"conf.>"
+#: src/squid.8.in:119
+msgid "No daemon mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
-msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
+#: src/squid.8.in:125
+msgid ""
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
-msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
+#: src/squid.8.in:129
+msgid "Set Windows Service Command line options in Registry."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
-msgid ""
-"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
-"(usually only possible in a 5 minute window) . If squid is under high load "
-"with Negotiate(Kerberos) proxy authentication requests the replay cache "
-"checks can create high CPU load. If the environment does not require high "
-"security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+#: src/squid.8.in:135
+msgid "Remove a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
-msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
+#: src/squid.8.in:141
+msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/squid.8.in:146
 msgid ""
-"If negotiate_kerberos_auth doesn't determine for some reason the right "
-"service principal you can provide it with -s HTTP/fqdn."
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
-msgid ""
-"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
-"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
-"option with negotiate_kerberos_auth."
+#: src/squid.8.in:150
+msgid "Double-check swap during rebuild."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
-msgid ""
-"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
-"Windows,"
+#: src/squid.8.in:154
+msgid "Specify ICP port number (default: 3130), disable with 0."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
-msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
+#: src/squid.8.in:158
+msgid "Print version and build details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
-msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
+#: src/squid.8.in:162
+msgid "Force full debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
-msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+#: src/squid.8.in:170
+msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/squid.8.in:178
 msgid ""
-"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
-"provides native access to the Security Service Provider Interface of Windows "
-"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
-"NEGOTIATE packets."
+"Create missing swap directories and other missing cache_dir structures, then "
+"exit. All cache_dir types create the configured top-level directory if it is "
+"missing. Other actions are type-specific. For example, ufs-based storage "
+"systems create missing L1 and L2 directories while Rock creates the missing "
+"database file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
-msgid "Specify a Windows Local Group name allowed to authenticate."
+#: src/squid.8.in:183
+msgid ""
+"This option does not enable validation of any present swap structures. Its "
+"focus is on creation of missing pieces. If nothing is missing, squid -z just "
+"exits. If you suspect cache_dir corruption, you must delete the top-level "
+"cache_dir directory before running squid -z."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/squid.8.in:188
 msgid ""
-"Specify a Windows Local Group name which is to be denied authentication."
+"By default, squid -z runs in daemon mode (so that configuration macros and "
+"other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
-#. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
-msgid "Enables verbose NTLM packet debugging."
+#. type: SH
+#: src/squid.8.in:189
+#, no-wrap
+msgid "FILES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
-msgid "B<Allowing Users>"
+#: src/squid.8.in:191
+msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: src/squid.8.in:197
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights \"logon from the network\"."
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
-"Optionally the authenticator can verify the NT LOCAL group membership of the "
-"user against the User Group specified in the Authenticator's command line."
+"Reference copy of the configuration file. Always kept up to date with the "
+"version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
+#: src/squid.8.in:203
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it, it works only with MACHINE "
-"Local Groups, not Domain Local Groups."
+"Use this to look up the default configuration settings and syntax after "
+"upgrading."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: src/squid.8.in:212
 msgid ""
-"Better group checking is available with external ACL, see B<ext_ad_group_acl."
-"exe> documentation."
+"Use this to read the documentation for configuration options available in "
+"your build of Squid. The online configuration manual is also available for a "
+"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
-msgid "B<squid.conf> typical minimal required changes:"
+#: src/squid.8.in:217
+msgid "The main configuration file for the web B<cachemgr.cgi> tools."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
-msgid "Refer to Squid documentation for more details."
+#: src/squid.8.in:220
+msgid "The main configuration file for the Sample MSNT authenticator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: src/squid.8.in:225
 msgid ""
-"Internet Explorer has some problems with B<ftp://> URLs when handling "
-"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
-"when placed before the authentication ACL:"
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
-msgid "Based on prior work in by"
+#: src/squid.8.in:228
+msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
+#: src/squid.8.in:231
+msgid "MIME type mappings for FTP gatewaying"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:13
-msgid "facility"
+#: src/squid.8.in:234
+msgid "Location of Squid error pages and templates."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:15
-msgid "config-file"
+#: src/squid.8.in:237
+msgid ""
+"Squid was written over many years by a changing team of developers and "
+"maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:19
-msgid "signal"
+#: src/squid.8.in:244
+msgid ""
+"With contributions from many others in the Squid community.  see "
+"CONTRIBUTORS for a full list of individuals who contributed code.  see "
+"CREDITS for a list of major code contributing copyright holders."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:21
-msgid "service-name"
+#: tools/cachemgr.cgi.8.in:5
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:23
-msgid "command-line"
+#: tools/cachemgr.cgi.8.in:16
+msgid ""
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: tools/cachemgr.cgi.8.in:20
 msgid ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: tools/cachemgr.cgi.8.in:32
 msgid ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: tools/cachemgr.cgi.8.in:36
 msgid ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
 msgstr ""
 
-#. type: Plain text
-#: src/squid.8.in:51
-msgid "Squid is derived from the ARPA-funded Harvest Project."
+#. type: SH
+#: tools/cachemgr.cgi.8.in:41
+#, no-wrap
+msgid "SECURITY"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
+"Derived from Harvest. Further developed by numerous individuals from the "
+"internet community. Development is led by Duane Wessels of the National "
+"Laboratory for Applied Network Research and funded by the National Science "
+"Foundation."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:70
-msgid "Do not catch fatal signals."
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
+msgid ""
+"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
+"you need to include with your bug report."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:74
-msgid "Write debugging to stderr also."
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: tools/purge/purge.1:21
 msgid ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:90
-msgid "Don't serve any requests until store is rebuilt."
+#: tools/purge/purge.1:23
+msgid ""
+"This is a tool for expert usage only, use it under your own responsibility."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:94
-msgid "Print help message."
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
-msgid "Install as a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: tools/purge/purge.1:43
 msgid ""
-"Parse configuration file, then send signal to running copy (except B<-k "
-"parse> ) and exit."
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
-msgid "Use specified syslog facility. Implies B<-s>"
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: tools/purge/purge.1:53
 msgid ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:121
-msgid "No daemon mode."
+#: tools/purge/purge.1:56
+msgid ""
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:125
-msgid "Set Windows Service Command line options in Registry."
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
-msgid "Remove a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:63
+msgid ""
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:137
-msgid "Do not set B<REUSEADDR> on port."
+#: tools/purge/purge.1:65
+msgid "default: 0"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: tools/purge/purge.1:74
 msgid ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:146
-msgid "Double-check swap during rebuild."
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
-msgid "Specify ICP port number (default: 3130), disable with 0."
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
-msgid "Print version and build details."
+#: tools/purge/purge.1:91
+msgid ""
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
-msgid "Force full debugging."
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
-msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
-msgid ""
-"Create missing swap directories and other missing cache_dir structures, then "
-"exit. All cache_dir types create the configured top-level directory if it is "
-"missing. Other actions are type-specific. For example, ufs-based storage "
-"systems create missing L1 and L2 directories while Rock creates the missing "
-"database file."
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
+#: tools/purge/purge.1:116
 msgid ""
-"This option does not enable validation of any present swap structures. Its "
-"focus is on creation of missing pieces. If nothing is missing, squid -z just "
-"exits. If you suspect cache_dir corruption, you must delete the top-level "
-"cache_dir directory before running squid -z."
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
+#: tools/purge/purge.1:125
 msgid ""
-"By default, squid -z runs in daemon mode (so that configuration macros and "
-"other SMP features work as expected). Use B<-N> option to overwrite this."
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
 msgstr ""
 
-#. type: SH
-#: src/squid.8.in:185
-#, no-wrap
-msgid "FILES"
+#. type: Plain text
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:187
-msgid "Squid configuration files located in @SYSCONFDIR@/:"
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
-msgid ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
-msgid ""
-"Reference copy of the configuration file. Always kept up to date with the "
-"version of Squid you are using."
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: tools/purge/purge.1:145
 msgid ""
-"Use this to look up the default configuration settings and syntax after "
-"upgrading."
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
+#: tools/purge/purge.1:152
 msgid ""
-"Use this to read the documentation for configuration options available in "
-"your build of Squid. The online configuration manual is also available for a "
-"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
-msgid "The main configuration file for the web B<cachemgr.cgi> tools."
+#: tools/purge/purge.1:157
+msgid ""
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
-msgid "The main configuration file for the Sample MSNT authenticator."
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: tools/purge/purge.1:164
 msgid ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:224
-msgid "Some files also located elsewhere:"
+#: tools/purge/purge.1:166
+msgid "default: off"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
-msgid "MIME type mappings for FTP gatewaying"
+#: tools/purge/purge.1:171
+msgid ""
+"be verbose in the things reported about the file. See the output section "
+"below."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:230
-msgid "Location of Squid error pages and templates."
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: tools/purge/purge.1:192
 msgid ""
-"Squid was written over many years by a changing team of developers and "
-"maintained in turn by"
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: tools/purge/purge.1:198
 msgid ""
-"With contributions from many others in the Squid community.  see "
-"CONTRIBUTORS for a full list of individuals who contributed code.  see "
-"CREDITS for a list of major code contributing copyright holders."
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
+#: tools/purge/purge.1:205
+#, no-wrap
 msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:255
-msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:257
+#: tools/purge/purge.1:209
 msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
+#: tools/purge/purge.1:214
+msgid ""
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
+#: tools/purge/purge.1:228
+#, no-wrap
 msgid ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
-msgid ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
+#: tools/purge/purge.1:232
 msgid ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
-msgid ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
+#: tools/purge/purge.1:238
 msgid ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
 msgstr ""
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/purge/purge.1:241
 #, no-wrap
-msgid "SECURITY"
+msgid "TODO"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/purge/purge.1:248
 msgid ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/purge/purge.1:251
 msgid ""
-"Derived from Harvest. Further developed by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
-msgid ""
-"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
-"you need to include with your bug report."
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+#, fuzzy
+#| msgid "This program was written by"
+msgid "This program and manual was written by"
+msgstr "Tento program byl napsán"
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+msgid "Based on original squidpurge README."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:5
+msgid "squidclient - A simple HTTP web client tool"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr ""
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr ""
 
@@ -3798,7 +4461,22 @@ msgid "interval"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -3808,165 +4486,189 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
+#: tools/squidclient/squidclient.1:122
 msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
diff --git a/doc/manuals/de.po b/doc/manuals/de.po
index 6ee8a7aad5..4e50aeeff8 100644
--- a/doc/manuals/de.po
+++ b/doc/manuals/de.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2013-10-31 13:20+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: German <de@li.org>\n"
@@ -20,333 +20,579 @@ msgstr ""
 "X-Launchpad-Export-Date: 2010-01-10 09:12+0000\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr "NAME"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
-msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
+msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr "SYNTAX"
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr "BESCHREIBUNG"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
-"B<basic_getpwnam_auth> erlaubt Squid, lokale Benutzeraccounts zu "
-"authentifizieren indem Benutzername und Passwort mittels HTTP-"
-"Authentifizierung überprüft werden."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
 msgstr ""
-"Er nutzt B<getpwnam()> und B<getspnam()> Routinen zur Authentifizierung."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
-msgstr "Das hat folgende Vorteile gegenüber dem NCSA Modul:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-#, fuzzy
-#| msgid "Allows authentication of all known local users"
-msgid "- Allows authentication of all known local users"
-msgstr "Erlaubt die Authentifizierung aller Lokal bekannten Nutzer"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-#, fuzzy
-#| msgid "Allows authentication through nsswitch.conf"
-msgid "- Allows authentication through nsswitch.conf"
-msgstr "Erlaubt die Authentifizierung mittels nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-#, fuzzy
-#| msgid "Can handle NIS(+) requests"
-msgid "- Can handle NIS(+) requests"
-msgstr "Kann NIS(+) Anfragen verarbeiten"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-#, fuzzy
-#| msgid "Can handle LDAP requests"
-msgid "- Can handle LDAP requests"
-msgstr "Kann LDAP Anfragen verarbeiten"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-#, fuzzy
-#| msgid "Can handle PAM requests"
-msgid "- Can handle PAM requests"
-msgstr "Kann PAM Anfragen verarbeiten"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
+msgstr "OPTIONEN"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
+msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr "KONFIGURATION"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
 msgstr ""
-"Wenn das Programm benutzt werden soll, gegen UNIX shadow Passwort "
-"Datenbanken zu Authentifizieren, muss es als root laufen, andernfalls wird "
-"es nicht berechtigt sein auf die Benutzer Passwort Datenbank zuzugreifen. "
-"Derartige Nutzung des Programms ist nicht empfohlen, aber wenn sie dies "
-"unbedigt benötigen, muss das Programm B<setuid> B<root> sein."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
+msgid ""
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, fuzzy, no-wrap
+#| msgid "QUESTIONS"
+msgid "TESTING"
+msgstr "FRAGEN"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid ""
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid ""
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
-"Bitte beachten sie, dass in derartiger Konfiguration dringend empfohlen wird "
-"das Programm in ein Verzeichnis zu verschieben wo normale Nutzer keinen "
-"Zugriff haben, da andernfalls ein Brute-forcen der Passwörter anderer "
-"Benutzer durch lokale Nutzer möglich wäre. Beachten sie ausserdem, dass das "
-"Programm keiner vollständigen Sicherheitsprüfung unterzogen wurde und der "
-"Author nicht für Sicherheitsprobleme, die durch derartige Nutzung entstehen, "
-"haftbar gemacht werden kann."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr "AUTOR"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr "Dieses Programm wurde geschrieben von"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
-msgstr "Basiert auf Originalcode von"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr "Dieses Handbuch wurde geschrieben von"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr "COPYRIGHT"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 "Dieses Programm sowie die Dokumentation unterliegt dem Copyright der oben "
 "genannten Autoren."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
@@ -355,51 +601,55 @@ msgstr ""
 "später (GPL2+)."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr "FRAGEN"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
@@ -408,50 +658,54 @@ msgstr ""
 "list> gesendet werden."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr "BUGS MELDEN"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
 "SquidFaq/BugReporting for details of what you need to include with your bug "
@@ -462,50 +716,54 @@ msgstr ""
 "muss."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr "Melden sie Bugs oder Bugfixes unter http://bugs.squid-cache.org/"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
 "orgE<gt>>"
@@ -514,26 +772,28 @@ msgstr ""
 "bugs@squid-cache.orgE<gt>>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
@@ -541,2795 +801,2686 @@ msgstr ""
 "Liste>"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr "SIEHE AUCH"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
-msgstr "Authentifizierungshelfer für LDAP von Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
-msgstr "base DN"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
-msgstr "attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
+msgid "port"
+msgstr "Port"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
-msgstr "options"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+#, fuzzy
+#| msgid "LDAP server name"
+msgid "LDAP version"
+msgstr "LDAP server name"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
-msgstr "LDAP server name"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
-msgid "port"
-msgstr "Port"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
-msgstr "URI"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
-msgstr "LDAP Suchfilter"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+#, fuzzy
+#| msgid "base DN"
+msgid "basedn"
+msgstr "base DN"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
 msgstr ""
-"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
-"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
-"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
-"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
-"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
-"Password Paar pro Zeile getrennt durch ein Leerzeichen."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
-msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
-msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
-msgstr "OPTIONEN"
-
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
 msgstr ""
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
-msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
-msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
-msgid "B<base> object only,"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
-msgid "B<one> level below the base object or"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
+msgid ""
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
-msgid "B<sub>tree below the base object"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
+msgid "B<base> object only,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
-msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
+msgid "B<one> level below the base object or"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
-msgstr "Folge nicht den Verweisen"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
+msgid "B<sub>tree below the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
-msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
-msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
-msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
-msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
-msgstr "Nutze TLS Verschlüsselung"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
+msgid ""
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
+msgstr ""
 
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
 msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
-msgstr "Definiert das Zeitlimit bei LDAP-Suchanfragen"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
-msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
-msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
-msgstr ""
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+#, fuzzy
+#| msgid "-n name"
+msgid "file name"
+msgstr "-n Name"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
+msgid ""
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
+msgid ""
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
-#, fuzzy
-msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
 msgstr ""
-"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
-"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
+msgid ""
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
+msgid ""
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
 msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-#, fuzzy
-msgid "This password file can be manipulated using B<htpasswd.>"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
+msgid ""
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
-"Diese Passwortdatei kann unter der Verwendung von htpasswd verändert werden."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+msgid "Version 1.3.0sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
-msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
 #, fuzzy
+#| msgid ""
+#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
+#| "validate the user name and password of Basic HTTP authentication.  LDAP "
+#| "options are specified as parameters on the command line, while the "
+#| "username(s) and password(s) to be checked against the LDAP directory are "
+#| "specified on subsequent lines of input to the helper, one username/"
+#| "password pair per line separated by a space."
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
-msgstr ""
-"B<ncsa_auth> benötigt Zugriff auf die Passwortdatei, um ausgeführt zu werden."
-
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
+"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
+"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
+"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
+"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
+"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
+"Password Paar pro Zeile getrennt durch ein Leerzeichen."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
 msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
 msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
-#, fuzzy
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 msgstr ""
-"Dieser Helfer erlaubt Squid sich mit einem RADIUS Server zu verbinden, um "
-"den Benutzernamen und das Passwort einer Basic HTTP Authentifizierung zu "
-"bestätigen."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
+msgid ""
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
-msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
-msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
-msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
 msgstr ""
-"Für genauere Informationen zur Konfiguration von PAM Diensten, schauen Sie "
-"in die PAM Dokumentation Ihres Systems. Dieses Manual behandelt keine "
-"Details zur PAM Konfiguration."
 
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
-#, no-wrap
-msgid "NOTES"
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
-msgstr ""
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+#, fuzzy
+#| msgid "LDAP server name"
+msgid "LDAP server bind path."
+msgstr "LDAP server name"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
+msgid ""
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-#, fuzzy
-msgid "config file"
-msgstr "-f Datei"
-
-#. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
+msgid ""
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
-#, fuzzy
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
-"Dieser Helfer erlaubt Squid sich mit einem RADIUS Server zu verbinden, um "
-"den Benutzernamen und das Passwort einer Basic HTTP Authentifizierung zu "
-"bestätigen."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
 msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
+#, no-wrap
 msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
 msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
+msgid ""
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
 msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
-msgid ""
-"Specifies the port number or service name where the helper should connect."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-msgid "Specifies the RADIUS request timeout."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+msgid ""
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
-#, fuzzy
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
-"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
-"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
+msgid ""
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
 msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
-msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+msgid "Version 2.18"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+#, fuzzy
+#| msgid "base DN"
+msgid "base-DN"
+msgstr "base DN"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
-msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
+msgstr "options"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+msgid "server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
+msgstr "URI"
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
+#, fuzzy
+#| msgid ""
+#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
+#| "validate the user name and password of Basic HTTP authentication.  LDAP "
+#| "options are specified as parameters on the command line, while the "
+#| "username(s) and password(s) to be checked against the LDAP directory are "
+#| "specified on subsequent lines of input to the helper, one username/"
+#| "password pair per line separated by a space."
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
+"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
+"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
+"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
+"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
+"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
+"Password Paar pro Zeile getrennt durch ein Leerzeichen."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
 msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-#, fuzzy
-#| msgid "Allows authentication through nsswitch.conf"
-msgid "Basic authentication protocol"
-msgstr "Erlaubt die Authentifizierung mittels nsswitch.conf"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
+msgid ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
 msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
+msgid ""
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
+msgid ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
+msgid ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
-msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
-msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, fuzzy, no-wrap
-#| msgid "QUESTIONS"
-msgid "TESTING"
-msgstr "FRAGEN"
-
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
 msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
-msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
 msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
-msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
+msgstr "Folge nicht den Verweisen"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
-msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-#, fuzzy
-#| msgid "Based on original code by"
-msgid "Based on prior work by"
-msgstr "Basiert auf Originalcode von"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
+msgstr "Definiert das Zeitlimit bei LDAP-Suchanfragen"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-#, fuzzy
-#| msgid "Local Users auth helper for Squid"
-msgid "File based digest authentication helper for Squid."
-msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
+msgid ""
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
+msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-#, fuzzy
-msgid "file"
-msgstr "-f Datei"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
+msgstr "Nutze TLS Verschlüsselung"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
+#, fuzzy
+msgid ""
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
+"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
+"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
+msgid ""
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
-msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
-msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
-msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
-msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
-msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
 msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
+msgid ""
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
+msgid ""
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
-msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
-msgstr ""
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based in part on prior work in B<check_group> by"
+msgstr "Basiert auf Originalcode von"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:5
+msgid "ext_session_acl - Squid session tracking external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:7
+msgid "Version 1.2"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/acl/external/session/ext_session_acl.8:36
 msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
+#: src/acl/external/session/ext_session_acl.8:49
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/acl/external/session/ext_session_acl.8:62
+msgid ""
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
+#: src/acl/external/session/ext_session_acl.8:72
 msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
+#: src/acl/external/session/ext_session_acl.8:79
 msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
-msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+#: src/acl/external/session/ext_session_acl.8:81
+msgid "Passive session configuration example using the default automatic mode"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/session/ext_session_acl.8:94
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
-msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
 msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
+msgid ""
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
+msgid ""
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-#, fuzzy
-#| msgid "LDAP server name"
-msgid "LDAP version"
-msgstr "LDAP server name"
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-#, fuzzy
-#| msgid "base DN"
-msgid "basedn"
-msgstr "base DN"
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
+msgid ""
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
+msgid ""
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
+msgid ""
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
+msgid ""
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
-msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
-msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
+msgid ""
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
+msgid ""
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
+msgid ""
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
+msgid ""
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
+msgid ""
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
-msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
-msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-#, fuzzy
-#| msgid "-n name"
-msgid "file name"
-msgstr "-n Name"
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
-msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
-msgstr ""
-
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-msgid "Version 1.3.0sq"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
 #, fuzzy
-#| msgid ""
-#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
-#| "validate the user name and password of Basic HTTP authentication.  LDAP "
-#| "options are specified as parameters on the command line, while the "
-#| "username(s) and password(s) to be checked against the LDAP directory are "
-#| "specified on subsequent lines of input to the helper, one username/"
-#| "password pair per line separated by a space."
-msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
-msgstr ""
-"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
-"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
-"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
-"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
-"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
-"Password Paar pro Zeile getrennt durch ein Leerzeichen."
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
-msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
-msgstr ""
+#| msgid "Local Users auth helper for Squid"
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
+msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
 msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
 msgstr ""
+"B<basic_getpwnam_auth> erlaubt Squid, lokale Benutzeraccounts zu "
+"authentifizieren indem Benutzername und Passwort mittels HTTP-"
+"Authentifizierung überprüft werden."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
-msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
 msgstr ""
+"Er nutzt B<getpwnam()> und B<getspnam()> Routinen zur Authentifizierung."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
+msgstr "Das hat folgende Vorteile gegenüber dem NCSA Modul:"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+#, fuzzy
+#| msgid "Allows authentication of all known local users"
+msgid "- Allows authentication of all known local users"
+msgstr "Erlaubt die Authentifizierung aller Lokal bekannten Nutzer"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+#, fuzzy
+#| msgid "Allows authentication through nsswitch.conf"
+msgid "- Allows authentication through nsswitch.conf"
+msgstr "Erlaubt die Authentifizierung mittels nsswitch.conf"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+#, fuzzy
+#| msgid "Can handle NIS(+) requests"
+msgid "- Can handle NIS(+) requests"
+msgstr "Kann NIS(+) Anfragen verarbeiten"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
-msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+#, fuzzy
+#| msgid "Can handle LDAP requests"
+msgid "- Can handle LDAP requests"
+msgstr "Kann LDAP Anfragen verarbeiten"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+#, fuzzy
+#| msgid "Can handle PAM requests"
+msgid "- Can handle PAM requests"
+msgstr "Kann PAM Anfragen verarbeiten"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
 msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
+"Wenn das Programm benutzt werden soll, gegen UNIX shadow Passwort "
+"Datenbanken zu Authentifizieren, muss es als root laufen, andernfalls wird "
+"es nicht berechtigt sein auf die Benutzer Passwort Datenbank zuzugreifen. "
+"Derartige Nutzung des Programms ist nicht empfohlen, aber wenn sie dies "
+"unbedigt benötigen, muss das Programm B<setuid> B<root> sein."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
+"Bitte beachten sie, dass in derartiger Konfiguration dringend empfohlen wird "
+"das Programm in ein Verzeichnis zu verschieben wo normale Nutzer keinen "
+"Zugriff haben, da andernfalls ein Brute-forcen der Passwörter anderer "
+"Benutzer durch lokale Nutzer möglich wäre. Beachten sie ausserdem, dass das "
+"Programm keiner vollständigen Sicherheitsprüfung unterzogen wurde und der "
+"Author nicht für Sicherheitsprobleme, die durch derartige Nutzung entstehen, "
+"haftbar gemacht werden kann."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
+msgstr "Basiert auf Originalcode von"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
+msgstr "Authentifizierungshelfer für LDAP von Squid"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
+msgstr "base DN"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
+msgstr "attribute"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-#, fuzzy
-#| msgid "LDAP server name"
-msgid "LDAP server bind path."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
 msgstr "LDAP server name"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr "LDAP Suchfilter"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
 msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
+"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
+"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
+"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
+"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
+"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
+"Password Paar pro Zeile getrennt durch ein Leerzeichen."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
+msgid ""
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
 msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
 msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
+msgid ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
 msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
 msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
 msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
-msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
-#, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
+msgid ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
 msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
 msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
 msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
+msgid ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
-#, fuzzy
-#| msgid ""
-#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
-#| "validate the user name and password of Basic HTTP authentication.  LDAP "
-#| "options are specified as parameters on the command line, while the "
-#| "username(s) and password(s) to be checked against the LDAP directory are "
-#| "specified on subsequent lines of input to the helper, one username/"
-#| "password pair per line separated by a space."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
 msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
 msgstr ""
-"B<basic_ldap_auth> erlaubt Squid zu einem LDAP Verzeichnis zu verbinden, um "
-"Benutzername und Passwort der Basic HTTP Authentifizierung zu überprüfen.  "
-"LDAP Optionen werden in der Kommandozeile übergeben, wobei Benutzername und "
-"Passwörter, welche durch LDAP geprüft werden sollen, in darauffolgenden "
-"Zeilen in der Eingabe des Helfers angegeben werden, ein Benutzername/"
-"Password Paar pro Zeile getrennt durch ein Leerzeichen."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
-msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
+#, fuzzy
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
 msgstr ""
+"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
+"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
+#, fuzzy
+#| msgid "Local Users auth helper for Squid"
+msgid ""
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
+msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
 msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
-msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+#, fuzzy
+msgid "This password file can be manipulated using B<htpasswd.>"
 msgstr ""
+"Diese Passwortdatei kann unter der Verwendung von htpasswd verändert werden."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
 msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
+#, fuzzy
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+"B<basic_ncsa_auth> must have access to the password file to be executed."
 msgstr ""
+"B<ncsa_auth> benötigt Zugriff auf die Passwortdatei, um ausgeführt zu werden."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
 msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
 msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
+msgid ""
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
-msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
-msgstr ""
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
+msgstr "Authentifizierungshelfer für LDAP von Squid"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
+#: src/auth/basic/PAM/basic_pam_auth.8:18
+#, fuzzy
 msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
 msgstr ""
+"Dieser Helfer erlaubt Squid sich mit einem RADIUS Server zu verbinden, um "
+"den Benutzernamen und das Passwort einer Basic HTTP Authentifizierung zu "
+"bestätigen."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
+#: src/auth/basic/PAM/basic_pam_auth.8:33
 msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/basic/PAM/basic_pam_auth.8:38
+msgid ""
+"Do not perform the PAM account management group (account expiration etc)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
-#, fuzzy
+#: src/auth/basic/PAM/basic_pam_auth.8:44
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 msgstr ""
-"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
-"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
+#: src/auth/basic/PAM/basic_pam_auth.8:52
+msgid ""
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
+#: src/auth/basic/PAM/basic_pam_auth.8:56
+msgid ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
 msgstr ""
+"Für genauere Informationen zur Konfiguration von PAM Diensten, schauen Sie "
+"in die PAM Dokumentation Ihres Systems. Dieses Manual behandelt keine "
+"Details zur PAM Konfiguration."
 
-#. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
+#: src/auth/basic/PAM/basic_pam_auth.8:64
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+#, fuzzy
+msgid "config file"
+msgstr "-f Datei"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
-msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
-msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
+#, fuzzy
+msgid ""
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
+"Dieser Helfer erlaubt Squid sich mit einem RADIUS Server zu verbinden, um "
+"den Benutzernamen und das Passwort einer Basic HTTP Authentifizierung zu "
+"bestätigen."
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
+msgid ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
-msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
 msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
+msgid ""
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-#, fuzzy
-#| msgid "Based on original code by"
-msgid "Based in part on prior work in B<check_group> by"
-msgstr "Basiert auf Originalcode von"
-
-#. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
+msgid ""
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-msgid "Version 1.2"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
-msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+msgid "Specifies the RADIUS request timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
-msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
+#, fuzzy
 msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
+"Fragen zur Verwendung dieses Programms können an die I<Squid Users "
+"E<lt>squid-users@squid-cache.orgE<gt>> Mailingliste gesendet werden."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
-msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-msgid "Passive session configuration example using the default automatic mode"
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
+msgid ""
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-msgid "Squid time quota external acl helper."
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
+msgid ""
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
-msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
-msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
-msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
+#, no-wrap
+msgid " - use PAM authentication database\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
+#, no-wrap
 msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
+#, no-wrap
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
+msgid ""
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
+msgid ""
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+#, fuzzy
+#| msgid "Allows authentication through nsswitch.conf"
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
+msgstr "Erlaubt die Authentifizierung mittels nsswitch.conf"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
-msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
-msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
+msgid ""
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
-msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
 msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
-msgstr ""
-
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
 #, no-wrap
-msgid "IMPLEMENTATION"
+msgid ""
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
 msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
-msgstr ""
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based on prior work by"
+msgstr "Basiert auf Originalcode von"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
-msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:5
+#, fuzzy
+#| msgid "Local Users auth helper for Squid"
+msgid "digest_file_auth - File based digest authentication helper for Squid."
+msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
-msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+#: src/auth/digest/file/digest_file_auth.8:7
+msgid "Version 1.1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
-msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+#, fuzzy
+msgid "file"
+msgstr "-f Datei"
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
+#: src/auth/digest/file/digest_file_auth.8:17
+msgid ""
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
+#: src/auth/digest/file/digest_file_auth.8:20
+msgid ""
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
-msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/auth/digest/file/digest_file_auth.8:51
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
+#: src/auth/digest/file/digest_file_auth.8:59
+msgid ""
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
 #, fuzzy
 #| msgid "Local Users auth helper for Squid"
-msgid "Squid kerberos based authentication helper"
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
 msgstr "Authentifizierungshelfer für lokale Nutzer von Squid"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
 msgid "Version 3.0.4sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
 msgid ""
 "B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
 "authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
 msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
 msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
 "This helper is intended to be used as an B<authentication> helper in B<squid."
 "conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
+msgid ""
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
 msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
 msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
 msgid ""
 "Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
 "(usually only possible in a 5 minute window) . If squid is under high load "
 "with Negotiate(Kerberos) proxy authentication requests the replay cache "
 "checks can create high CPU load. If the environment does not require high "
 "security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+"implementations by adding the below to the startup script or use the -t none "
+"option."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
 msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
 msgid ""
 "If negotiate_kerberos_auth doesn't determine for some reason the right "
 "service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
 "If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
 "principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
@@ -3337,31 +3488,40 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
 "B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
 "Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
 msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
 msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
-msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
 msgid ""
 "B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
 "provides native access to the Security Service Provider Interface of Windows "
@@ -3370,42 +3530,42 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
 msgid "Specify a Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
 "Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
 msgid "Enables verbose NTLM packet debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
 msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
 "Users that are allowed to access the web proxy must have the Windows NT User "
 "Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
 msgid ""
 "Optionally the authenticator can verify the NT LOCAL group membership of the "
 "user against the User Group specified in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
 "This can be accomplished creating a local user group on the NT machine, "
 "grant the privilege, and adding users to it, it works only with MACHINE "
@@ -3413,24 +3573,24 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
 msgid ""
 "Better group checking is available with external ACL, see B<ext_ad_group_acl."
 "exe> documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
 msgid "B<squid.conf> typical minimal required changes:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
 msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
 "Internet Explorer has some problems with B<ftp://> URLs when handling "
 "internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
@@ -3438,49 +3598,198 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
 #, fuzzy
 #| msgid "Based on original code by"
 msgid "Based on prior work in by"
 msgstr "Basiert auf Originalcode von"
 
 #. type: Plain text
-#: src/squid.8.in:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
+msgid ""
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
+msgid ""
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
+msgid ""
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
+msgid ""
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
+msgid ""
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
+msgid ""
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
+msgid ""
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
+msgid ""
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
+msgid ""
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
+msgid ""
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+msgid "For example:"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
+msgid ""
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
+msgid ""
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:5
 #, fuzzy
-msgid "HTTP web proxy caching server"
+msgid "squid - HTTP web proxy caching server"
 msgstr "squid - proxy caching server"
 
 #. type: Plain text
-#: src/squid.8.in:13
+#: src/squid.8.in:11
 #, fuzzy
 msgid "facility"
 msgstr "-l facility"
 
 #. type: Plain text
-#: src/squid.8.in:15
+#: src/squid.8.in:13
 #, fuzzy
 msgid "config-file"
 msgstr "-f Datei"
 
 #. type: Plain text
-#: src/squid.8.in:19
+#: src/squid.8.in:17
 #, fuzzy
 msgid "signal"
 msgstr "-f Datei"
 
 #. type: Plain text
-#: src/squid.8.in:21
+#: src/squid.8.in:19
 msgid "service-name"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:23
+#: src/squid.8.in:21
 #, fuzzy
 msgid "command-line"
 msgstr "-f Datei"
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: src/squid.8.in:30
 #, fuzzy
 msgid ""
 "B<squid> is a high-performance proxy caching server for web clients, "
@@ -3494,7 +3803,7 @@ msgstr ""
 "Anfragen in einem einzigen non-blocking Prozess."
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: src/squid.8.in:34
 msgid ""
 "Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
 "lookups, supports non-blocking DNS lookups, and implements negative caching "
@@ -3502,7 +3811,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: src/squid.8.in:39
 msgid ""
 "Squid supports SSL, extensive access controls, and full request logging.  By "
 "using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
@@ -3511,7 +3820,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: src/squid.8.in:47
 msgid ""
 "Squid consists of a main server program B<squid> , some optional programs "
 "for custom processing and authentication, and some management and client "
@@ -3521,12 +3830,12 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:51
+#: src/squid.8.in:49
 msgid "Squid is derived from the ARPA-funded Harvest Project."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: src/squid.8.in:55
 msgid ""
 "This manual page only lists the command line arguments.  For details on how "
 "to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
@@ -3535,24 +3844,24 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: src/squid.8.in:64
 msgid ""
 "Specify HTTP port number where Squid should listen for requests, in addition "
 "to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:70
+#: src/squid.8.in:68
 msgid "Do not catch fatal signals."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:74
+#: src/squid.8.in:72
 msgid "Write debugging to stderr also."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: src/squid.8.in:84
 msgid ""
 "Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
 "file name starts with a B<!> or B<|> then it is assumed to be an external "
@@ -3562,94 +3871,101 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:90
+#: src/squid.8.in:88
 msgid "Don't serve any requests until store is rebuilt."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:94
+#: src/squid.8.in:92
 msgid "Print help message."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
+#: src/squid.8.in:98
 #, fuzzy
 msgid "Install as a Windows Service (see B<-n> option)."
 msgstr "Installieren als Windows Dienst (siehe -n Option)."
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: src/squid.8.in:105
 msgid ""
 "Parse configuration file, then send signal to running copy (except B<-k "
 "parse> ) and exit."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
+#: src/squid.8.in:110
 msgid "Use specified syslog facility. Implies B<-s>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: src/squid.8.in:115
 msgid ""
 "Specify Windows Service name to use for service operations, default is: "
 "B<Squid>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:121
+#: src/squid.8.in:119
 msgid "No daemon mode."
 msgstr "No daemon Modus."
 
 #. type: Plain text
 #: src/squid.8.in:125
+msgid ""
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:129
 msgid "Set Windows Service Command line options in Registry."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
+#: src/squid.8.in:135
 #, fuzzy
 msgid "Remove a Windows Service (see B<-n> option)."
 msgstr "Installieren als Windows Dienst (siehe -n Option)."
 
 #. type: Plain text
-#: src/squid.8.in:137
+#: src/squid.8.in:141
 msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: src/squid.8.in:146
 msgid ""
 "Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:146
+#: src/squid.8.in:150
 msgid "Double-check swap during rebuild."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
+#: src/squid.8.in:154
 msgid "Specify ICP port number (default: 3130), disable with 0."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
+#: src/squid.8.in:158
 msgid "Print version and build details."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
+#: src/squid.8.in:162
 msgid "Force full debugging."
 msgstr "Erzwinge vollständige Fehlersuche."
 
 #. type: Plain text
-#: src/squid.8.in:166
+#: src/squid.8.in:170
 msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: src/squid.8.in:178
 msgid ""
 "Create missing swap directories and other missing cache_dir structures, then "
 "exit. All cache_dir types create the configured top-level directory if it is "
@@ -3659,7 +3975,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
+#: src/squid.8.in:183
 msgid ""
 "This option does not enable validation of any present swap structures. Its "
 "focus is on creation of missing pieces. If nothing is missing, squid -z just "
@@ -3668,25 +3984,25 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
+#: src/squid.8.in:188
 msgid ""
 "By default, squid -z runs in daemon mode (so that configuration macros and "
 "other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
 #. type: SH
-#: src/squid.8.in:185
+#: src/squid.8.in:189
 #, no-wrap
 msgid "FILES"
 msgstr "DATEIEN"
 
 #. type: Plain text
-#: src/squid.8.in:187
+#: src/squid.8.in:191
 msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: src/squid.8.in:197
 msgid ""
 "The main configuration file. You must initially make changes to this file "
 "for B<squid> to work. For example, the default configuration only allows "
@@ -3695,21 +4011,21 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
 "Reference copy of the configuration file. Always kept up to date with the "
 "version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: src/squid.8.in:203
 msgid ""
 "Use this to look up the default configuration settings and syntax after "
 "upgrading."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
+#: src/squid.8.in:212
 msgid ""
 "Use this to read the documentation for configuration options available in "
 "your build of Squid. The online configuration manual is also available for a "
@@ -3717,17 +4033,17 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
+#: src/squid.8.in:217
 msgid "The main configuration file for the web B<cachemgr.cgi> tools."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
+#: src/squid.8.in:220
 msgid "The main configuration file for the Sample MSNT authenticator."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: src/squid.8.in:225
 msgid ""
 "CSS Stylesheet to control the display of generated error pages.  Use this to "
 "set any company branding you need, it will apply to every language Squid "
@@ -3735,29 +4051,29 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:224
+#: src/squid.8.in:228
 msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
+#: src/squid.8.in:231
 msgid "MIME type mappings for FTP gatewaying"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:230
+#: src/squid.8.in:234
 msgid "Location of Squid error pages and templates."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: src/squid.8.in:237
 msgid ""
 "Squid was written over many years by a changing team of developers and "
 "maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: src/squid.8.in:244
 msgid ""
 "With contributions from many others in the Squid community.  see "
 "CONTRIBUTORS for a full list of individuals who contributed code.  see "
@@ -3765,40 +4081,13 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:255
-msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:257
-msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
-msgstr ""
-
-#. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
+#: tools/cachemgr.cgi.8.in:5
 #, fuzzy
-msgid "Squid HTTP proxy manager CGI web interface"
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
 msgstr "cachemgr.cgi - squid HTTP Proxy Manager Oberfläche"
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
+#: tools/cachemgr.cgi.8.in:16
 #, fuzzy
 msgid ""
 "The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
@@ -3812,14 +4101,14 @@ msgstr ""
 "sich an dem Server anzumelden."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/cachemgr.cgi.8.in:20
 msgid ""
 "Configuration examples for many common web servers can be found in the Squid "
 "FAQ wiki."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
+#: tools/cachemgr.cgi.8.in:32
 #, fuzzy
 msgid ""
 "The access configuration file defining which Squid servers may be managed "
@@ -3832,7 +4121,7 @@ msgstr ""
 "Beschreibung."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/cachemgr.cgi.8.in:36
 msgid ""
 "The server name may contain shell wildcard characters such as *, [] etc.  A "
 "quick selection dropdown menu is automatically constructed from the simple "
@@ -3840,20 +4129,20 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
 "Specifying :port is optional. If not specified then the default proxy port "
 "is assumed. :* or :any matches any port on the target server."
 msgstr ""
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/cachemgr.cgi.8.in:41
 #, no-wrap
 msgid "SECURITY"
 msgstr "SICHERHEIT"
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
 "B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
 "and returns a formatted version of the response. To avoid abuse it is "
@@ -3862,7 +4151,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
 "Derived from Harvest. Further developed by numerous individuals from the "
 "internet community. Development is led by Duane Wessels of the National "
@@ -3871,69 +4160,453 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
 msgid ""
 "See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
 "you need to include with your bug report."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:21
+msgid ""
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:23
+msgid ""
+"This is a tool for expert usage only, use it under your own responsibility."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:43
+msgid ""
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:56
+msgid ""
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:63
+msgid ""
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:65
+msgid "default: 0"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:91
+msgid ""
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:125
+msgid ""
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:145
+msgid ""
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:152
+msgid ""
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:157
+msgid ""
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:166
+msgid "default: off"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:171
+msgid ""
+"be verbose in the things reported about the file. See the output section "
+"below."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:198
+msgid ""
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:205
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:209
+msgid ""
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:214
+msgid ""
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:232
+msgid ""
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:238
+msgid ""
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:241
+#, no-wrap
+msgid "TODO"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:248
+msgid ""
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:251
+msgid ""
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+#, fuzzy
+#| msgid "This program was written by"
+msgid "This program and manual was written by"
+msgstr "Dieses Programm wurde geschrieben von"
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based on original squidpurge README."
+msgstr "Basiert auf Originalcode von"
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:5
+msgid "squidclient - A simple HTTP web client tool"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr ""
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr ""
 
@@ -3943,7 +4616,22 @@ msgid "interval"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -3953,167 +4641,191 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
+#: tools/squidclient/squidclient.1:122
 msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
 
 #~ msgid "Create swap directories"
diff --git a/doc/manuals/en.po b/doc/manuals/en.po
index 13095b2a0d..546cd708bc 100644
--- a/doc/manuals/en.po
+++ b/doc/manuals/en.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2012-02-24 15:49+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -14,4298 +14,5056 @@ msgstr ""
 "X-Generator: Pootle 2.1.6\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr "NAME"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
-msgstr "Local Users auth helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+#, fuzzy
+#| msgid "Squid external ACL helper to check Windows users group membership."
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr "Squid external ACL helper to check Windows users group membership."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
+msgstr "Version 2.0"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr "SYNOPSIS"
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr "domain"
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr "DESCRIPTION"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
-
-#. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
-msgstr "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
-
-#. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
-msgstr "This has the following advantages over the NCSA module:"
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-msgid "- Allows authentication of all known local users"
-msgstr "- Allows authentication of all known local users"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
+msgstr ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-msgid "- Allows authentication through nsswitch.conf"
-msgstr "- Allows authentication through nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
+msgstr ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-msgid "- Can handle NIS(+) requests"
-msgstr "- Can handle NIS(+) requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
+msgstr "Two running mode are available:"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-msgid "- Can handle LDAP requests"
-msgstr "- Can handle LDAP requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
+msgstr ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-msgid "- Can handle PAM requests"
-msgstr "- Can handle PAM requests"
-
-#. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
-#, no-wrap
-msgid "CONFIGURATION"
-msgstr "CONFIGURATION"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
+msgstr ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
 msgstr ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
 msgstr ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
 #, no-wrap
-msgid "AUTHOR"
-msgstr "AUTHOR"
+msgid "OPTIONS"
+msgstr "OPTIONS"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
-msgid "This program was written by"
-msgstr "This program was written by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr "Use case insensitive compare (local mode only)."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
-msgstr "Based on original code by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr "Write debug info to stderr."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
-msgid "This manual was written by"
-msgstr "This manual was written by"
-
-#. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
-#, no-wrap
-msgid "COPYRIGHT"
-msgstr "COPYRIGHT"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr "Specify the default user's B<domain>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
-msgid "This program and documentation is copyright to the authors named above."
-msgstr ""
-"This program and documentation is copyright to the authors named above."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr "Start helper in Active Directory Global mode."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
-msgid ""
-"Distributed under the GNU General Public License (GNU GPL) version 2 or "
-"later (GPLv2+)."
-msgstr ""
-"Distributed under the GNU General Public License (GNU GPL) version 2 or "
-"later (GPLv2+)."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
+msgstr "Display the binary help and command line syntax info using stderr."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
-msgid "QUESTIONS"
-msgstr "QUESTIONS"
+msgid "CONFIGURATION"
+msgstr "CONFIGURATION"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"Questions on the usage of this program can be sent to the I<Squid Users "
-"mailing list>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
 msgstr ""
-"Questions on the usage of this program can be sent to the I<Squid Users "
-"mailing list>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
 
-#. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
-#, no-wrap
-msgid "REPORTING BUGS"
-msgstr "REPORTING BUGS"
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
+msgstr "B<1. Plain NT4 Group Name>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
-msgid ""
-"Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
-"SquidFaq/BugReporting for details of what you need to include with your bug "
-"report."
-msgstr ""
-"Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
-"SquidFaq/BugReporting for details of what you need to include with your bug "
-"report."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr "B<2. Full NT4 Group Name>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
-msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
-msgstr "Report bugs or bug fixes using http://bugs.squid-cache.org/"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr "B<3. Active Directory Canonical name>"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
+msgstr "As Exampled:"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
-"orgE<gt>>"
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
 msgstr ""
-"Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
-"orgE<gt>>"
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
 msgid ""
-"Report ideas for new improvements to the I<Squid Developers mailing list>"
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
 msgstr ""
-"Report ideas for new improvements to the I<Squid Developers mailing list>"
-
-#. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
-#, no-wrap
-msgid "SEE ALSO"
-msgstr "SEE ALSO"
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
-msgid "The Squid FAQ wiki"
-msgstr "The Squid FAQ wiki"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
-msgid "The Squid Configuration Manual"
-msgstr "The Squid Configuration Manual"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr "and the DomainUsers files will contain only the following line:"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
-msgstr "LDAP authentication helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr "Domain Users"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
-msgstr "base DN"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
-msgstr "attribute"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
-msgstr "options"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
-msgstr "LDAP server name"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
-msgid "port"
-msgstr "port"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr "Refer to Squid documentation for more details on B<squid.conf>"
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr "TESTING"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
-msgstr "URI"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
-msgstr "LDAP search filter"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr "Make sure pressing B<CTRL+C> aborts the program."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
 msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
 msgstr ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
 msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
 msgstr ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
 msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+"Test that entering an valid username and group results in an B<OK> message."
 
 #. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
-msgid "OPTIONS"
-msgstr "OPTIONS"
+msgid "AUTHOR"
+msgstr "AUTHOR"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
-msgstr "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
+msgid "This program was written by"
+msgstr "This program was written by"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
-msgstr ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+msgstr "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
+msgid "This manual was written by"
+msgstr "This manual was written by"
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
+#, no-wrap
+msgid "COPYRIGHT"
+msgstr "COPYRIGHT"
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
 msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
+msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+"This program and documentation is copyright to the authors named above."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+"Distributed under the GNU General Public License (GNU GPL) version 2 or "
+"later (GPLv2+)."
 msgstr ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+"Distributed under the GNU General Public License (GNU GPL) version 2 or "
+"later (GPLv2+)."
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
+#, no-wrap
+msgid "QUESTIONS"
+msgstr "QUESTIONS"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+"Questions on the usage of this program can be sent to the I<Squid Users "
+"mailing list>"
 msgstr ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+"Questions on the usage of this program can be sent to the I<Squid Users "
+"mailing list>"
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
+#, no-wrap
+msgid "REPORTING BUGS"
+msgstr "REPORTING BUGS"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+"Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
+"SquidFaq/BugReporting for details of what you need to include with your bug "
+"report."
 msgstr ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+"Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
+"SquidFaq/BugReporting for details of what you need to include with your bug "
+"report."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
+msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
+msgstr "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+"Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
+"orgE<gt>>"
 msgstr ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+"Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
+"orgE<gt>>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+"Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+"Report ideas for new improvements to the I<Squid Developers mailing list>"
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
+#, no-wrap
+msgid "SEE ALSO"
+msgstr "SEE ALSO"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
-msgid "B<base> object only,"
-msgstr "B<base> object only,"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
+msgid "The Squid FAQ wiki"
+msgstr "The Squid FAQ wiki"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
-msgid "B<one> level below the base object or"
-msgstr "B<one> level below the base object or"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
+msgid "The Squid Configuration Manual"
+msgstr "The Squid Configuration Manual"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
-msgid "B<sub>tree below the base object"
-msgstr "B<sub>tree below the base object"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+#, fuzzy
+#| msgid "Squid eDirectory IP Lookup Helper"
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
+msgstr "Squid eDirectory IP Lookup Helper"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
-msgstr ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
+msgstr "host"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
-msgstr ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
+msgid "port"
+msgstr "port"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
-msgstr ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+msgid "LDAP version"
+msgstr "LDAP version"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
-msgstr ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
+msgstr "basedn"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
-msgstr ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
+msgstr "scope"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
-msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
-msgstr ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
+msgstr "binddn"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
-msgstr "Do not follow referrals"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
+msgstr "bindpass"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
-msgstr "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
+msgstr "filter"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
-msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
-msgstr ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
-msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
-msgstr ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
+msgstr "B<ext_edirectory_userip_acl> is an installed binary."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
-msgstr "LDAP protocol version. Defaults to B<3> if not specified."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+msgstr "Force Addresses to be in IPv4 (0.0.0.0 format)."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
-msgstr "Use TLS encryption"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
+msgstr "Force Addresses to be in IPv6 (:: format)."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
-msgstr "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
+msgstr "Specify B<base> DN. For example; B<o=ORG>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
-msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
-msgstr ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+msgstr "Specify binding DN. For example; B<cn=squid,o=ORG>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
-msgstr "Specify time limit on LDAP search operations"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+msgstr "Specify LDAP search filter. For example; B<(objectClass=User)>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
-msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
-msgstr ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
+msgstr "Specify hostname or IP of server"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
-msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
-msgstr ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
+msgstr "Port number."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
-msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
-msgstr ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
+msgstr "Use persistent connections."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 msgstr ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
-msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
-msgstr ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
+msgstr "search scope. Defaults to B<sub>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
-msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
-msgstr ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
+msgid "B<base> object only,"
+msgstr "B<base> object only,"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
-msgstr "This program is written by"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
+msgid "B<one> level below the base object or"
+msgstr "B<one> level below the base object or"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
-msgstr "This manual is written by"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
+msgid "B<sub>tree below the base object"
+msgstr "B<sub>tree below the base object"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
-msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
-msgstr ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
+msgstr "Set userid B<attribute .> Default is B<cn>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
-msgstr "Your favorite LDAP documentation."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
+msgstr "Set LDAP B<version>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
-msgstr "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
+msgstr "Display version information and exit."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
-msgstr "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
+msgstr "Specify binding B<password>"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
-msgstr "passwd file"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
+msgstr "Enable TLS security."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
 msgstr ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
 
-#. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
-msgstr "This password file can be manipulated using B<htpasswd.>"
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
+msgstr "KNOWN ISSUES"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
-#, fuzzy
-#| msgid ""
-#| "This authenticator accepts: * MD5 - with optional salt and magic strings "
-#| "* DES - for passwords 8 characters or less in length"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
-"This authenticator accepts: * MD5 - with optional salt and magic strings * "
-"DES - for passwords 8 characters or less in length"
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
+msgid ""
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 msgstr ""
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
-
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
-msgstr "KNOWN ISSUES"
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
-msgstr "Based on original documentation by"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
+#, fuzzy
+#| msgid "Restrict users to certain IP addresses, using a text file backend."
+msgid ""
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
+msgstr "Restrict users to certain IP addresses, using a text file backend."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
-msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
-msgstr ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
+msgstr "Version 1.0"
+
+#. type: Plain text
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
+msgstr "file name"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
-msgstr "Squid PAM Basic authentication helper"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
+msgid ""
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
+msgstr ""
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
-msgstr "service name"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
+msgstr "Configuration B<file> to load."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
-msgstr "TTL"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
+msgstr "The B<squid.conf> configuration for the external ACL should be:"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
-msgstr "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
+msgstr "The configuration file format is as follows:"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
 msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
 msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
-"Do not perform the PAM account management group (account expiration etc)"
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
+#, fuzzy
+#| msgid ""
+#| "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
 msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
-msgstr ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
+msgstr "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
-msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
-msgstr ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
-
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
-#, no-wrap
-msgid "NOTES"
-msgstr "NOTES"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+msgid "Version 1.3.0sq"
+msgstr "Version 1.3.0sq"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
-msgstr "This program and documentation was written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
+msgstr ""
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
-msgstr "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
+msgid ""
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
+msgstr ""
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
-msgstr "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
+msgid ""
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
+msgstr ""
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
-msgstr "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
+msgstr "Write debug messages to stderr."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
-msgstr "config file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
+msgstr "Write informational messages to stderr."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
-msgstr "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
+msgstr "Use SSL for the LDAP connection."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
-msgstr "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
+msgid ""
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+msgstr ""
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
-msgstr "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
+msgid ""
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
+msgstr ""
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
-msgstr "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
+msgstr "Allow SSL without certificate verification."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
-msgstr "Alternative method of specifying the server to connect to"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
+msgstr "Maximal depth of recursive group search."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
-msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
-msgstr ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
+msgstr "Username for LDAP server."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
-msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
-msgstr ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
+msgstr "Password for LDAP server."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
+#, fuzzy
+#| msgid ""
+#| "As the password needs to be printed in plain text in your Squid "
+#| "configuration it is strongly recommended to use a account with minimal "
+#| "associated privileges.  This to limit the damage in case someone could "
+#| "get hold of a copy of your Squid configuration file or extracts the "
+#| "password used from a process listing."
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
-msgstr "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+msgid "LDAP server bind path."
+msgstr "LDAP server bind path."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
+msgstr "LDAP server URL in form ldap[s]://server:port"
+
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
 msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 msgstr ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
-msgstr "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
+msgstr ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
-msgstr "specifies the shared RADIUS secret."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+msgstr ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
 msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
 msgid ""
-"Specifies the port number or service name where the helper should connect."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
-"Specifies the port number or service name where the helper should connect."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-#, fuzzy
-#| msgid "specifies the shared RADIUS secret."
-msgid "Specifies the RADIUS request timeout."
-msgstr "specifies the shared RADIUS secret."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
+msgstr ""
+"B<NOTE:> The following squid startup file modification may be required:"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
-msgstr "With contributions from many others."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
+msgid ""
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
+msgstr ""
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
+#, fuzzy
+#| msgid ""
+#| "If you use a different Kerberos domain than the machine itself is in you "
+#| "can point squid to the seperate Kerberos config file by setting the "
+#| "following environmnet variable in the startup script."
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the seperate Kerberos config file by setting the following "
+"environmnet variable in the startup script."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
-msgstr "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
+msgstr ""
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
+#, no-wrap
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
-msgstr "Version 1.0"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
-msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
 msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
 msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
-msgstr "Examples:"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
+msgid ""
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
-msgstr "use sasldb - the default if no conf file is installed."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
 #, no-wrap
-msgid " - use PAM authentication database\n"
-msgstr " - use PAM authentication database\n"
+msgid "   -t 6d61726b7573 instead of -g markus\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
-" - use traditional \n"
-"B</etc/passwd>\n"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
 #, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
-msgstr " - use slightly less traditional /etc/shadow\n"
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
 msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-msgid "Basic authentication protocol"
-msgstr "Basic authentication protocol"
-
-#. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
-msgstr "Version 2.0"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
+msgstr "B<RFC1035> - Domain names - implementation and specification,"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
-msgstr "Group Name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+msgid ""
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+msgstr ""
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
-msgstr "Default Domain"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+msgstr "B<RFC2254> - The String Representation of LDAP Search Filters,"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
-msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
-msgstr ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+#, fuzzy
+#| msgid "Squid LDAP external acl group helper"
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
+msgstr "Squid LDAP external acl group helper"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
-msgstr "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+#, fuzzy
+#| msgid "Version 2.17"
+msgid "Version 2.18"
+msgstr "Version 2.17"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
-msgstr "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+#, fuzzy
+#| msgid "base DN"
+msgid "base-DN"
+msgstr "base DN"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
-msgstr "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
+msgstr "options"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
-msgstr "The default Domain against to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+#, fuzzy
+#| msgid "server name"
+msgid "server"
+msgstr "server name"
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
-msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
-msgstr ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
+msgstr "URI"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
 msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
 msgstr ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
+#, fuzzy
+#| msgid ""
+#| "B<never> dereference aliases (default), B<always> dereference aliases, "
+#| "only while B<search ing> or only to B<find> the base object."
 msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"while B<search ing> or only to B<find> the base object."
 
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
-msgstr "TESTING"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
-msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
 msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
 msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
 msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
 msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
-"Test that entering a valid username and password results in an B<OK> message."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
 msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
-msgstr "Based on prior work by"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
+msgid ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
+msgstr ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
-msgstr "File based digest authentication helper for Squid."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+msgstr "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-msgid "file"
-msgstr "file"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
+msgid ""
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
+msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
-"Accept digest hashed passwords rather than plaintext in the password file"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
-msgstr "Username database file format:"
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
-msgstr "- comment lines are possible and should start with a '#';"
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
-msgstr "- empty or blank lines are possible;"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
+msgstr "Specify the LDAP server to connect to"
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
-msgstr "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
+#, fuzzy
+#| msgid ""
+#| "Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+#| "libraries).  Servers can also be specified last on the command line."
+msgid ""
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
+msgstr ""
+"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
-msgstr "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
+msgstr "Strip Kerberos Realm component from user names (@ separated)"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
 msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
-msgstr "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
+msgstr "Do not follow referrals"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
-msgstr "domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
+msgstr "Strip NT domain name component from user names (/ or \\e separated)"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
-msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
-msgstr ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
+msgstr "Specify time limit on LDAP search operations"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
 msgstr ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
-msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
-msgstr ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
+msgstr "LDAP protocol version. Defaults to B<3> if not specified."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
-msgstr "Two running mode are available:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
+msgstr "Use TLS encryption"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 msgstr ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
-msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
 msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
-msgstr "Use case insensitive compare (local mode only)."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
-msgstr "Specify the default user's B<domain>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
+#, fuzzy
+#| msgid "Squid external ACL helper to check Windows users group membership."
+msgid ""
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
+msgstr "Squid external ACL helper to check Windows users group membership."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
-msgstr "Start helper in Active Directory Global mode."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
+msgstr "Version 1.22"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
-msgstr "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
-
-#. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
-msgstr "B<1. Plain NT4 Group Name>"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
-msgstr "B<2. Full NT4 Group Name>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
-msgstr "B<3. Active Directory Canonical name>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
-msgstr "As Exampled:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
-msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
 msgid ""
 "Groups with spaces in name, for example B<Domain Users> , must be quoted and "
 "the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
+"included by specifying B</path/to/file>"
 msgstr ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
-
-#. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
-msgstr "and the DomainUsers files will contain only the following line:"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
-msgstr "Domain Users"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
-msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
-msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
 msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
-msgstr "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
 msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
 "platforms."
 msgstr ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
-msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
-msgstr ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
+msgstr "with contributions by"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
-msgstr "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
+msgstr "Based in part on prior work in B<check_group> by"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
-msgstr "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/session/ext_session_acl.8:5
+#, fuzzy
+#| msgid "Squid session tracking external acl helper."
+msgid "ext_session_acl - Squid session tracking external acl helper."
+msgstr "Squid session tracking external acl helper."
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:7
+#, fuzzy
+#| msgid "Version 1.22"
+msgid "Version 1.2"
+msgstr "Version 1.22"
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
+msgstr "timeout"
+
+#. type: Plain text
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
+msgstr "database"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/acl/external/session/ext_session_acl.8:36
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
-"Test that entering an valid username and group results in an B<OK> message."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
-msgstr "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+#: src/acl/external/session/ext_session_acl.8:49
+msgid ""
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
-msgstr "Squid eDirectory IP Lookup Helper"
+#: src/acl/external/session/ext_session_acl.8:62
+msgid ""
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
-msgstr "host"
+#: src/acl/external/session/ext_session_acl.8:72
+#, fuzzy
+#| msgid ""
+#| "Active mode. In this mode sessions are started by evaluating an acl with "
+#| "the argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
+msgid ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
+msgstr ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-msgid "LDAP version"
-msgstr "LDAP version"
+#: src/acl/external/session/ext_session_acl.8:79
+msgid ""
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
-msgstr "basedn"
+#: src/acl/external/session/ext_session_acl.8:81
+#, fuzzy
+#| msgid "Configuration example using the default automatic mode"
+msgid "Passive session configuration example using the default automatic mode"
+msgstr "Configuration example using the default automatic mode"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
-msgstr "scope"
+#: src/acl/external/session/ext_session_acl.8:94
+msgid ""
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
+msgstr ""
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
-msgstr "binddn"
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
+msgstr "This program and documentation was written by"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
-msgstr "bindpass"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+#, fuzzy
+#| msgid "Squid session tracking external acl helper."
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
+msgstr "Squid session tracking external acl helper."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
-msgstr "filter"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
+msgid ""
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
-msgstr "B<ext_edirectory_userip_acl> is an installed binary."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
+msgid ""
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
 msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
-msgstr "Force Addresses to be in IPv4 (0.0.0.0 format)."
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
-msgstr "Force Addresses to be in IPv6 (:: format)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
+msgid ""
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
-msgstr "Specify B<base> DN. For example; B<o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
-msgstr "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
-msgstr "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
-msgstr "Specify hostname or IP of server"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
-msgstr "Port number."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
+msgid ""
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
-msgstr "Use persistent connections."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
+msgid ""
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
-msgstr "search scope. Defaults to B<sub>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
-msgstr "Set userid B<attribute .> Default is B<cn>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
-msgstr "Set LDAP B<version>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
-msgstr "Display version information and exit."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
+msgid ""
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
-msgstr "Specify binding B<password>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
-msgstr "Enable TLS security."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
 msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
 msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
 msgstr ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
-msgstr "Restrict users to certain IP addresses, using a text file backend."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
+msgid ""
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
-msgstr "file name"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
+msgid ""
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
 msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
-msgstr "Configuration B<file> to load."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+#, fuzzy
+#| msgid "Squid UNIX Group ACL helper"
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
+msgstr "Squid UNIX Group ACL helper"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
-msgstr "The B<squid.conf> configuration for the external ACL should be:"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
+msgstr "group"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
-msgstr "The configuration file format is as follows:"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
+msgstr "Specifies a group name to match."
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
+msgstr "Also match the users primary group from B</etc/passwd>"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 msgstr ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
-msgstr "There are other two directives, B<ALL> and B<NONE> , which mean"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
+msgid ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
+msgstr ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
-msgstr "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
+msgstr "Additionally bugs or bug-fixes can be reported to"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+#, fuzzy
+#| msgid "Local Users auth helper for Squid"
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
+msgstr "Local Users auth helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
+msgid ""
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
+msgstr ""
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+msgstr "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
+msgstr "This has the following advantages over the NCSA module:"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+msgid "- Allows authentication of all known local users"
+msgstr "- Allows authentication of all known local users"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+msgid "- Allows authentication through nsswitch.conf"
+msgstr "- Allows authentication through nsswitch.conf"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+msgid "- Can handle NIS(+) requests"
+msgstr "- Can handle NIS(+) requests"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+msgid "- Can handle LDAP requests"
+msgstr "- Can handle LDAP requests"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+msgid "- Can handle PAM requests"
+msgstr "- Can handle PAM requests"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
+msgid ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
+msgstr ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
+msgid ""
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
+msgstr ""
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
+msgstr "Based on original code by"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
+msgstr "LDAP authentication helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
+msgstr "base DN"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
+msgstr "attribute"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
+msgstr "LDAP server name"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr "LDAP search filter"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
+msgid ""
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
+msgstr ""
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
+msgid ""
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
+msgstr ""
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
+msgid ""
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
+msgstr ""
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+msgstr "B<REQUIRED.> Specifies the base DN under which the users are located."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
+msgid ""
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
+msgstr ""
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
+#, fuzzy
+#| msgid ""
+#| "The search filter can contain up to 15 occurrences of B<%s> which will be "
+#| "replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
+#| "detailed description of LDAP search filter syntax see RFC2254."
+msgid ""
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
+msgstr ""
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
+"detailed description of LDAP search filter syntax see RFC2254."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
+msgid ""
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
+msgstr ""
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
+msgid ""
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
+msgstr ""
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
+#, fuzzy
+#| msgid ""
+#| "B<Note:> This can only be done if all your users are located directly "
+#| "under the same position in the LDAP tree and the login name is used for "
+#| "naming each user object. If your LDAP tree does not match these criterias "
+#| "or if you want to filter who are valid users then you need to use a "
+#| "search filter to search for your users DN ( B<-f> option)."
+msgid ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
+msgstr ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criterias or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
+msgid ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
+msgstr ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
+msgid ""
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
+msgstr ""
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
+msgid ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
+msgstr ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
+msgstr ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
+msgid ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
+msgstr ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
+msgid ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
+msgstr ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
+msgstr "when to dereference aliases. Defaults to B<never>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
+#, fuzzy
+#| msgid ""
+#| "B<never> dereference aliases (default), B<always> dereference aliases, "
+#| "only while B<search ing> or only to B<find> the base object."
+msgid ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
+msgstr ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"while B<search ing> or only to B<find> the base object."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
+#, fuzzy
+#| msgid ""
+#| "Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+#| "libraries).  Servers can also be specified last on the command line."
+msgid ""
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
+msgstr ""
+"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
+msgstr ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
+msgstr ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
+msgid ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
+msgstr ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
+msgstr ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
+msgid ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
+msgstr ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
+msgid ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
+msgstr ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
+msgid ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
+msgstr ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
+msgstr ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
+msgid ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
+msgstr ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-msgid "Version 1.3.0sq"
-msgstr "Version 1.3.0sq"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
+msgid ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
+msgstr ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
+msgstr "This program is written by"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
+msgstr "This manual is written by"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
 msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
 msgstr ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
+msgstr "Your favorite LDAP documentation."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
+#, fuzzy
+#| msgid "NCSA httpd-style password file authentication helper for Squid"
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
+msgstr "NCSA httpd-style password file authentication helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
+msgstr "passwd file"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
+msgid ""
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
 msgstr ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
+msgstr "This password file can be manipulated using B<htpasswd.>"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
+#, fuzzy
+#| msgid ""
+#| "This authenticator accepts: * MD5 - with optional salt and magic strings "
+#| "* DES - for passwords 8 characters or less in length"
 msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
+msgstr ""
+"This authenticator accepts: * MD5 - with optional salt and magic strings * "
+"DES - for passwords 8 characters or less in length"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
 msgstr ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
 msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
 msgstr ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
+msgid ""
+"B<basic_ncsa_auth> must have access to the password file to be executed."
+msgstr ""
+"B<basic_ncsa_auth> must have access to the password file to be executed."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
+msgid ""
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
+msgstr ""
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
+msgstr "Based on original documentation by"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
+msgid ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
+msgstr ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
+msgid ""
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
+msgstr ""
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
+msgstr "LDAP authentication helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
+msgstr "service name"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
+msgstr "TTL"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:18
+msgid ""
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
+msgstr ""
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+msgstr "Specifies the PAM service name Squid uses, defaults to B<squid>"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:33
+msgid ""
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
+msgstr ""
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:38
+msgid ""
+"Do not perform the PAM account management group (account expiration etc)"
+msgstr ""
+"Do not perform the PAM account management group (account expiration etc)"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
+msgstr ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:52
+msgid ""
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
+msgstr ""
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:56
+msgid ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
+msgstr ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
+
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
+msgstr "NOTES"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:64
+msgid ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
+msgstr ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+msgstr "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
+msgstr "PAM Systems Administrator Guide"
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+#, fuzzy
+#| msgid "Squid RADIUS authentication helper"
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
+msgstr "Squid RADIUS authentication helper"
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
+msgstr "config file"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
-msgstr "Write debug messages to stderr."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
+msgstr "server name"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
-msgstr "Write informational messages to stderr."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
+msgstr "identifier"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
-msgstr "Use SSL for the LDAP connection."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
+msgstr "secret"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
 msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
 msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
-msgstr "Allow SSL without certificate verification."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
+msgstr "Alternative method of specifying the server to connect to"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
 msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
-msgstr "Maximal depth of recursive group search."
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
-msgstr "Username for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
+msgid ""
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
+msgstr ""
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
-msgstr "Password for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
+msgstr "RADIUS request timeout. Default is 10 seconds."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
-#, fuzzy
-#| msgid ""
-#| "As the password needs to be printed in plain text in your Squid "
-#| "configuration it is strongly recommended to use a account with minimal "
-#| "associated privileges.  This to limit the damage in case someone could "
-#| "get hold of a copy of your Squid configuration file or extracts the "
-#| "password used from a process listing."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-msgid "LDAP server bind path."
-msgstr "LDAP server bind path."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
+msgstr "specifies the name or address of the RADIUS server to connect to."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
-msgstr "LDAP server URL in form ldap[s]://server:port"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
+msgstr "specifies the shared RADIUS secret."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
+"Specifies the port number or service name where the helper should connect."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
-msgstr ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+#, fuzzy
+#| msgid "specifies the shared RADIUS secret."
+msgid "Specifies the RADIUS request timeout."
+msgstr "specifies the shared RADIUS secret."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
-msgstr ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
+msgstr "With contributions from many others."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
-msgstr ""
-"B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+msgstr "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
+#, fuzzy
+#| msgid ""
+#| "Basic Authentication using SASL (specifically the cyrus-sasl "
+#| "authentication method)"
 msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
+"method)"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
+
+#. type: Plain text
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
+msgstr "Examples:"
+
+#. type: Plain text
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
+msgstr "use sasldb - the default if no conf file is installed."
+
+#. type: Plain text
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
+#, no-wrap
+msgid " - use PAM authentication database\n"
+msgstr " - use PAM authentication database\n"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
 #, no-wrap
 msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
+" - use traditional \n"
+"B</etc/passwd>\n"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
+#, no-wrap
+msgid " - use slightly less traditional /etc/shadow\n"
+msgstr " - use slightly less traditional /etc/shadow\n"
+
+#. type: Plain text
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
+msgid ""
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
 msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+#, fuzzy
+#| msgid "Basic authentication protocol"
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
+msgstr "Basic authentication protocol"
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
+msgstr "Group Name"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
-#, no-wrap
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
+msgstr "Default Domain"
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
 msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
-#, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
+msgstr "A Windows Local Group name allowed to authenticate."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
-msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
+msgstr "A Windows Local Group name not allowed to authenticate."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
+msgstr "The default Domain against to authenticate."
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
 msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
-msgstr "B<RFC1035> - Domain names - implementation and specification,"
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
-msgstr "Squid LDAP external acl group helper"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
-msgstr "Version 2.17"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
+msgid ""
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
+msgstr ""
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
+#, no-wrap
 msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
+msgid ""
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
+"Test that entering a valid username and password results in an B<OK> message."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
+msgstr "Based on prior work by"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:5
+#, fuzzy
+#| msgid "File based digest authentication helper for Squid."
+msgid "digest_file_auth - File based digest authentication helper for Squid."
+msgstr "File based digest authentication helper for Squid."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
-msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.1"
+msgstr "Version 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
-msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+msgid "file"
+msgstr "file"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
+#: src/auth/digest/file/digest_file_auth.8:17
 msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 msgstr ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
+#: src/auth/digest/file/digest_file_auth.8:20
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
+"Accept digest hashed passwords rather than plaintext in the password file"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
-msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
+msgstr "Username database file format:"
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
+msgstr "- comment lines are possible and should start with a '#';"
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
+msgstr "- empty or blank lines are possible;"
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr "- plaintext entry format is username:password"
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
+msgstr "- HA1 entry format is username:realm:HA1"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
+#: src/auth/digest/file/digest_file_auth.8:51
 msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
-msgstr "Specify the LDAP server to connect to"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
+#: src/auth/digest/file/digest_file_auth.8:59
+#, fuzzy
+#| msgid ""
+#| "This implementation could be improved by using such a triple for the file "
+#| "format.  However storing such a triple does little to improve security: "
+#| "If compromised the B<username:realm:HA1> combination is \"plaintext "
+#| "equivalent\" - for the purposes of digest authentication they allow the "
+#| "user access. Password syncronisation is not tackled by digest - just "
+#| "preventing on the wire compromise."
 msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password syncronisation is not tackled by digest - just preventing on the "
+"wire compromise."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
-msgstr "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+#, fuzzy
+#| msgid "Squid kerberos based authentication helper"
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
+msgstr "Squid kerberos based authentication helper"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
-msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
-msgstr ""
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
+msgid "Version 3.0.4sq"
+msgstr "Version 3.0.4sq"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
+"authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
+"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
+"authenticate users via the Negotiate protocol and Kerberos."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
-msgstr "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
+msgid "Remove realm from username before returning the username to squid."
+msgstr "Remove realm from username before returning the username to squid."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
-msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
+msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
-msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"This helper is intended to be used as an B<authentication> helper in B<squid."
+"conf.>"
 msgstr ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
-msgstr ""
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, fuzzy, no-wrap
+#| msgid "Add the following lines to the squid startup script to point squid to a keytab file which contains the HTTP/fqdn service principal for the default Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You can not use an IP address."
+msgid ""
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
+msgstr "Add the following lines to the squid startup script to point squid to a keytab file which contains the HTTP/fqdn service principal for the default Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You can not use an IP address."
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
-msgstr "Version 1.22"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
+msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
+msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
+"(usually only possible in a 5 minute window) . If squid is under high load "
+"with Negotiate(Kerberos) proxy authentication requests the replay cache "
+"checks can create high CPU load. If the environment does not require high "
+"security the replay cache check can be disabled for MIT based Kerberos "
+"implementations by adding the below to the startup script or use the -t none "
+"option."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
+msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
+msgid ""
+"If negotiate_kerberos_auth doesn't determine for some reason the right "
+"service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
+msgid ""
+"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
+"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
+"option with negotiate_kerberos_auth."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
+"Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
-msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
+msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
+msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
+msgid ""
+"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
+"provides native access to the Security Service Provider Interface of Windows "
+"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
+"NEGOTIATE packets."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
+msgid "Specify a Windows Local Group name allowed to authenticate."
+msgstr "Specify a Windows Local Group name allowed to authenticate."
+
+#. type: Plain text
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+"Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
-msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
+msgid "Enables verbose NTLM packet debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
+msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
-msgstr "with contributions by"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
+msgid ""
+"Optionally the authenticator can verify the NT LOCAL group membership of the "
+"user against the User Group specified in the Authenticator's command line."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
-msgstr "Based in part on prior work in B<check_group> by"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
+msgid ""
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it, it works only with MACHINE "
+"Local Groups, not Domain Local Groups."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
-msgstr "Squid session tracking external acl helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
+msgid ""
+"Better group checking is available with external ACL, see B<ext_ad_group_acl."
+"exe> documentation."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-#, fuzzy
-#| msgid "Version 1.22"
-msgid "Version 1.2"
-msgstr "Version 1.22"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
+msgid "B<squid.conf> typical minimal required changes:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
-msgstr "database"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
+msgid "Refer to Squid documentation for more details."
+msgstr "Refer to Squid documentation for more details."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"Internet Explorer has some problems with B<ftp://> URLs when handling "
+"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
+"when placed before the authentication ACL:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
-msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
+msgid "Based on prior work in by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
-msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
-msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
-#, fuzzy
-#| msgid ""
-#| "Active mode. In this mode sessions are started by evaluating an acl with "
-#| "the argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
-msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
 msgstr ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
-msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
-msgstr ""
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+#, fuzzy
+#| msgid "Port number."
+msgid "serial number"
+msgstr "Port number."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
 #, fuzzy
-#| msgid "Configuration example using the default automatic mode"
-msgid "Passive session configuration example using the default automatic mode"
-msgstr "Configuration example using the default automatic mode"
+#| msgid "B<ext_edirectory_userip_acl> is an installed binary."
+msgid "B<security_file_certgen> is an installed binary."
+msgstr "B<ext_edirectory_userip_acl> is an installed binary."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
 msgstr ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
-
-#. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-#, fuzzy
-#| msgid "Squid session tracking external acl helper."
-msgid "Squid time quota external acl helper."
-msgstr "Squid session tracking external acl helper."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
 msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
 msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
 msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
 msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
-msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
+msgid ""
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+#, fuzzy
+#| msgid "Display the binary help and command line syntax info using stderr."
+msgid "Display the binary version details using stderr."
+msgstr "Display the binary help and command line syntax info using stderr."
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
 msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
-msgstr ""
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+#, fuzzy
+#| msgid "Examples:"
+msgid "For example:"
+msgstr "Examples:"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
+msgid ""
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
+msgid ""
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
-msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
-msgstr ""
+#: src/squid.8.in:5
+#, fuzzy
+#| msgid "HTTP web proxy caching server"
+msgid "squid - HTTP web proxy caching server"
+msgstr "HTTP web proxy caching server"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
-msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
-msgstr ""
+#: src/squid.8.in:11
+msgid "facility"
+msgstr "facility"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
-msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
-msgstr ""
+#: src/squid.8.in:13
+msgid "config-file"
+msgstr "config-file"
+
+#. type: Plain text
+#: src/squid.8.in:17
+msgid "signal"
+msgstr "signal"
+
+#. type: Plain text
+#: src/squid.8.in:19
+msgid "service-name"
+msgstr "service-name"
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
-msgstr ""
+#. type: Plain text
+#: src/squid.8.in:21
+msgid "command-line"
+msgstr "command-line"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/squid.8.in:30
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 msgstr ""
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/squid.8.in:34
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 msgstr ""
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/squid.8.in:39
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
-msgstr ""
-
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
-#, no-wrap
-msgid "IMPLEMENTATION"
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 msgstr ""
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/squid.8.in:47
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 msgstr ""
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
-msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
-msgstr ""
+#: src/squid.8.in:49
+msgid "Squid is derived from the ARPA-funded Harvest Project."
+msgstr "Squid is derived from the ARPA-funded Harvest Project."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
+#: src/squid.8.in:55
 msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
 msgstr ""
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
+#: src/squid.8.in:64
 msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
-msgstr ""
+#. type: Plain text
+#: src/squid.8.in:68
+msgid "Do not catch fatal signals."
+msgstr "Do not catch fatal signals."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
-msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
-msgstr ""
+#: src/squid.8.in:72
+msgid "Write debugging to stderr also."
+msgstr "Write debugging to stderr also."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
+#: src/squid.8.in:84
 msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 msgstr ""
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
-msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
-msgstr ""
+#: src/squid.8.in:88
+msgid "Don't serve any requests until store is rebuilt."
+msgstr "Don't serve any requests until store is rebuilt."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
-msgstr "Squid UNIX Group ACL helper"
+#: src/squid.8.in:92
+msgid "Print help message."
+msgstr "Print help message."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
-msgstr "group"
+#: src/squid.8.in:98
+msgid "Install as a Windows Service (see B<-n> option)."
+msgstr "Install as a Windows Service (see B<-n> option)."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/squid.8.in:105
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Parse configuration file, then send signal to running copy (except B<-k "
+"parse> ) and exit."
 msgstr ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
-
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
-msgstr "Specifies a group name to match."
+"Parse configuration file, then send signal to running copy (except B<-k "
+"parse> ) and exit."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
-msgstr "Also match the users primary group from B</etc/passwd>"
+#: src/squid.8.in:110
+msgid "Use specified syslog facility. Implies B<-s>"
+msgstr "Use specified syslog facility. Implies B<-s>"
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
+#: src/squid.8.in:115
 msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
 msgstr ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
-msgstr ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+#: src/squid.8.in:119
+msgid "No daemon mode."
+msgstr "No daemon mode."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/squid.8.in:125
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
 msgstr ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
-msgstr "Additionally bugs or bug-fixes can be reported to"
+#: src/squid.8.in:129
+msgid "Set Windows Service Command line options in Registry."
+msgstr "Set Windows Service Command line options in Registry."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
-msgstr "Squid kerberos based authentication helper"
+#: src/squid.8.in:135
+msgid "Remove a Windows Service (see B<-n> option)."
+msgstr "Remove a Windows Service (see B<-n> option)."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
-msgid "Version 3.0.4sq"
-msgstr "Version 3.0.4sq"
+#: src/squid.8.in:141
+msgid "Do not set B<REUSEADDR> on port."
+msgstr "Do not set B<REUSEADDR> on port."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/squid.8.in:146
 msgid ""
-"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
-"authenticate users via the Negotiate protocol and Kerberos."
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
-"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
-"authenticate users via the Negotiate protocol and Kerberos."
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
-msgid "Remove realm from username before returning the username to squid."
-msgstr "Remove realm from username before returning the username to squid."
+#: src/squid.8.in:150
+msgid "Double-check swap during rebuild."
+msgstr "Double-check swap during rebuild."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
-msgid "Provide Service Principal Name."
-msgstr ""
+#: src/squid.8.in:154
+msgid "Specify ICP port number (default: 3130), disable with 0."
+msgstr "Specify ICP port number (default: 3130), disable with 0."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
-msgid ""
-"This helper is intended to be used as an B<authentication> helper in B<squid."
-"conf.>"
-msgstr ""
+#: src/squid.8.in:158
+msgid "Print version and build details."
+msgstr "Print version and build details."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
-msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
+#: src/squid.8.in:162
+msgid "Force full debugging."
+msgstr "Force full debugging."
+
+#. type: Plain text
+#: src/squid.8.in:170
+msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+msgstr "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+
+#. type: Plain text
+#: src/squid.8.in:178
+msgid ""
+"Create missing swap directories and other missing cache_dir structures, then "
+"exit. All cache_dir types create the configured top-level directory if it is "
+"missing. Other actions are type-specific. For example, ufs-based storage "
+"systems create missing L1 and L2 directories while Rock creates the missing "
+"database file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
-msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
+#: src/squid.8.in:183
+msgid ""
+"This option does not enable validation of any present swap structures. Its "
+"focus is on creation of missing pieces. If nothing is missing, squid -z just "
+"exits. If you suspect cache_dir corruption, you must delete the top-level "
+"cache_dir directory before running squid -z."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
+#: src/squid.8.in:188
 msgid ""
-"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
-"(usually only possible in a 5 minute window) . If squid is under high load "
-"with Negotiate(Kerberos) proxy authentication requests the replay cache "
-"checks can create high CPU load. If the environment does not require high "
-"security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+"By default, squid -z runs in daemon mode (so that configuration macros and "
+"other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
+#. type: SH
+#: src/squid.8.in:189
+#, no-wrap
+msgid "FILES"
+msgstr "FILES"
+
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
-msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
+#: src/squid.8.in:191
+msgid "Squid configuration files located in @SYSCONFDIR@/:"
+msgstr "Squid configuration files located in @SYSCONFDIR@/:"
+
+#. type: Plain text
+#: src/squid.8.in:197
+msgid ""
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 msgstr ""
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
-"If negotiate_kerberos_auth doesn't determine for some reason the right "
-"service principal you can provide it with -s HTTP/fqdn."
+"Reference copy of the configuration file. Always kept up to date with the "
+"version of Squid you are using."
 msgstr ""
+"Reference copy of the configuration file. Always kept up to date with the "
+"version of Squid you are using."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
+#: src/squid.8.in:203
 msgid ""
-"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
-"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
-"option with negotiate_kerberos_auth."
+"Use this to look up the default configuration settings and syntax after "
+"upgrading."
 msgstr ""
+"Use this to look up the default configuration settings and syntax after "
+"upgrading."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
+#: src/squid.8.in:212
 msgid ""
-"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
-"Windows,"
+"Use this to read the documentation for configuration options available in "
+"your build of Squid. The online configuration manual is also available for a "
+"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 msgstr ""
+"Use this to read the documentation for configuration options available in "
+"your build of Squid. The online configuration manual is also available for a "
+"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
-msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
-msgstr ""
+#: src/squid.8.in:217
+msgid "The main configuration file for the web B<cachemgr.cgi> tools."
+msgstr "The main configuration file for the web B<cachemgr.cgi> tools."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
-msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
-msgstr ""
+#: src/squid.8.in:220
+msgid "The main configuration file for the Sample MSNT authenticator."
+msgstr "The main configuration file for the Sample MSNT authenticator."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
+#: src/squid.8.in:225
 msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 msgstr ""
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
-msgid ""
-"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
-"provides native access to the Security Service Provider Interface of Windows "
-"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
-"NEGOTIATE packets."
-msgstr ""
+#: src/squid.8.in:228
+msgid "Some files also located elsewhere:"
+msgstr "Some files also located elsewhere:"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
-msgid "Specify a Windows Local Group name allowed to authenticate."
-msgstr "Specify a Windows Local Group name allowed to authenticate."
+#: src/squid.8.in:231
+msgid "MIME type mappings for FTP gatewaying"
+msgstr "MIME type mappings for FTP gatewaying"
+
+#. type: Plain text
+#: src/squid.8.in:234
+msgid "Location of Squid error pages and templates."
+msgstr "Location of Squid error pages and templates."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/squid.8.in:237
 msgid ""
-"Specify a Windows Local Group name which is to be denied authentication."
+"Squid was written over many years by a changing team of developers and "
+"maintained in turn by"
 msgstr ""
+"Squid was written over many years by a changing team of developers and "
+"maintained in turn by"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
-msgid "Enables verbose NTLM packet debugging."
+#: src/squid.8.in:244
+msgid ""
+"With contributions from many others in the Squid community.  see "
+"CONTRIBUTORS for a full list of individuals who contributed code.  see "
+"CREDITS for a list of major code contributing copyright holders."
 msgstr ""
+"With contributions from many others in the Squid community.  see "
+"CONTRIBUTORS for a full list of individuals who contributed code.  see "
+"CREDITS for a list of major code contributing copyright holders."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
-msgid "B<Allowing Users>"
-msgstr ""
+#: tools/cachemgr.cgi.8.in:5
+#, fuzzy
+#| msgid "Squid HTTP proxy manager CGI web interface"
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
+msgstr "Squid HTTP proxy manager CGI web interface"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: tools/cachemgr.cgi.8.in:16
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights \"logon from the network\"."
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 msgstr ""
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: tools/cachemgr.cgi.8.in:20
 msgid ""
-"Optionally the authenticator can verify the NT LOCAL group membership of the "
-"user against the User Group specified in the Authenticator's command line."
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 msgstr ""
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
+#: tools/cachemgr.cgi.8.in:32
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it, it works only with MACHINE "
-"Local Groups, not Domain Local Groups."
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
 msgstr ""
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: tools/cachemgr.cgi.8.in:36
 msgid ""
-"Better group checking is available with external ACL, see B<ext_ad_group_acl."
-"exe> documentation."
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
 msgstr ""
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
-msgid "B<squid.conf> typical minimal required changes:"
+#: tools/cachemgr.cgi.8.in:40
+msgid ""
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
 msgstr ""
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
 
-#. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
-msgid "Refer to Squid documentation for more details."
-msgstr "Refer to Squid documentation for more details."
+#. type: SH
+#: tools/cachemgr.cgi.8.in:41
+#, no-wrap
+msgid "SECURITY"
+msgstr "SECURITY"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
-"Internet Explorer has some problems with B<ftp://> URLs when handling "
-"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
-"when placed before the authentication ACL:"
-msgstr ""
-
-#. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
-msgid "Based on prior work in by"
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 msgstr ""
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
-msgstr "HTTP web proxy caching server"
-
-#. type: Plain text
-#: src/squid.8.in:13
-msgid "facility"
-msgstr "facility"
-
-#. type: Plain text
-#: src/squid.8.in:15
-msgid "config-file"
-msgstr "config-file"
-
-#. type: Plain text
-#: src/squid.8.in:19
-msgid "signal"
-msgstr "signal"
-
-#. type: Plain text
-#: src/squid.8.in:21
-msgid "service-name"
-msgstr "service-name"
-
-#. type: Plain text
-#: src/squid.8.in:23
-msgid "command-line"
-msgstr "command-line"
-
-#. type: Plain text
-#: src/squid.8.in:32
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
+"Derived from Harvest. Further developed by numerous individuals from the "
+"internet community. Development is led by Duane Wessels of the National "
+"Laboratory for Applied Network Research and funded by the National Science "
+"Foundation."
 msgstr ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
 msgid ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
+"you need to include with your bug report."
 msgstr ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
+"you need to include with your bug report."
 
 #. type: Plain text
-#: src/squid.8.in:41
-msgid ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
 msgstr ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: tools/purge/purge.1:21
 msgid ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
 msgstr ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
-
-#. type: Plain text
-#: src/squid.8.in:51
-msgid "Squid is derived from the ARPA-funded Harvest Project."
-msgstr "Squid is derived from the ARPA-funded Harvest Project."
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: tools/purge/purge.1:23
 msgid ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
+"This is a tool for expert usage only, use it under your own responsibility."
 msgstr ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: tools/purge/purge.1:34
 msgid ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
 msgstr ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
-
-#. type: Plain text
-#: src/squid.8.in:70
-msgid "Do not catch fatal signals."
-msgstr "Do not catch fatal signals."
 
 #. type: Plain text
-#: src/squid.8.in:74
-msgid "Write debugging to stderr also."
-msgstr "Write debugging to stderr also."
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: tools/purge/purge.1:43
 msgid ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
 msgstr ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
-
-#. type: Plain text
-#: src/squid.8.in:90
-msgid "Don't serve any requests until store is rebuilt."
-msgstr "Don't serve any requests until store is rebuilt."
 
 #. type: Plain text
-#: src/squid.8.in:94
-msgid "Print help message."
-msgstr "Print help message."
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
-msgid "Install as a Windows Service (see B<-n> option)."
-msgstr "Install as a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: tools/purge/purge.1:56
 msgid ""
-"Parse configuration file, then send signal to running copy (except B<-k "
-"parse> ) and exit."
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
 msgstr ""
-"Parse configuration file, then send signal to running copy (except B<-k "
-"parse> ) and exit."
 
 #. type: Plain text
-#: src/squid.8.in:112
-msgid "Use specified syslog facility. Implies B<-s>"
-msgstr "Use specified syslog facility. Implies B<-s>"
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: tools/purge/purge.1:63
 msgid ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
 msgstr ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
 
 #. type: Plain text
-#: src/squid.8.in:121
-msgid "No daemon mode."
-msgstr "No daemon mode."
+#: tools/purge/purge.1:65
+msgid "default: 0"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:125
-msgid "Set Windows Service Command line options in Registry."
-msgstr "Set Windows Service Command line options in Registry."
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
-msgid "Remove a Windows Service (see B<-n> option)."
-msgstr "Remove a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:137
-msgid "Do not set B<REUSEADDR> on port."
-msgstr "Do not set B<REUSEADDR> on port."
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: tools/purge/purge.1:91
 msgid ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
 msgstr ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 
 #. type: Plain text
-#: src/squid.8.in:146
-msgid "Double-check swap during rebuild."
-msgstr "Double-check swap during rebuild."
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
-msgid "Specify ICP port number (default: 3130), disable with 0."
-msgstr "Specify ICP port number (default: 3130), disable with 0."
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
-msgid "Print version and build details."
-msgstr "Print version and build details."
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
-msgid "Force full debugging."
-msgstr "Force full debugging."
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
-msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
-msgstr "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: tools/purge/purge.1:125
 msgid ""
-"Create missing swap directories and other missing cache_dir structures, then "
-"exit. All cache_dir types create the configured top-level directory if it is "
-"missing. Other actions are type-specific. For example, ufs-based storage "
-"systems create missing L1 and L2 directories while Rock creates the missing "
-"database file."
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
-msgid ""
-"This option does not enable validation of any present swap structures. Its "
-"focus is on creation of missing pieces. If nothing is missing, squid -z just "
-"exits. If you suspect cache_dir corruption, you must delete the top-level "
-"cache_dir directory before running squid -z."
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
-msgid ""
-"By default, squid -z runs in daemon mode (so that configuration macros and "
-"other SMP features work as expected). Use B<-N> option to overwrite this."
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
 msgstr ""
 
-#. type: SH
-#: src/squid.8.in:185
-#, no-wrap
-msgid "FILES"
-msgstr "FILES"
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:187
-msgid "Squid configuration files located in @SYSCONFDIR@/:"
-msgstr "Squid configuration files located in @SYSCONFDIR@/:"
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: tools/purge/purge.1:145
 msgid ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
 msgstr ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: tools/purge/purge.1:152
 msgid ""
-"Reference copy of the configuration file. Always kept up to date with the "
-"version of Squid you are using."
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
 msgstr ""
-"Reference copy of the configuration file. Always kept up to date with the "
-"version of Squid you are using."
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: tools/purge/purge.1:157
 msgid ""
-"Use this to look up the default configuration settings and syntax after "
-"upgrading."
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
 msgstr ""
-"Use this to look up the default configuration settings and syntax after "
-"upgrading."
 
 #. type: Plain text
-#: src/squid.8.in:208
-msgid ""
-"Use this to read the documentation for configuration options available in "
-"your build of Squid. The online configuration manual is also available for a "
-"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
 msgstr ""
-"Use this to read the documentation for configuration options available in "
-"your build of Squid. The online configuration manual is also available for a "
-"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 
 #. type: Plain text
-#: src/squid.8.in:213
-msgid "The main configuration file for the web B<cachemgr.cgi> tools."
-msgstr "The main configuration file for the web B<cachemgr.cgi> tools."
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
-msgid "The main configuration file for the Sample MSNT authenticator."
-msgstr "The main configuration file for the Sample MSNT authenticator."
+#: tools/purge/purge.1:166
+#, fuzzy
+#| msgid "Default Domain"
+msgid "default: off"
+msgstr "Default Domain"
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: tools/purge/purge.1:171
 msgid ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
+"be verbose in the things reported about the file. See the output section "
+"below."
 msgstr ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
 
 #. type: Plain text
-#: src/squid.8.in:224
-msgid "Some files also located elsewhere:"
-msgstr "Some files also located elsewhere:"
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
-msgid "MIME type mappings for FTP gatewaying"
-msgstr "MIME type mappings for FTP gatewaying"
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
 
-#. type: Plain text
-#: src/squid.8.in:230
-msgid "Location of Squid error pages and templates."
-msgstr "Location of Squid error pages and templates."
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: tools/purge/purge.1:198
 msgid ""
-"Squid was written over many years by a changing team of developers and "
-"maintained in turn by"
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
 msgstr ""
-"Squid was written over many years by a changing team of developers and "
-"maintained in turn by"
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: tools/purge/purge.1:205
+#, no-wrap
 msgid ""
-"With contributions from many others in the Squid community.  see "
-"CONTRIBUTORS for a full list of individuals who contributed code.  see "
-"CREDITS for a list of major code contributing copyright holders."
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
 msgstr ""
-"With contributions from many others in the Squid community.  see "
-"CONTRIBUTORS for a full list of individuals who contributed code.  see "
-"CREDITS for a list of major code contributing copyright holders."
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
 msgstr ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
 
 #. type: Plain text
-#: src/squid.8.in:255
+#: tools/purge/purge.1:209
 msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
 msgstr ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
 
 #. type: Plain text
-#: src/squid.8.in:257
+#: tools/purge/purge.1:214
 msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
 msgstr ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
-msgstr "Squid HTTP proxy manager CGI web interface"
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
+msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
-msgid ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
 msgstr ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/purge/purge.1:232
 msgid ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
 msgstr ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
-msgid ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
 msgstr ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/purge/purge.1:238
 msgid ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
 msgstr ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
-msgid ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
 msgstr ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/purge/purge.1:241
 #, no-wrap
-msgid "SECURITY"
-msgstr "SECURITY"
+msgid "TODO"
+msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/purge/purge.1:248
 msgid ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
 msgstr ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/purge/purge.1:251
 msgid ""
-"Derived from Harvest. Further developed by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
-msgid ""
-"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
-"you need to include with your bug report."
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
 msgstr ""
-"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
-"you need to include with your bug report."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+#, fuzzy
+#| msgid "This program and documentation was written by"
+msgid "This program and manual was written by"
+msgstr "This program and documentation was written by"
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based on original squidpurge README."
+msgstr "Based on original code by"
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:5
+#, fuzzy
+#| msgid "A simple HTTP web client tool"
+msgid "squidclient - A simple HTTP web client tool"
 msgstr "A simple HTTP web client tool"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr "string"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr "remote host"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr "IMS"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr "Host header"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr "local host"
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr "method"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr "count"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr "user"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr "version"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr "password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr "url"
 
@@ -4317,7 +5075,22 @@ msgid "interval"
 msgstr "ping interval"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -4332,66 +5105,75 @@ msgstr ""
 "management information are provided."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr "Do NOT include Accept: header."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+#, fuzzy
+#| msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr "Retrieve URL from cache on hostname.  Default is B<localhost>"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+#, fuzzy
+#| msgid "Extra headers to send. Use B<'\\n'> for new lines."
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 "Extra headers to send. Use B<'\n"
 "'> for new lines."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr "If-Modified-Since time (in Epoch seconds)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr "Host header content"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr "Specify a local IP address to bind to.  Default is none."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
-msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+#: tools/squidclient/squidclient.1:122
+#, fuzzy
+#| msgid ""
+#| "Request method, default is\n"
+#| "I<GET.>\n"
+#| "Squid also supports a non-standard method called\n"
+#| "I<PURGE.>\n"
+#| "You can use that to purge a specific URL from the cache.\n"
+#| "You need to have\n"
+#| "I<purge>\n"
+#| "access setup in\n"
+#| "B<squid.conf>\n"
+#| "similar to\n"
+#| "I<manager>\n"
+#| " access. Here is an example:\n"
+msgid ""
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 "Request method, default is\n"
 "I<GET.>\n"
@@ -4407,111 +5189,186 @@ msgstr ""
 " access. Here is an example:\n"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr "Proxy Negotiate(Kerberos) authentication."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr "Use kinit username@DOMAIN first to get initial TGS."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr "WWW Negotiate(Kerberos) authentication."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr "Port number of cache.  Default is 3128."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr "Request body. Using the named file as data."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr "Force cache to reload URL."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr "Silent.  Do not print data to stdout."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr "Trace I<count> HTTP relay or proxy hops"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr "Timeout value (seconds) for read/write operations."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr "Proxy authentication username"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr "WWW authentication username"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr "Verbose. Print outgoing message to stderr."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr "Proxy authentication password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr "WWW authentication password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 #, fuzzy
 #| msgid ""
 #| "Ping mode, perform I<count> iterations (0 to loop until interrupted)."
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr "Ping mode, perform I<count> iterations (0 to loop until interrupted)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr "Ping interval in seconds (default 1 second)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
 
+#~ msgid "Squid PAM Basic authentication helper"
+#~ msgstr "Squid PAM Basic authentication helper"
+
+#~ msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
+#~ msgstr "There are other two directives, B<ALL> and B<NONE> , which mean"
+
+#~ msgid ""
+#~ "This software product, SQUID, is developed by a team of individuals, and "
+#~ "copyrighted (C) 2001 by the Regents of the University of California, with "
+#~ "all rights reserved.  UCSD administered the NLANR Cache grants, NCR "
+#~ "9616602 and NCR 9521745 under which most of this code was developed."
+#~ msgstr ""
+#~ "This software product, SQUID, is developed by a team of individuals, and "
+#~ "copyrighted (C) 2001 by the Regents of the University of California, with "
+#~ "all rights reserved.  UCSD administered the NLANR Cache grants, NCR "
+#~ "9616602 and NCR 9521745 under which most of this code was developed."
+
+#~ msgid ""
+#~ "This program is free software; you can redistribute it and/or modify it "
+#~ "under the terms of the GNU General Public License (version 2) as "
+#~ "published by the Free Software Foundation.  It is distributed in the hope "
+#~ "that it will be useful, but WITHOUT ANY WARRANTY; without even the "
+#~ "implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  "
+#~ "See the GNU General Public License for more details."
+#~ msgstr ""
+#~ "This program is free software; you can redistribute it and/or modify it "
+#~ "under the terms of the GNU General Public License (version 2) as "
+#~ "published by the Free Software Foundation.  It is distributed in the hope "
+#~ "that it will be useful, but WITHOUT ANY WARRANTY; without even the "
+#~ "implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  "
+#~ "See the GNU General Public License for more details."
+
+#~ msgid ""
+#~ "see the CREDITS file for further copyright licensing of third-party code "
+#~ "contributions."
+#~ msgstr ""
+#~ "see the CREDITS file for further copyright licensing of third-party code "
+#~ "contributions."
+
+#~ msgid "local host"
+#~ msgstr "local host"
+
 #~ msgid "Create swap directories"
 #~ msgstr "Create swap directories"
 
diff --git a/doc/manuals/en_AU.po b/doc/manuals/en_AU.po
index c0f42502b6..3732477149 100644
--- a/doc/manuals/en_AU.po
+++ b/doc/manuals/en_AU.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2011-11-09 23:56+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: English (Australia) <en_AU@li.org>\n"
@@ -20,319 +20,577 @@ msgstr ""
 "X-Launchpad-Export-Date: 2010-01-16 02:12+0000\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr "NAME"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
-msgstr "Local Users auth helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
+msgstr "Version 2.0"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr "SYNOPSIS"
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr "DESCRIPTION"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
-msgstr "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
-msgstr "This has the following advantages over the NCSA module:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-msgid "- Allows authentication of all known local users"
-msgstr "- Allows authentication of all known local users"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-msgid "- Allows authentication through nsswitch.conf"
-msgstr "- Allows authentication through nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-msgid "- Can handle NIS(+) requests"
-msgstr "- Can handle NIS(+) requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-msgid "- Can handle LDAP requests"
-msgstr "- Can handle LDAP requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-msgid "- Can handle PAM requests"
-msgstr "- Can handle PAM requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
+msgstr "OPTIONS"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr "Write debug info to stderr."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
+msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr "CONFIGURATION"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
 msgstr ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
+msgid ""
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr "TESTING"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid ""
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid ""
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr "AUTHOR"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr "This program was written by"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
-msgstr "Based on original code by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+msgstr "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr "This manual was written by"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr "COPYRIGHT"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 "This program and documentation is copyright to the authors named above."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
@@ -341,51 +599,55 @@ msgstr ""
 "later (GPLv2+)."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr "QUESTIONS"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
@@ -394,50 +656,54 @@ msgstr ""
 "mailing list>"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr "REPORTING BUGS"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
 "SquidFaq/BugReporting for details of what you need to include with your bug "
@@ -445,50 +711,54 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
 "orgE<gt>>"
@@ -497,3639 +767,4090 @@ msgstr ""
 "orgE<gt>>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr "SEE ALSO"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
-msgstr "LDAP authentication helper for Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+#, fuzzy
+#| msgid "Squid eDirectory IP Lookup Helper"
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
+msgstr "Squid eDirectory IP Lookup Helper"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
-msgstr "base DN"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
-msgstr "attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
+msgid "port"
+msgstr "port"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
-msgstr "options"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+msgid "LDAP version"
+msgstr "LDAP version"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
-msgstr "LDAP server name"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
+msgstr "basedn"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
-msgid "port"
-msgstr "port"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
-msgstr "URI"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
-msgstr "LDAP search filter"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
-msgstr "OPTIONS"
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
-msgstr "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
-msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
-msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
 msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
 msgstr ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 msgstr ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
+msgstr "search scope. Defaults to B<sub>"
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
 msgid "B<base> object only,"
 msgstr "B<base> object only,"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
 msgid "B<one> level below the base object or"
 msgstr "B<one> level below the base object or"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
 msgid "B<sub>tree below the base object"
 msgstr "B<sub>tree below the base object"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
 msgstr ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
+msgstr "KNOWN ISSUES"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
-msgstr "Do not follow referrals"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
+msgid ""
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
-msgstr "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
+msgid ""
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
-msgstr "LDAP protocol version. Defaults to B<3> if not specified."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
+msgstr "Version 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
-msgstr "Use TLS encryption"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
+msgstr "file name"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
-msgstr "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
+msgid ""
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
 msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
-msgstr "Specify time limit on LDAP search operations"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
-msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
-msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
-msgstr ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
+msgstr "The configuration file format is as follows:"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
 msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
 msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
+#, fuzzy
+#| msgid ""
+#| "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
 msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
-msgstr ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
+msgstr "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
-msgstr "This program is written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+msgid "Version 1.3.0sq"
+msgstr "Version 1.3.0sq"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
-msgstr "This manual is written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
+msgid ""
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
+msgstr ""
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
 msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
-msgstr "Your favorite LDAP documentation."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
+msgid ""
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
-msgstr "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
+msgid ""
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
+msgstr ""
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
-msgstr "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
+msgstr "Write debug messages to stderr."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
-msgstr "passwd file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
+msgstr "Write informational messages to stderr."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
-msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
-msgstr "This password file can be manipulated using B<htpasswd.>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
+msgid ""
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
-
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
-msgstr "KNOWN ISSUES"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
-msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
-msgstr "Based on original documentation by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
-msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
 msgstr ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
+#, fuzzy
+#| msgid ""
+#| "As the password needs to be printed in plain text in your Squid "
+#| "configuration it is strongly recommended to use a account with minimal "
+#| "associated privileges.  This to limit the damage in case someone could "
+#| "get hold of a copy of your Squid configuration file or extracts the "
+#| "password used from a process listing."
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
-msgstr "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+msgid "LDAP server bind path."
+msgstr "LDAP server bind path."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
-msgstr "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
-msgstr "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
+msgid ""
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 msgstr ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
-msgstr "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
 msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
 msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
-"Do not perform the PAM account management group (account expiration etc)"
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
-msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
 msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
 msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
 
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
-#, no-wrap
-msgid "NOTES"
-msgstr "NOTES"
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
+#, no-wrap
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
-msgstr "This program and documentation was written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
-msgstr "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
-msgstr "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
+msgid ""
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
-msgstr "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
-msgstr "config file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
+msgid ""
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
-msgstr "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
-msgstr "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
-msgstr "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+msgid ""
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
-msgstr "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
-
-#. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
-msgstr "Alternative method of specifying the server to connect to"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
-msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
-msgstr "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+msgstr "B<RFC2254> - The String Representation of LDAP Search Filters,"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
-msgstr "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+#, fuzzy
+#| msgid "Squid LDAP external acl group helper"
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
+msgstr "Squid LDAP external acl group helper"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
-msgstr "specifies the shared RADIUS secret."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+#, fuzzy
+#| msgid "Version 2.17"
+msgid "Version 2.18"
+msgstr "Version 2.17"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
-msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
-msgstr ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+#, fuzzy
+#| msgid "base DN"
+msgid "base-DN"
+msgstr "base DN"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
-msgid ""
-"Specifies the port number or service name where the helper should connect."
-msgstr ""
-"Specifies the port number or service name where the helper should connect."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
+msgstr "options"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
 #, fuzzy
-#| msgid "specifies the shared RADIUS secret."
-msgid "Specifies the RADIUS request timeout."
-msgstr "specifies the shared RADIUS secret."
+#| msgid "server name"
+msgid "server"
+msgstr "server name"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
-msgstr "With contributions from many others."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
+msgstr "URI"
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
-
-#. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
-msgstr "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
-msgstr "Version 1.0"
-
-#. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
-msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
+msgstr "When to dereference aliases. Defaults to 'never'"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
+#, fuzzy
+#| msgid ""
+#| "B<never> dereference aliases (default), B<always> dereference aliases, "
+#| "only while B<search>ing or only to B<find> the base object"
 msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"while B<search>ing or only to B<find> the base object"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+msgstr "B<REQUIRED.> Specifies the base DN under which the groups are located."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
-msgstr " - use PAM authentication database\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
+msgstr "Specifies the base DN under which the users are located (if different)"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
 msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-msgid "Basic authentication protocol"
-msgstr "Basic authentication protocol"
-
-#. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
-msgstr "Version 2.0"
-
-#. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
+msgid ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+msgstr "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
+msgid ""
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
-msgstr "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
+msgstr "Specify the LDAP server to connect to"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
+#, fuzzy
+#| msgid ""
+#| "Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+#| "libraries)"
+msgid ""
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 msgstr ""
+"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
+msgstr "Strip Kerberos Realm component from user names (@ separated)"
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
-msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
+msgstr "Do not follow referrals"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
-msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
+msgstr "Strip NT domain name component from user names (/ or \\e separated)"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
-msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
-msgstr "TESTING"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
+msgstr "Specify time limit on LDAP search operations"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
 msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
 msgstr ""
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
-msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
+msgstr "LDAP protocol version. Defaults to B<3> if not specified."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
-msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
+msgstr "Use TLS encryption"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 msgstr ""
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
+msgstr "Based on prior work in B<squid_ldap_auth> by"
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
 msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
-msgstr "Based on prior work by"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
+msgstr "Your favorite LDAP documentation"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
-msgstr "File based digest authentication helper for Squid."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
+msgid ""
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
+msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-msgid "file"
-msgstr "file"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
+msgstr "Version 1.22"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
-msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
-msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
 msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
 msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
-msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
-msgstr ""
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
+msgstr "with contributions by"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
-msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
-msgstr ""
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
+msgstr "Based in part on prior work in B<check_group> by"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
-msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:5
+#, fuzzy
+#| msgid "Squid session tracking external acl helper."
+msgid "ext_session_acl - Squid session tracking external acl helper."
+msgstr "Squid session tracking external acl helper."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:7
+#, fuzzy
+#| msgid "Version 1.22"
+msgid "Version 1.2"
+msgstr "Version 1.22"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
+msgstr "timeout"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
+msgstr "database"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/session/ext_session_acl.8:31
+msgid ""
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/session/ext_session_acl.8:36
+#, fuzzy
+#| msgid ""
+#| "B<Timeout> for any session. If not specified the default is 3600 seconds."
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
+"B<Timeout> for any session. If not specified the default is 3600 seconds."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:49
+msgid ""
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:62
+msgid ""
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/acl/external/session/ext_session_acl.8:72
+#, fuzzy
+#| msgid ""
+#| "Active mode. In this mode sessions are started by evaluating an acl with "
+#| "the argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
+msgid ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
+#: src/acl/external/session/ext_session_acl.8:79
+msgid ""
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
-msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:81
+#, fuzzy
+#| msgid "Configuration example using the default automatic mode"
+msgid "Passive session configuration example using the default automatic mode"
+msgstr "Configuration example using the default automatic mode"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/acl/external/session/ext_session_acl.8:94
 msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 msgstr ""
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
-msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
+msgstr "This program and documentation was written by"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
-msgstr ""
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+#, fuzzy
+#| msgid "Squid session tracking external acl helper."
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
+msgstr "Squid session tracking external acl helper."
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
+msgid ""
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
 msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
 msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
 msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
-msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
-msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
+msgid ""
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
-msgstr "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
-msgstr "Squid eDirectory IP Lookup Helper"
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
+msgid ""
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-msgid "LDAP version"
-msgstr "LDAP version"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
-msgstr "basedn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
+msgid ""
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
 msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
+msgid ""
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
+msgid ""
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
+msgid ""
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
+msgid ""
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
+msgid ""
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
+msgid ""
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
-msgstr "search scope. Defaults to B<sub>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+#, fuzzy
+#| msgid "Squid UNIX Group ACL helper"
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
+msgstr "Squid UNIX Group ACL helper"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
+msgstr "group"
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
+msgid ""
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
+msgstr "Specifies a group name to match."
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
+msgstr "Also match the users primary group from B</etc/passwd>"
+
+#. type: Plain text
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
+msgid ""
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
+msgid ""
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 msgstr ""
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
+msgid ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 msgstr ""
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
+msgstr "Additionally bugs or bug-fixes can be reported to"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+#, fuzzy
+#| msgid "Local Users auth helper for Squid"
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
+msgstr "Local Users auth helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
+msgid ""
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
 msgstr ""
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+msgstr "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
+msgstr "This has the following advantages over the NCSA module:"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+msgid "- Allows authentication of all known local users"
+msgstr "- Allows authentication of all known local users"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+msgid "- Allows authentication through nsswitch.conf"
+msgstr "- Allows authentication through nsswitch.conf"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+msgid "- Can handle NIS(+) requests"
+msgstr "- Can handle NIS(+) requests"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+msgid "- Can handle LDAP requests"
+msgstr "- Can handle LDAP requests"
+
+#. type: Plain text
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+msgid "- Can handle PAM requests"
+msgstr "- Can handle PAM requests"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
 msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
+msgstr "Based on original code by"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
+msgstr "LDAP authentication helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
+msgstr "base DN"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
+msgstr "attribute"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
+msgstr "LDAP server name"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr "LDAP search filter"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
 msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 msgstr ""
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+msgstr "B<REQUIRED.> Specifies the base DN under which the users are located."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
+msgid ""
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
-msgstr "file name"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
+msgid ""
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
+msgstr ""
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
 msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
+#, fuzzy
+#| msgid ""
+#| "B<Note:> This can only be done if all your users are located directly "
+#| "under the same position in the LDAP tree and the login name is used for "
+#| "naming each user object. If your LDAP tree does not match these criterias "
+#| "or if you want to filter who are valid users then you need to use a "
+#| "search filter to search for your users DN ( B<-f> option)."
+msgid ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
+msgstr ""
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criterias or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
+msgid ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
+msgstr ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
+msgid ""
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
+msgstr ""
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
+msgid ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
+msgstr ""
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
+msgstr ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
+msgid ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
+msgstr ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
+msgid ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
+msgstr ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
+msgstr "when to dereference aliases. Defaults to B<never>"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
+#, fuzzy
+#| msgid ""
+#| "B<never> dereference aliases (default), B<always> dereference aliases, "
+#| "only while B<search ing> or only to B<find> the base object."
+msgid ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
+msgstr ""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"while B<search ing> or only to B<find> the base object."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
+#, fuzzy
+#| msgid ""
+#| "Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+#| "libraries).  Servers can also be specified last on the command line."
+msgid ""
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
+msgstr ""
+"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
+msgstr ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
+msgstr ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
+msgid ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
+msgstr ""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
+msgstr ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
+msgid ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
+msgstr ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
+msgid ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
+msgstr ""
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
+msgid ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
+msgstr ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
+msgstr ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
+msgid ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
+msgstr ""
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
+msgid ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
+msgstr ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
+msgstr "This program is written by"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
+msgstr "This manual is written by"
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
+msgid ""
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
+msgstr ""
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
+
+#. type: Plain text
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
+msgstr "Your favorite LDAP documentation."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
+#, fuzzy
+#| msgid "NCSA httpd-style password file authentication helper for Squid"
+msgid ""
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
+msgstr "NCSA httpd-style password file authentication helper for Squid"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
+msgstr "passwd file"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
+msgid ""
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
+msgstr ""
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
+msgstr "This password file can be manipulated using B<htpasswd.>"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
+msgid ""
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
+msgid ""
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
+msgstr ""
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
+msgid ""
+"B<basic_ncsa_auth> must have access to the password file to be executed."
+msgstr ""
+"B<basic_ncsa_auth> must have access to the password file to be executed."
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
+msgid ""
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
+msgstr "Based on original documentation by"
+
+#. type: Plain text
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
+msgid ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
+msgstr ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 msgstr ""
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
-msgstr ""
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+#, fuzzy
+#| msgid "LDAP authentication helper for Squid"
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
+msgstr "LDAP authentication helper for Squid"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
-msgstr ""
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
+msgstr "service name"
+
+#. type: Plain text
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
+msgstr "TTL"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:18
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
 msgstr ""
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
-msgstr "The configuration file format is as follows:"
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+msgstr "Specifies the PAM service name Squid uses, defaults to B<squid>"
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:33
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 msgstr ""
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/auth/basic/PAM/basic_pam_auth.8:38
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"Do not perform the PAM account management group (account expiration etc)"
 msgstr ""
+"Do not perform the PAM account management group (account expiration etc)"
 
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 msgstr ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
-msgstr "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-msgid "Version 1.3.0sq"
-msgstr "Version 1.3.0sq"
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
+#: src/auth/basic/PAM/basic_pam_auth.8:52
 msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
+#: src/auth/basic/PAM/basic_pam_auth.8:56
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
 msgstr ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
+
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
+msgstr "NOTES"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:64
 msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
-msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
-msgstr ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+msgstr "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
-msgstr "Write debug messages to stderr."
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
+msgstr "PAM Systems Administrator Guide"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
-msgstr "Write informational messages to stderr."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+#, fuzzy
+#| msgid "Squid RADIUS authentication helper"
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
+msgstr "Squid RADIUS authentication helper"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
+msgstr "config file"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
+msgstr "server name"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
-msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
+msgstr "identifier"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
+msgstr "secret"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
 msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
+msgstr "Alternative method of specifying the server to connect to"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
+msgid ""
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
+msgid ""
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
-#, fuzzy
-#| msgid ""
-#| "As the password needs to be printed in plain text in your Squid "
-#| "configuration it is strongly recommended to use a account with minimal "
-#| "associated privileges.  This to limit the damage in case someone could "
-#| "get hold of a copy of your Squid configuration file or extracts the "
-#| "password used from a process listing."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 msgstr ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-msgid "LDAP server bind path."
-msgstr "LDAP server bind path."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
+msgstr "RADIUS request timeout. Default is 10 seconds."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
+msgid ""
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
-msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
+msgstr "specifies the name or address of the RADIUS server to connect to."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
+msgstr "specifies the shared RADIUS secret."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
+"Specifies the port number or service name where the helper should connect."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
-msgstr ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+#, fuzzy
+#| msgid "specifies the shared RADIUS secret."
+msgid "Specifies the RADIUS request timeout."
+msgstr "specifies the shared RADIUS secret."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
+msgstr "With contributions from many others."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
 msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+msgstr "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
-msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
 #, no-wrap
-msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
-msgstr ""
+msgid " - use PAM authentication database\n"
+msgstr " - use PAM authentication database\n"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
 #, no-wrap
 msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
-msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
 #, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
+msgid ""
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
-msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+#, fuzzy
+#| msgid "Basic authentication protocol"
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
+msgstr "Basic authentication protocol"
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
-msgstr "Squid LDAP external acl group helper"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
-msgstr "Version 2.17"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
-msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
-msgstr "When to dereference aliases. Defaults to 'never'"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
-msgstr "B<REQUIRED.> Specifies the base DN under which the groups are located."
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
-msgstr "Specifies the base DN under which the users are located (if different)"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
 msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
+#, no-wrap
 msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
-msgstr "Specify the LDAP server to connect to"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
+msgstr "Based on prior work by"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
-msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
-msgstr ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+#: src/auth/digest/file/digest_file_auth.8:5
+#, fuzzy
+#| msgid "File based digest authentication helper for Squid."
+msgid "digest_file_auth - File based digest authentication helper for Squid."
+msgstr "File based digest authentication helper for Squid."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
-msgstr "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/digest/file/digest_file_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.1"
+msgstr "Version 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
-msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
-msgstr ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+msgid "file"
+msgstr "file"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
+#: src/auth/digest/file/digest_file_auth.8:17
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
-msgstr ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
-msgstr "Strip NT domain name component from user names (/ or \\e separated)"
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
+#: src/auth/digest/file/digest_file_auth.8:20
 msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
-msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
-msgstr "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/digest/file/digest_file_auth.8:51
+msgid ""
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
+#: src/auth/digest/file/digest_file_auth.8:59
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
-msgstr "Your favorite LDAP documentation"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+#, fuzzy
+#| msgid "Squid kerberos based authentication helper"
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
+msgstr "Squid kerberos based authentication helper"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
-msgstr "Version 1.22"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
+msgid "Version 3.0.4sq"
+msgstr "Version 3.0.4sq"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
+msgid ""
+"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
+"authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
+msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
+msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+"This helper is intended to be used as an B<authentication> helper in B<squid."
+"conf.>"
 msgstr ""
+"This helper is intended to be used as an B<authentication> helper in B<squid."
+"conf.>"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
+msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
+msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
+msgid ""
+"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
+"(usually only possible in a 5 minute window) . If squid is under high load "
+"with Negotiate(Kerberos) proxy authentication requests the replay cache "
+"checks can create high CPU load. If the environment does not require high "
+"security the replay cache check can be disabled for MIT based Kerberos "
+"implementations by adding the below to the startup script or use the -t none "
+"option."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
+msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
 msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+"If negotiate_kerberos_auth doesn't determine for some reason the right "
+"service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
+"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
+"option with negotiate_kerberos_auth."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
+"Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
-msgstr "with contributions by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
+msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
-msgstr "Based in part on prior work in B<check_group> by"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
+msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
-msgstr "Squid session tracking external acl helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-#, fuzzy
-#| msgid "Version 1.22"
-msgid "Version 1.2"
-msgstr "Version 1.22"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
+msgid ""
+"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
+"provides native access to the Security Service Provider Interface of Windows "
+"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
+"NEGOTIATE packets."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
-msgstr "database"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
+msgid "Specify a Windows Local Group name allowed to authenticate."
+msgstr "Specify a Windows Local Group name allowed to authenticate."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
-#, fuzzy
-#| msgid ""
-#| "B<Timeout> for any session. If not specified the default is 3600 seconds."
-msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
+msgid "Enables verbose NTLM packet debugging."
 msgstr ""
-"B<Timeout> for any session. If not specified the default is 3600 seconds."
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
-msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
+msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
-#, fuzzy
-#| msgid ""
-#| "Active mode. In this mode sessions are started by evaluating an acl with "
-#| "the argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
 msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+"Optionally the authenticator can verify the NT LOCAL group membership of the "
+"user against the User Group specified in the Authenticator's command line."
 msgstr ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT>"
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it, it works only with MACHINE "
+"Local Groups, not Domain Local Groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-#, fuzzy
-#| msgid "Configuration example using the default automatic mode"
-msgid "Passive session configuration example using the default automatic mode"
-msgstr "Configuration example using the default automatic mode"
-
-#. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"Better group checking is available with external ACL, see B<ext_ad_group_acl."
+"exe> documentation."
 msgstr ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-#, fuzzy
-#| msgid "Squid session tracking external acl helper."
-msgid "Squid time quota external acl helper."
-msgstr "Squid session tracking external acl helper."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
+msgid "B<squid.conf> typical minimal required changes:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
-msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
+msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+"Internet Explorer has some problems with B<ftp://> URLs when handling "
+"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
+"when placed before the authentication ACL:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
-msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
-msgstr ""
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
+msgid "Based on prior work in by"
+msgstr "Based on prior work in by"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
-msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
-msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
+msgid ""
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
 msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
+msgid ""
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
-msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
-msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
 msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
-#, no-wrap
-msgid "IMPLEMENTATION"
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+msgid "For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
 msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
-msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+#: src/squid.8.in:5
+msgid "squid - HTTP web proxy caching server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
-msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+#: src/squid.8.in:11
+msgid "facility"
+msgstr "facility"
+
+#. type: Plain text
+#: src/squid.8.in:13
+msgid "config-file"
+msgstr "config-file"
+
+#. type: Plain text
+#: src/squid.8.in:17
+msgid "signal"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
+#. type: Plain text
+#: src/squid.8.in:19
+msgid "service-name"
+msgstr "service-name"
+
+#. type: Plain text
+#: src/squid.8.in:21
+msgid "command-line"
+msgstr "command-line"
+
+#. type: Plain text
+#: src/squid.8.in:30
+msgid ""
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 msgstr ""
+"B<squid> is a high-performance proxy caching server for web clients, "
+"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
+"traditional caching software, Squid handles all requests in a single, non-"
+"blocking process."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
+#: src/squid.8.in:34
 msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 msgstr ""
+"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
+"lookups, supports non-blocking DNS lookups, and implements negative caching "
+"of failed requests."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
+#: src/squid.8.in:39
 msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 msgstr ""
+"Squid supports SSL, extensive access controls, and full request logging.  By "
+"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
+"caches can be arranged in a hierarchy or mesh for additional bandwidth "
+"savings."
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
+#: src/squid.8.in:47
 msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 msgstr ""
+"Squid consists of a main server program B<squid> , some optional programs "
+"for custom processing and authentication, and some management and client "
+"tools.  When squid starts up, it spawns a configurable number of helper "
+"processes, each of which can perform parallel lookups.  This reduces the "
+"amount of time the cache waits for results."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
-msgstr "Squid UNIX Group ACL helper"
+#: src/squid.8.in:49
+msgid "Squid is derived from the ARPA-funded Harvest Project."
+msgstr "Squid is derived from the ARPA-funded Harvest Project."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
-msgstr "group"
+#: src/squid.8.in:55
+msgid ""
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
+msgstr ""
+"This manual page only lists the command line arguments.  For details on how "
+"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
+"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
+"configuration manual on the Squid home page"
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/squid.8.in:64
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Specify HTTP port number where Squid should listen for requests, in addition "
+"to any B<http_port> specifications in B<squid.conf>"
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
-msgstr "Specifies a group name to match."
+#: src/squid.8.in:68
+msgid "Do not catch fatal signals."
+msgstr "Do not catch fatal signals."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
-msgstr "Also match the users primary group from B</etc/passwd>"
+#: src/squid.8.in:72
+msgid "Write debugging to stderr also."
+msgstr "Write debugging to stderr also."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
+#: src/squid.8.in:84
 msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 msgstr ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
+"file name starts with a B<!> or B<|> then it is assumed to be an external "
+"command or command line.  Can for example be used to pre-process the "
+"configuration before it is being read by Squid.  To facilitate this Squid "
+"also understands the common #line notion to indicate the real source file."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
-msgstr ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+#: src/squid.8.in:88
+msgid "Don't serve any requests until store is rebuilt."
+msgstr "Don't serve any requests until store is rebuilt."
+
+#. type: Plain text
+#: src/squid.8.in:92
+msgid "Print help message."
+msgstr "Print help message."
+
+#. type: Plain text
+#: src/squid.8.in:98
+msgid "Install as a Windows Service (see B<-n> option)."
+msgstr "Install as a Windows Service (see B<-n> option)."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/squid.8.in:105
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"Parse configuration file, then send signal to running copy (except B<-k "
+"parse> ) and exit."
 msgstr ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
-msgstr "Additionally bugs or bug-fixes can be reported to"
+#: src/squid.8.in:110
+msgid "Use specified syslog facility. Implies B<-s>"
+msgstr "Use specified syslog facility. Implies B<-s>"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
-msgstr "Squid kerberos based authentication helper"
+#: src/squid.8.in:115
+msgid ""
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
+msgstr ""
+"Specify Windows Service name to use for service operations, default is: "
+"B<Squid>"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
-msgid "Version 3.0.4sq"
-msgstr "Version 3.0.4sq"
+#: src/squid.8.in:119
+msgid "No daemon mode."
+msgstr "No daemon mode."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/squid.8.in:125
 msgid ""
-"B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
-"authenticate users via the Negotiate protocol and Kerberos."
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
-msgid "Remove realm from username before returning the username to squid."
-msgstr ""
+#: src/squid.8.in:129
+msgid "Set Windows Service Command line options in Registry."
+msgstr "Set Windows Service Command line options in Registry."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
-msgid "Provide Service Principal Name."
+#: src/squid.8.in:135
+msgid "Remove a Windows Service (see B<-n> option)."
+msgstr "Remove a Windows Service (see B<-n> option)."
+
+#. type: Plain text
+#: src/squid.8.in:141
+msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
+#: src/squid.8.in:146
 msgid ""
-"This helper is intended to be used as an B<authentication> helper in B<squid."
-"conf.>"
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
-"This helper is intended to be used as an B<authentication> helper in B<squid."
-"conf.>"
+"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
-msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
-msgstr ""
+#: src/squid.8.in:150
+msgid "Double-check swap during rebuild."
+msgstr "Double-check swap during rebuild."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
-msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
-msgstr ""
+#: src/squid.8.in:154
+msgid "Specify ICP port number (default: 3130), disable with 0."
+msgstr "Specify ICP port number (default: 3130), disable with 0."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
-msgid ""
-"Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
-"(usually only possible in a 5 minute window) . If squid is under high load "
-"with Negotiate(Kerberos) proxy authentication requests the replay cache "
-"checks can create high CPU load. If the environment does not require high "
-"security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
-msgstr ""
+#: src/squid.8.in:158
+msgid "Print version and build details."
+msgstr "Print version and build details."
+
+#. type: Plain text
+#: src/squid.8.in:162
+msgid "Force full debugging."
+msgstr "Force full debugging."
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
-msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
+#: src/squid.8.in:170
+msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/squid.8.in:178
 msgid ""
-"If negotiate_kerberos_auth doesn't determine for some reason the right "
-"service principal you can provide it with -s HTTP/fqdn."
+"Create missing swap directories and other missing cache_dir structures, then "
+"exit. All cache_dir types create the configured top-level directory if it is "
+"missing. Other actions are type-specific. For example, ufs-based storage "
+"systems create missing L1 and L2 directories while Rock creates the missing "
+"database file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
+#: src/squid.8.in:183
 msgid ""
-"If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
-"principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
-"option with negotiate_kerberos_auth."
+"This option does not enable validation of any present swap structures. Its "
+"focus is on creation of missing pieces. If nothing is missing, squid -z just "
+"exits. If you suspect cache_dir corruption, you must delete the top-level "
+"cache_dir directory before running squid -z."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
+#: src/squid.8.in:188
 msgid ""
-"B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
-"Windows,"
+"By default, squid -z runs in daemon mode (so that configuration macros and "
+"other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
-#. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
-msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
-msgstr ""
+#. type: SH
+#: src/squid.8.in:189
+#, no-wrap
+msgid "FILES"
+msgstr "FILES"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
-msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
+#: src/squid.8.in:191
+msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
+#: src/squid.8.in:197
 msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 msgstr ""
+"The main configuration file. You must initially make changes to this file "
+"for B<squid> to work. For example, the default configuration only allows "
+"access from RFC private LAN networks.  Some packaging distributions block "
+"even that."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
-"B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
-"provides native access to the Security Service Provider Interface of Windows "
-"for authenticating with NTLM / NTLMv2.  It has automatic support for NTLM "
-"NEGOTIATE packets."
+"Reference copy of the configuration file. Always kept up to date with the "
+"version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
-msgid "Specify a Windows Local Group name allowed to authenticate."
-msgstr "Specify a Windows Local Group name allowed to authenticate."
-
-#. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/squid.8.in:203
 msgid ""
-"Specify a Windows Local Group name which is to be denied authentication."
+"Use this to look up the default configuration settings and syntax after "
+"upgrading."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
-msgid "Enables verbose NTLM packet debugging."
+#: src/squid.8.in:212
+msgid ""
+"Use this to read the documentation for configuration options available in "
+"your build of Squid. The online configuration manual is also available for a "
+"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
-msgid "B<Allowing Users>"
-msgstr ""
+#: src/squid.8.in:217
+msgid "The main configuration file for the web B<cachemgr.cgi> tools."
+msgstr "The main configuration file for the web B<cachemgr.cgi> tools."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
-msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights \"logon from the network\"."
-msgstr ""
+#: src/squid.8.in:220
+msgid "The main configuration file for the Sample MSNT authenticator."
+msgstr "The main configuration file for the Sample MSNT authenticator."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: src/squid.8.in:225
 msgid ""
-"Optionally the authenticator can verify the NT LOCAL group membership of the "
-"user against the User Group specified in the Authenticator's command line."
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 msgstr ""
+"CSS Stylesheet to control the display of generated error pages.  Use this to "
+"set any company branding you need, it will apply to every language Squid "
+"provides error pages for."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
-msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it, it works only with MACHINE "
-"Local Groups, not Domain Local Groups."
+#: src/squid.8.in:228
+msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
-msgid ""
-"Better group checking is available with external ACL, see B<ext_ad_group_acl."
-"exe> documentation."
-msgstr ""
+#: src/squid.8.in:231
+msgid "MIME type mappings for FTP gatewaying"
+msgstr "MIME type mappings for FTP gatewaying"
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
-msgid "B<squid.conf> typical minimal required changes:"
-msgstr ""
+#: src/squid.8.in:234
+msgid "Location of Squid error pages and templates."
+msgstr "Location of Squid error pages and templates."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
-msgid "Refer to Squid documentation for more details."
+#: src/squid.8.in:237
+msgid ""
+"Squid was written over many years by a changing team of developers and "
+"maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: src/squid.8.in:244
 msgid ""
-"Internet Explorer has some problems with B<ftp://> URLs when handling "
-"internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
-"when placed before the authentication ACL:"
+"With contributions from many others in the Squid community.  see "
+"CONTRIBUTORS for a full list of individuals who contributed code.  see "
+"CREDITS for a list of major code contributing copyright holders."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
-msgid "Based on prior work in by"
-msgstr "Based on prior work in by"
+#: tools/cachemgr.cgi.8.in:5
+#, fuzzy
+#| msgid "Squid HTTP proxy manager CGI web interface"
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
+msgstr "Squid HTTP proxy manager CGI web interface"
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
+#: tools/cachemgr.cgi.8.in:16
+msgid ""
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 msgstr ""
+"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
+"statistics about the Squid HTTP proxy process as it runs. The cache manager "
+"is a convenient way to manage the cache and view statistics without logging "
+"into the server."
 
 #. type: Plain text
-#: src/squid.8.in:13
-msgid "facility"
-msgstr "facility"
-
-#. type: Plain text
-#: src/squid.8.in:15
-msgid "config-file"
-msgstr "config-file"
-
-#. type: Plain text
-#: src/squid.8.in:19
-msgid "signal"
+#: tools/cachemgr.cgi.8.in:20
+msgid ""
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 msgstr ""
+"Configuration examples for many common web servers can be found in the Squid "
+"FAQ wiki."
 
 #. type: Plain text
-#: src/squid.8.in:21
-msgid "service-name"
-msgstr "service-name"
+#: tools/cachemgr.cgi.8.in:32
+msgid ""
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
+msgstr ""
+"The access configuration file defining which Squid servers may be managed "
+"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
+"followed by an optional description"
 
 #. type: Plain text
-#: src/squid.8.in:23
-msgid "command-line"
-msgstr "command-line"
+#: tools/cachemgr.cgi.8.in:36
+msgid ""
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
+msgstr ""
+"The server name may contain shell wildcard characters such as *, [] etc.  A "
+"quick selection dropdown menu is automatically constructed from the simple "
+"server names."
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
 msgstr ""
-"B<squid> is a high-performance proxy caching server for web clients, "
-"supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
-"traditional caching software, Squid handles all requests in a single, non-"
-"blocking process."
+"Specifying :port is optional. If not specified then the default proxy port "
+"is assumed. :* or :any matches any port on the target server."
+
+#. type: SH
+#: tools/cachemgr.cgi.8.in:41
+#, no-wrap
+msgid "SECURITY"
+msgstr "SECURITY"
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 msgstr ""
-"Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
-"lookups, supports non-blocking DNS lookups, and implements negative caching "
-"of failed requests."
+"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
+"and returns a formatted version of the response. To avoid abuse it is "
+"recommended to configure your web server to restrict access to the "
+"B<cachemgr.cgi> program."
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: tools/cachemgr.cgi.8.in:54
+#, fuzzy
+#| msgid ""
+#| "Derived from Harvest. Further developed by by numerous individuals from "
+#| "the internet community. Development is led by Duane Wessels of the "
+#| "National Laboratory for Applied Network Research and funded by the "
+#| "National Science Foundation."
 msgid ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
+"Derived from Harvest. Further developed by numerous individuals from the "
+"internet community. Development is led by Duane Wessels of the National "
+"Laboratory for Applied Network Research and funded by the National Science "
+"Foundation."
 msgstr ""
-"Squid supports SSL, extensive access controls, and full request logging.  By "
-"using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
-"caches can be arranged in a hierarchy or mesh for additional bandwidth "
-"savings."
+"Derived from Harvest. Further developed by by numerous individuals from the "
+"internet community. Development is led by Duane Wessels of the National "
+"Laboratory for Applied Network Research and funded by the National Science "
+"Foundation."
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
 msgid ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
+"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
+"you need to include with your bug report."
 msgstr ""
-"Squid consists of a main server program B<squid> , some optional programs "
-"for custom processing and authentication, and some management and client "
-"tools.  When squid starts up, it spawns a configurable number of helper "
-"processes, each of which can perform parallel lookups.  This reduces the "
-"amount of time the cache waits for results."
 
 #. type: Plain text
-#: src/squid.8.in:51
-msgid "Squid is derived from the ARPA-funded Harvest Project."
-msgstr "Squid is derived from the ARPA-funded Harvest Project."
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: tools/purge/purge.1:21
 msgid ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
 msgstr ""
-"This manual page only lists the command line arguments.  For details on how "
-"to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
-"Squid wiki FAQ and examples at http://wiki.squid-cache.org/ , or the "
-"configuration manual on the Squid home page"
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: tools/purge/purge.1:23
 msgid ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
+"This is a tool for expert usage only, use it under your own responsibility."
 msgstr ""
-"Specify HTTP port number where Squid should listen for requests, in addition "
-"to any B<http_port> specifications in B<squid.conf>"
 
 #. type: Plain text
-#: src/squid.8.in:70
-msgid "Do not catch fatal signals."
-msgstr "Do not catch fatal signals."
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:74
-msgid "Write debugging to stderr also."
-msgstr "Write debugging to stderr also."
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: tools/purge/purge.1:43
 msgid ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
 msgstr ""
-"Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
-"file name starts with a B<!> or B<|> then it is assumed to be an external "
-"command or command line.  Can for example be used to pre-process the "
-"configuration before it is being read by Squid.  To facilitate this Squid "
-"also understands the common #line notion to indicate the real source file."
-
-#. type: Plain text
-#: src/squid.8.in:90
-msgid "Don't serve any requests until store is rebuilt."
-msgstr "Don't serve any requests until store is rebuilt."
 
 #. type: Plain text
-#: src/squid.8.in:94
-msgid "Print help message."
-msgstr "Print help message."
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
-msgid "Install as a Windows Service (see B<-n> option)."
-msgstr "Install as a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: tools/purge/purge.1:56
 msgid ""
-"Parse configuration file, then send signal to running copy (except B<-k "
-"parse> ) and exit."
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
-msgid "Use specified syslog facility. Implies B<-s>"
-msgstr "Use specified syslog facility. Implies B<-s>"
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: tools/purge/purge.1:63
 msgid ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
 msgstr ""
-"Specify Windows Service name to use for service operations, default is: "
-"B<Squid>"
 
 #. type: Plain text
-#: src/squid.8.in:121
-msgid "No daemon mode."
-msgstr "No daemon mode."
+#: tools/purge/purge.1:65
+msgid "default: 0"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:125
-msgid "Set Windows Service Command line options in Registry."
-msgstr "Set Windows Service Command line options in Registry."
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
-msgid "Remove a Windows Service (see B<-n> option)."
-msgstr "Remove a Windows Service (see B<-n> option)."
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:137
-msgid "Do not set B<REUSEADDR> on port."
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: tools/purge/purge.1:91
 msgid ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
 msgstr ""
-"Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 
 #. type: Plain text
-#: src/squid.8.in:146
-msgid "Double-check swap during rebuild."
-msgstr "Double-check swap during rebuild."
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
-msgid "Specify ICP port number (default: 3130), disable with 0."
-msgstr "Specify ICP port number (default: 3130), disable with 0."
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
-msgid "Print version and build details."
-msgstr "Print version and build details."
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
-msgid "Force full debugging."
-msgstr "Force full debugging."
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
-msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: tools/purge/purge.1:125
 msgid ""
-"Create missing swap directories and other missing cache_dir structures, then "
-"exit. All cache_dir types create the configured top-level directory if it is "
-"missing. Other actions are type-specific. For example, ufs-based storage "
-"systems create missing L1 and L2 directories while Rock creates the missing "
-"database file."
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
-msgid ""
-"This option does not enable validation of any present swap structures. Its "
-"focus is on creation of missing pieces. If nothing is missing, squid -z just "
-"exits. If you suspect cache_dir corruption, you must delete the top-level "
-"cache_dir directory before running squid -z."
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
-msgid ""
-"By default, squid -z runs in daemon mode (so that configuration macros and "
-"other SMP features work as expected). Use B<-N> option to overwrite this."
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
 msgstr ""
 
-#. type: SH
-#: src/squid.8.in:185
-#, no-wrap
-msgid "FILES"
-msgstr "FILES"
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:187
-msgid "Squid configuration files located in @SYSCONFDIR@/:"
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: tools/purge/purge.1:145
 msgid ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
 msgstr ""
-"The main configuration file. You must initially make changes to this file "
-"for B<squid> to work. For example, the default configuration only allows "
-"access from RFC private LAN networks.  Some packaging distributions block "
-"even that."
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: tools/purge/purge.1:152
 msgid ""
-"Reference copy of the configuration file. Always kept up to date with the "
-"version of Squid you are using."
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: tools/purge/purge.1:157
 msgid ""
-"Use this to look up the default configuration settings and syntax after "
-"upgrading."
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
-msgid ""
-"Use this to read the documentation for configuration options available in "
-"your build of Squid. The online configuration manual is also available for a "
-"full reference of options.  B<see>http://www.squid-cache.org/Doc/config/"
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
-msgid "The main configuration file for the web B<cachemgr.cgi> tools."
-msgstr "The main configuration file for the web B<cachemgr.cgi> tools."
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
-msgid "The main configuration file for the Sample MSNT authenticator."
-msgstr "The main configuration file for the Sample MSNT authenticator."
+#: tools/purge/purge.1:166
+#, fuzzy
+#| msgid "I<*.default files>"
+msgid "default: off"
+msgstr "I<*.default files>"
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: tools/purge/purge.1:171
 msgid ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
+"be verbose in the things reported about the file. See the output section "
+"below."
 msgstr ""
-"CSS Stylesheet to control the display of generated error pages.  Use this to "
-"set any company branding you need, it will apply to every language Squid "
-"provides error pages for."
 
 #. type: Plain text
-#: src/squid.8.in:224
-msgid "Some files also located elsewhere:"
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
-msgid "MIME type mappings for FTP gatewaying"
-msgstr "MIME type mappings for FTP gatewaying"
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
 
-#. type: Plain text
-#: src/squid.8.in:230
-msgid "Location of Squid error pages and templates."
-msgstr "Location of Squid error pages and templates."
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
+msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: tools/purge/purge.1:198
 msgid ""
-"Squid was written over many years by a changing team of developers and "
-"maintained in turn by"
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: tools/purge/purge.1:205
+#, no-wrap
 msgid ""
-"With contributions from many others in the Squid community.  see "
-"CONTRIBUTORS for a full list of individuals who contributed code.  see "
-"CREDITS for a list of major code contributing copyright holders."
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:255
+#: tools/purge/purge.1:209
 msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
 msgstr ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
 
 #. type: Plain text
-#: src/squid.8.in:257
+#: tools/purge/purge.1:214
 msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
-msgstr "Squid HTTP proxy manager CGI web interface"
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
+msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
-msgid ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
 msgstr ""
-"The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
-"statistics about the Squid HTTP proxy process as it runs. The cache manager "
-"is a convenient way to manage the cache and view statistics without logging "
-"into the server."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/purge/purge.1:232
 msgid ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
 msgstr ""
-"Configuration examples for many common web servers can be found in the Squid "
-"FAQ wiki."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
-msgid ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
 msgstr ""
-"The access configuration file defining which Squid servers may be managed "
-"via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
-"followed by an optional description"
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/purge/purge.1:238
 msgid ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
 msgstr ""
-"The server name may contain shell wildcard characters such as *, [] etc.  A "
-"quick selection dropdown menu is automatically constructed from the simple "
-"server names."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
-msgid ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
 msgstr ""
-"Specifying :port is optional. If not specified then the default proxy port "
-"is assumed. :* or :any matches any port on the target server."
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/purge/purge.1:241
 #, no-wrap
-msgid "SECURITY"
-msgstr "SECURITY"
+msgid "TODO"
+msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/purge/purge.1:248
 msgid ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
 msgstr ""
-"B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
-"and returns a formatted version of the response. To avoid abuse it is "
-"recommended to configure your web server to restrict access to the "
-"B<cachemgr.cgi> program."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
-#, fuzzy
-#| msgid ""
-#| "Derived from Harvest. Further developed by by numerous individuals from "
-#| "the internet community. Development is led by Duane Wessels of the "
-#| "National Laboratory for Applied Network Research and funded by the "
-#| "National Science Foundation."
+#: tools/purge/purge.1:251
 msgid ""
-"Derived from Harvest. Further developed by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
 msgstr ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
-msgid ""
-"See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
-"you need to include with your bug report."
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+#, fuzzy
+#| msgid "This program and documentation was written by"
+msgid "This program and manual was written by"
+msgstr "This program and documentation was written by"
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based on original squidpurge README."
+msgstr "Based on original code by"
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:5
+#, fuzzy
+#| msgid "A simple HTTP web client tool"
+msgid "squidclient - A simple HTTP web client tool"
 msgstr "A simple HTTP web client tool"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr "string"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr "remote host"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr "IMS"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr "Host header"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr "local host"
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr "method"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr "count"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr "user"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr "version"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr "password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr "url"
 
@@ -4141,7 +4862,22 @@ msgid "interval"
 msgstr "ping interval"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -4156,64 +4892,73 @@ msgstr ""
 "management information are provided."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr "Do NOT include Accept: header."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+#, fuzzy
+#| msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr "Retrieve URL from cache on hostname.  Default is B<localhost>"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+#, fuzzy
+#| msgid "Extra headers to send. Use B<'\\n'> for new lines."
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr "Extra headers to send. Use B<'\\n'> for new lines."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr "If-Modified-Since time (in Epoch seconds)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr "Host header content"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr "Specify a local IP address to bind to.  Default is none."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
-msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+#: tools/squidclient/squidclient.1:122
+#, fuzzy
+#| msgid ""
+#| "Request method, default is\n"
+#| "I<GET.>\n"
+#| "Squid also supports a non-standard method called\n"
+#| "I<PURGE.>\n"
+#| "You can use that to purge a specific URL from the cache.\n"
+#| "You need to have\n"
+#| "I<purge>\n"
+#| "access setup in\n"
+#| "B<squid.conf>\n"
+#| "similar to\n"
+#| "I<manager>\n"
+#| " access. Here is an example:\n"
+msgid ""
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 "Request method, default is\n"
 "I<GET.>\n"
@@ -4229,114 +4974,175 @@ msgstr ""
 " access. Here is an example:\n"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr "Port number of cache.  Default is 3128."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr "Request body. Using the named file as data."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr "Force cache to reload URL."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr "Silent.  Do not print data to stdout."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr "Trace I<count> HTTP relay or proxy hops"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr "Timeout value (seconds) for read/write operations."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr "Proxy authentication username"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr "WWW authentication username"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr "Verbose. Print outgoing message to stderr."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr "Proxy authentication password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr "WWW authentication password"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 #, fuzzy
 #| msgid ""
 #| "Ping mode, perform I<count> iterations (0 to loop until interrupted)."
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr "Ping mode, perform I<count> iterations (0 to loop until interrupted)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr "Ping interval in seconds (default 1 second)."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+
+#~ msgid "Squid PAM Basic authentication helper"
+#~ msgstr "Squid PAM Basic authentication helper"
+
+#~ msgid ""
+#~ "This program is free software; you can redistribute it and/or modify it "
+#~ "under the terms of the GNU General Public License (version 2) as "
+#~ "published by the Free Software Foundation.  It is distributed in the hope "
+#~ "that it will be useful, but WITHOUT ANY WARRANTY; without even the "
+#~ "implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  "
+#~ "See the GNU General Public License for more details."
+#~ msgstr ""
+#~ "This program is free software; you can redistribute it and/or modify it "
+#~ "under the terms of the GNU General Public License (version 2) as "
+#~ "published by the Free Software Foundation.  It is distributed in the hope "
+#~ "that it will be useful, but WITHOUT ANY WARRANTY; without even the "
+#~ "implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  "
+#~ "See the GNU General Public License for more details."
+
+#~ msgid "local host"
+#~ msgstr "local host"
+
+#~ msgid ""
+#~ "Derived from Harvest. Further developed by by numerous individuals from "
+#~ "the internet community. Development is led by Duane Wessels of the "
+#~ "National Laboratory for Applied Network Research and funded by the "
+#~ "National Science Foundation."
+#~ msgstr ""
+#~ "Derived from Harvest. Further developed by by numerous individuals from "
+#~ "the internet community. Development is led by Duane Wessels of the "
+#~ "National Laboratory for Applied Network Research and funded by the "
+#~ "National Science Foundation."
 
 #~ msgid "Create swap directories"
 #~ msgstr "Create swap directories"
@@ -4391,9 +5197,6 @@ msgstr ""
 #~ msgid "Squid LDAP Auth"
 #~ msgstr "Squid LDAP Auth"
 
-#~ msgid "I<*.default files>"
-#~ msgstr "I<*.default files>"
-
 #~ msgid "B<The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq>"
 #~ msgstr "B<The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq>"
 
diff --git a/doc/manuals/manuals.pot b/doc/manuals/manuals.pot
index ee7c0dd0b8..adc4f35758 100644
--- a/doc/manuals/manuals.pot
+++ b/doc/manuals/manuals.pot
@@ -3,171 +3,359 @@
 # This file is distributed under the same license as the PACKAGE package.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
-#, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: Squid-3\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"Project-Id-Version: Squid-5\n"
+"POT-Creation-Date: 2017-05-29 22:50+1200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
+"Language-Team: Squid Developers <squid-dev@lists.squid-cache.org>\n"
 "Language: \n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3 helpers/basic_auth/LDAP/basic_ldap_auth.8:3 helpers/basic_auth/NCSA/basic_ncsa_auth.8:3 helpers/basic_auth/PAM/basic_pam_auth.8:3 helpers/basic_auth/RADIUS/basic_radius_auth.8:3 helpers/basic_auth/SASL/basic_sasl_auth.8:3 helpers/basic_auth/SSPI/basic_sspi_auth.8:3 helpers/digest_auth/file/digest_file_auth.8:3 helpers/external_acl/AD_group/ext_ad_group_acl.8:3 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3 helpers/external_acl/file_userip/ext_file_userip_acl.8:3 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3 helpers/external_acl/LM_group/ext_lm_group_acl.8:3 helpers/external_acl/session/ext_session_acl.8:3 helpers/external_acl/time_quota/ext_time_quota_acl.8:3 helpers/external_acl/unix_group/ext_unix_group_acl.8:3 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3 src/acl/external/file_userip/ext_file_userip_acl.8:3 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3 src/acl/external/LDAP_group/ext_ldap_group_acl.8:3 src/acl/external/LM_group/ext_lm_group_acl.8:3 src/acl/external/session/ext_session_acl.8:3 src/acl/external/time_quota/ext_time_quota_acl.8:3 src/acl/external/unix_group/ext_unix_group_acl.8:3 src/auth/basic/getpwnam/basic_getpwnam_auth.8:3 src/auth/basic/LDAP/basic_ldap_auth.8:3 src/auth/basic/NCSA/basic_ncsa_auth.8:3 src/auth/basic/PAM/basic_pam_auth.8:3 src/auth/basic/RADIUS/basic_radius_auth.8:3 src/auth/basic/SASL/basic_sasl_auth.8:3 src/auth/basic/SSPI/basic_sspi_auth.8:3 src/auth/digest/file/digest_file_auth.8:3 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3 src/security/cert_generators/file/security_file_certgen.8.in:3 src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3 tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7 src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8 helpers/basic_auth/LDAP/basic_ldap_auth.8:8 helpers/basic_auth/NCSA/basic_ncsa_auth.8:8 helpers/basic_auth/PAM/basic_pam_auth.8:8 helpers/basic_auth/RADIUS/basic_radius_auth.8:8 helpers/basic_auth/SASL/basic_sasl_auth.8:10 helpers/basic_auth/SSPI/basic_sspi_auth.8:10 helpers/digest_auth/file/digest_file_auth.8:10 helpers/external_acl/AD_group/ext_ad_group_acl.8:10 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10 helpers/external_acl/file_userip/ext_file_userip_acl.8:10 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10 helpers/external_acl/LM_group/ext_lm_group_acl.8:10 helpers/external_acl/session/ext_session_acl.8:10 helpers/external_acl/time_quota/ext_time_quota_acl.8:10 helpers/external_acl/unix_group/ext_unix_group_acl.8:8 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8 tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8 src/acl/external/file_userip/ext_file_userip_acl.8:8 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8 src/acl/external/LDAP_group/ext_ldap_group_acl.8:8 src/acl/external/LM_group/ext_lm_group_acl.8:8 src/acl/external/session/ext_session_acl.8:8 src/acl/external/time_quota/ext_time_quota_acl.8:8 src/acl/external/unix_group/ext_unix_group_acl.8:6 src/auth/basic/getpwnam/basic_getpwnam_auth.8:6 src/auth/basic/LDAP/basic_ldap_auth.8:6 src/auth/basic/NCSA/basic_ncsa_auth.8:6 src/auth/basic/PAM/basic_pam_auth.8:6 src/auth/basic/RADIUS/basic_radius_auth.8:6 src/auth/basic/SASL/basic_sasl_auth.8:8 src/auth/basic/SSPI/basic_sspi_auth.8:8 src/auth/digest/file/digest_file_auth.8:8 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8 src/security/cert_generators/file/security_file_certgen.8.in:8 src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6 tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr ""
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12 src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11 helpers/basic_auth/LDAP/basic_ldap_auth.8:39 helpers/basic_auth/NCSA/basic_ncsa_auth.8:12 helpers/basic_auth/PAM/basic_pam_auth.8:15 helpers/basic_auth/RADIUS/basic_radius_auth.8:26 helpers/basic_auth/SASL/basic_sasl_auth.8:13 helpers/basic_auth/SSPI/basic_sspi_auth.8:20 helpers/digest_auth/file/digest_file_auth.8:15 helpers/external_acl/AD_group/ext_ad_group_acl.8:16 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33 helpers/external_acl/file_userip/ext_file_userip_acl.8:16 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26 helpers/external_acl/LM_group/ext_lm_group_acl.8:16 helpers/external_acl/session/ext_session_acl.8:18 helpers/external_acl/time_quota/ext_time_quota_acl.8:14 helpers/external_acl/unix_group/ext_unix_group_acl.8:15 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25 tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31 src/acl/external/file_userip/ext_file_userip_acl.8:14 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12 src/acl/external/LDAP_group/ext_ldap_group_acl.8:24 src/acl/external/LM_group/ext_lm_group_acl.8:14 src/acl/external/session/ext_session_acl.8:16 src/acl/external/time_quota/ext_time_quota_acl.8:12 src/acl/external/unix_group/ext_unix_group_acl.8:13 src/auth/basic/getpwnam/basic_getpwnam_auth.8:9 src/auth/basic/LDAP/basic_ldap_auth.8:37 src/auth/basic/NCSA/basic_ncsa_auth.8:10 src/auth/basic/PAM/basic_pam_auth.8:13 src/auth/basic/RADIUS/basic_radius_auth.8:24 src/auth/basic/SASL/basic_sasl_auth.8:11 src/auth/basic/SSPI/basic_sspi_auth.8:18 src/auth/digest/file/digest_file_auth.8:13 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16 src/security/cert_generators/file/security_file_certgen.8.in:30 src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10 tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
+msgid "B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24 src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-msgid "- Allows authentication of all known local users"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-msgid "- Allows authentication through nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-msgid "- Can handle NIS(+) requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-msgid "- Can handle LDAP requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42 src/acl/external/file_userip/ext_file_userip_acl.8:21 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63 src/acl/external/LDAP_group/ext_ldap_group_acl.8:47 src/acl/external/LM_group/ext_lm_group_acl.8:25 src/acl/external/session/ext_session_acl.8:32 src/acl/external/time_quota/ext_time_quota_acl.8:22 src/acl/external/unix_group/ext_unix_group_acl.8:17 src/auth/basic/LDAP/basic_ldap_auth.8:60 src/auth/basic/NCSA/basic_ncsa_auth.8:33 src/auth/basic/PAM/basic_pam_auth.8:19 src/auth/basic/RADIUS/basic_radius_auth.8:29 src/auth/basic/SSPI/basic_sspi_auth.8:32 src/auth/digest/file/digest_file_auth.8:21 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22 src/security/cert_generators/file/security_file_certgen.8.in:41 src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-msgid "- Can handle PAM requests"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61 src/acl/external/file_userip/ext_file_userip_acl.8:25 src/acl/external/LM_group/ext_lm_group_acl.8:33 src/acl/external/unix_group/ext_unix_group_acl.8:21 src/auth/basic/SSPI/basic_sspi_auth.8:40 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30 src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80 src/acl/external/file_userip/ext_file_userip_acl.8:35 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67 src/acl/external/LM_group/ext_lm_group_acl.8:45 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38 src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38 helpers/basic_auth/LDAP/basic_ldap_auth.8:244 helpers/basic_auth/NCSA/basic_ncsa_auth.8:39 helpers/basic_auth/PAM/basic_pam_auth.8:41 helpers/basic_auth/RADIUS/basic_radius_auth.8:61 helpers/basic_auth/SASL/basic_sasl_auth.8:19 helpers/basic_auth/SSPI/basic_sspi_auth.8:51 helpers/digest_auth/file/digest_file_auth.8:25 helpers/external_acl/AD_group/ext_ad_group_acl.8:73 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142 helpers/external_acl/file_userip/ext_file_userip_acl.8:38 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211 helpers/external_acl/LM_group/ext_lm_group_acl.8:52 helpers/external_acl/session/ext_session_acl.8:74 helpers/external_acl/time_quota/ext_time_quota_acl.8:58 helpers/external_acl/unix_group/ext_unix_group_acl.8:36 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140 src/acl/external/file_userip/ext_file_userip_acl.8:36 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132 src/acl/external/LDAP_group/ext_ldap_group_acl.8:209 src/acl/external/LM_group/ext_lm_group_acl.8:50 src/acl/external/session/ext_session_acl.8:72 src/acl/external/time_quota/ext_time_quota_acl.8:56 src/acl/external/unix_group/ext_unix_group_acl.8:34 src/auth/basic/getpwnam/basic_getpwnam_auth.8:36 src/auth/basic/LDAP/basic_ldap_auth.8:242 src/auth/basic/NCSA/basic_ncsa_auth.8:37 src/auth/basic/PAM/basic_pam_auth.8:39 src/auth/basic/RADIUS/basic_radius_auth.8:59 src/auth/basic/SASL/basic_sasl_auth.8:17 src/auth/basic/SSPI/basic_sspi_auth.8:49 src/auth/digest/file/digest_file_auth.8:26 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43 src/security/cert_generators/file/security_file_certgen.8.in:107 tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64 helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+msgid "As Exampled:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
+msgid "When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"In the previous example all validated AD users member of "
+"I<MYDOMAIN\\GProxyUsers> domain group or member of I<LProxyUsers> machine "
+"local group are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the "
+"B<-A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170 src/acl/external/LM_group/ext_lm_group_acl.8:114 src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188 src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded "
+"I<domain%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192 src/acl/external/AD_group/ext_ad_group_acl.8:207 src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196 src/acl/external/AD_group/ext_ad_group_acl.8:211 src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203 src/acl/external/AD_group/ext_ad_group_acl.8:218 src/acl/external/LM_group/ext_lm_group_acl.8:146 src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid "Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222 src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226 src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid "Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65 helpers/basic_auth/LDAP/basic_ldap_auth.8:300 helpers/basic_auth/NCSA/basic_ncsa_auth.8:53 helpers/basic_auth/PAM/basic_pam_auth.8:80 helpers/basic_auth/RADIUS/basic_radius_auth.8:89 helpers/basic_auth/SASL/basic_sasl_auth.8:75 helpers/basic_auth/SSPI/basic_sspi_auth.8:123 helpers/digest_auth/file/digest_file_auth.8:59 helpers/external_acl/AD_group/ext_ad_group_acl.8:229 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187 helpers/external_acl/file_userip/ext_file_userip_acl.8:75 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232 helpers/external_acl/LM_group/ext_lm_group_acl.8:157 helpers/external_acl/session/ext_session_acl.8:97 helpers/external_acl/time_quota/ext_time_quota_acl.8:216 helpers/external_acl/unix_group/ext_unix_group_acl.8:68 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231 tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185 src/acl/external/file_userip/ext_file_userip_acl.8:73 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218 src/acl/external/LDAP_group/ext_ldap_group_acl.8:230 src/acl/external/LM_group/ext_lm_group_acl.8:155 src/acl/external/session/ext_session_acl.8:95 src/acl/external/time_quota/ext_time_quota_acl.8:214 src/acl/external/unix_group/ext_unix_group_acl.8:66 src/auth/basic/getpwnam/basic_getpwnam_auth.8:63 src/auth/basic/LDAP/basic_ldap_auth.8:298 src/auth/basic/NCSA/basic_ncsa_auth.8:51 src/auth/basic/PAM/basic_pam_auth.8:78 src/auth/basic/RADIUS/basic_radius_auth.8:87 src/auth/basic/SASL/basic_sasl_auth.8:73 src/auth/basic/SSPI/basic_sspi_auth.8:121 src/auth/digest/file/digest_file_auth.8:60 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90 src/security/cert_generators/file/security_file_certgen.8.in:143 src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254 tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67 helpers/basic_auth/SASL/basic_sasl_auth.8:77 helpers/basic_auth/SSPI/basic_sspi_auth.8:125 helpers/digest_auth/file/digest_file_auth.8:61 helpers/external_acl/AD_group/ext_ad_group_acl.8:231 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189 helpers/external_acl/file_userip/ext_file_userip_acl.8:77 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234 helpers/external_acl/LM_group/ext_lm_group_acl.8:159 helpers/external_acl/unix_group/ext_unix_group_acl.8:70 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187 src/acl/external/file_userip/ext_file_userip_acl.8:75 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220 src/acl/external/LDAP_group/ext_ldap_group_acl.8:232 src/acl/external/LM_group/ext_lm_group_acl.8:157 src/acl/external/unix_group/ext_unix_group_acl.8:68 src/auth/basic/getpwnam/basic_getpwnam_auth.8:65 src/auth/basic/SASL/basic_sasl_auth.8:75 src/auth/basic/SSPI/basic_sspi_auth.8:123 src/auth/digest/file/digest_file_auth.8:62 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92 src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75 helpers/basic_auth/NCSA/basic_ncsa_auth.8:55 helpers/basic_auth/RADIUS/basic_radius_auth.8:97 helpers/basic_auth/SASL/basic_sasl_auth.8:80 helpers/basic_auth/SSPI/basic_sspi_auth.8:134 helpers/digest_auth/file/digest_file_auth.8:68 helpers/external_acl/AD_group/ext_ad_group_acl.8:237 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192 helpers/external_acl/file_userip/ext_file_userip_acl.8:80 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243 helpers/external_acl/LM_group/ext_lm_group_acl.8:169 helpers/external_acl/unix_group/ext_unix_group_acl.8:73 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190 src/acl/external/file_userip/ext_file_userip_acl.8:78 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223 src/acl/external/LDAP_group/ext_ldap_group_acl.8:241 src/acl/external/LM_group/ext_lm_group_acl.8:167 src/acl/external/unix_group/ext_unix_group_acl.8:71 src/auth/basic/getpwnam/basic_getpwnam_auth.8:73 src/auth/basic/NCSA/basic_ncsa_auth.8:53 src/auth/basic/RADIUS/basic_radius_auth.8:95 src/auth/basic/SASL/basic_sasl_auth.8:78 src/auth/basic/SSPI/basic_sspi_auth.8:132 src/auth/digest/file/digest_file_auth.8:69 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99 src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77 helpers/basic_auth/LDAP/basic_ldap_auth.8:308 helpers/basic_auth/NCSA/basic_ncsa_auth.8:60 helpers/basic_auth/PAM/basic_pam_auth.8:84 helpers/basic_auth/RADIUS/basic_radius_auth.8:99 helpers/basic_auth/SASL/basic_sasl_auth.8:83 helpers/basic_auth/SSPI/basic_sspi_auth.8:137 helpers/digest_auth/file/digest_file_auth.8:71 helpers/external_acl/AD_group/ext_ad_group_acl.8:240 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195 helpers/external_acl/file_userip/ext_file_userip_acl.8:83 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245 helpers/external_acl/LM_group/ext_lm_group_acl.8:172 helpers/external_acl/session/ext_session_acl.8:102 helpers/external_acl/time_quota/ext_time_quota_acl.8:220 helpers/external_acl/unix_group/ext_unix_group_acl.8:75 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241 tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193 src/acl/external/file_userip/ext_file_userip_acl.8:81 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225 src/acl/external/LDAP_group/ext_ldap_group_acl.8:243 src/acl/external/LM_group/ext_lm_group_acl.8:170 src/acl/external/session/ext_session_acl.8:100 src/acl/external/time_quota/ext_time_quota_acl.8:218 src/acl/external/unix_group/ext_unix_group_acl.8:73 src/auth/basic/getpwnam/basic_getpwnam_auth.8:75 src/auth/basic/LDAP/basic_ldap_auth.8:306 src/auth/basic/NCSA/basic_ncsa_auth.8:58 src/auth/basic/PAM/basic_pam_auth.8:82 src/auth/basic/RADIUS/basic_radius_auth.8:97 src/auth/basic/SASL/basic_sasl_auth.8:81 src/auth/basic/SSPI/basic_sspi_auth.8:135 src/auth/digest/file/digest_file_auth.8:72 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102 src/security/cert_generators/file/security_file_certgen.8.in:151 src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261 tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79 helpers/basic_auth/LDAP/basic_ldap_auth.8:310 helpers/basic_auth/RADIUS/basic_radius_auth.8:101 helpers/basic_auth/SASL/basic_sasl_auth.8:85 helpers/basic_auth/SSPI/basic_sspi_auth.8:139 helpers/digest_auth/file/digest_file_auth.8:73 helpers/external_acl/AD_group/ext_ad_group_acl.8:242 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197 helpers/external_acl/file_userip/ext_file_userip_acl.8:85 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247 helpers/external_acl/LM_group/ext_lm_group_acl.8:174 helpers/external_acl/session/ext_session_acl.8:104 helpers/external_acl/time_quota/ext_time_quota_acl.8:222 helpers/external_acl/unix_group/ext_unix_group_acl.8:77 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200 src/acl/external/file_userip/ext_file_userip_acl.8:88 src/acl/external/LDAP_group/ext_ldap_group_acl.8:250 src/acl/external/LM_group/ext_lm_group_acl.8:177 src/acl/external/session/ext_session_acl.8:107 src/acl/external/time_quota/ext_time_quota_acl.8:225 src/acl/external/unix_group/ext_unix_group_acl.8:80 src/auth/basic/getpwnam/basic_getpwnam_auth.8:82 src/auth/basic/LDAP/basic_ldap_auth.8:313 src/auth/basic/NCSA/basic_ncsa_auth.8:65 src/auth/basic/PAM/basic_pam_auth.8:89 src/auth/basic/RADIUS/basic_radius_auth.8:104 src/auth/basic/SASL/basic_sasl_auth.8:88 src/auth/basic/SSPI/basic_sspi_auth.8:142 src/auth/digest/file/digest_file_auth.8:79 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109 src/security/cert_generators/file/security_file_certgen.8.in:158 src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268 tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202 src/acl/external/file_userip/ext_file_userip_acl.8:90 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234 src/acl/external/LDAP_group/ext_ldap_group_acl.8:252 src/acl/external/LM_group/ext_lm_group_acl.8:179 src/acl/external/session/ext_session_acl.8:109 src/acl/external/time_quota/ext_time_quota_acl.8:227 src/acl/external/unix_group/ext_unix_group_acl.8:82 src/auth/basic/getpwnam/basic_getpwnam_auth.8:84 src/auth/basic/LDAP/basic_ldap_auth.8:315 src/auth/basic/RADIUS/basic_radius_auth.8:106 src/auth/basic/SASL/basic_sasl_auth.8:90 src/auth/basic/SSPI/basic_sspi_auth.8:144 src/auth/digest/file/digest_file_auth.8:81 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81 helpers/basic_auth/LDAP/basic_ldap_auth.8:312 helpers/basic_auth/PAM/basic_pam_auth.8:91 helpers/basic_auth/RADIUS/basic_radius_auth.8:103 helpers/basic_auth/SASL/basic_sasl_auth.8:87 helpers/basic_auth/SSPI/basic_sspi_auth.8:141 helpers/digest_auth/file/digest_file_auth.8:75 helpers/external_acl/AD_group/ext_ad_group_acl.8:244 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199 helpers/external_acl/file_userip/ext_file_userip_acl.8:87 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249 helpers/external_acl/LM_group/ext_lm_group_acl.8:176 helpers/external_acl/session/ext_session_acl.8:106 helpers/external_acl/time_quota/ext_time_quota_acl.8:224 helpers/external_acl/unix_group/ext_unix_group_acl.8:79 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59 tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204 src/acl/external/file_userip/ext_file_userip_acl.8:92 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236 src/acl/external/LDAP_group/ext_ldap_group_acl.8:254 src/acl/external/LM_group/ext_lm_group_acl.8:181 src/acl/external/session/ext_session_acl.8:111 src/acl/external/time_quota/ext_time_quota_acl.8:229 src/acl/external/unix_group/ext_unix_group_acl.8:84 src/auth/basic/getpwnam/basic_getpwnam_auth.8:86 src/auth/basic/LDAP/basic_ldap_auth.8:317 src/auth/basic/PAM/basic_pam_auth.8:96 src/auth/basic/RADIUS/basic_radius_auth.8:108 src/auth/basic/SASL/basic_sasl_auth.8:92 src/auth/basic/SSPI/basic_sspi_auth.8:146 src/auth/digest/file/digest_file_auth.8:83 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82 helpers/basic_auth/LDAP/basic_ldap_auth.8:313 helpers/basic_auth/NCSA/basic_ncsa_auth.8:73 helpers/basic_auth/PAM/basic_pam_auth.8:92 helpers/basic_auth/RADIUS/basic_radius_auth.8:104 helpers/basic_auth/SASL/basic_sasl_auth.8:88 helpers/basic_auth/SSPI/basic_sspi_auth.8:142 helpers/digest_auth/file/digest_file_auth.8:76 helpers/external_acl/AD_group/ext_ad_group_acl.8:245 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200 helpers/external_acl/file_userip/ext_file_userip_acl.8:88 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250 helpers/external_acl/LM_group/ext_lm_group_acl.8:177 helpers/external_acl/session/ext_session_acl.8:107 helpers/external_acl/time_quota/ext_time_quota_acl.8:225 helpers/external_acl/unix_group/ext_unix_group_acl.8:80 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258 tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205 src/acl/external/file_userip/ext_file_userip_acl.8:93 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237 src/acl/external/LDAP_group/ext_ldap_group_acl.8:255 src/acl/external/LM_group/ext_lm_group_acl.8:182 src/acl/external/session/ext_session_acl.8:112 src/acl/external/time_quota/ext_time_quota_acl.8:230 src/acl/external/unix_group/ext_unix_group_acl.8:85 src/auth/basic/getpwnam/basic_getpwnam_auth.8:87 src/auth/basic/LDAP/basic_ldap_auth.8:318 src/auth/basic/NCSA/basic_ncsa_auth.8:77 src/auth/basic/PAM/basic_pam_auth.8:97 src/auth/basic/RADIUS/basic_radius_auth.8:109 src/auth/basic/SASL/basic_sasl_auth.8:93 src/auth/basic/SSPI/basic_sspi_auth.8:147 src/auth/digest/file/digest_file_auth.8:84 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114 src/security/cert_generators/file/security_file_certgen.8.in:159 src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269 tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85 helpers/basic_auth/LDAP/basic_ldap_auth.8:316 helpers/basic_auth/NCSA/basic_ncsa_auth.8:76 helpers/basic_auth/PAM/basic_pam_auth.8:95 helpers/basic_auth/RADIUS/basic_radius_auth.8:107 helpers/basic_auth/SASL/basic_sasl_auth.8:91 helpers/basic_auth/SSPI/basic_sspi_auth.8:145 helpers/digest_auth/file/digest_file_auth.8:79 helpers/external_acl/AD_group/ext_ad_group_acl.8:248 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203 helpers/external_acl/file_userip/ext_file_userip_acl.8:91 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253 helpers/external_acl/LM_group/ext_lm_group_acl.8:180 helpers/external_acl/session/ext_session_acl.8:110 helpers/external_acl/time_quota/ext_time_quota_acl.8:228 helpers/external_acl/unix_group/ext_unix_group_acl.8:83 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261 tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208 src/acl/external/file_userip/ext_file_userip_acl.8:96 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240 src/acl/external/LDAP_group/ext_ldap_group_acl.8:258 src/acl/external/LM_group/ext_lm_group_acl.8:185 src/acl/external/session/ext_session_acl.8:115 src/acl/external/time_quota/ext_time_quota_acl.8:233 src/acl/external/unix_group/ext_unix_group_acl.8:88 src/auth/basic/getpwnam/basic_getpwnam_auth.8:90 src/auth/basic/LDAP/basic_ldap_auth.8:321 src/auth/basic/NCSA/basic_ncsa_auth.8:80 src/auth/basic/PAM/basic_pam_auth.8:100 src/auth/basic/RADIUS/basic_radius_auth.8:112 src/auth/basic/SASL/basic_sasl_auth.8:96 src/auth/basic/SSPI/basic_sspi_auth.8:150 src/auth/digest/file/digest_file_auth.8:87 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117 src/security/cert_generators/file/security_file_certgen.8.in:162 src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272 tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87 helpers/basic_auth/LDAP/basic_ldap_auth.8:321 helpers/basic_auth/NCSA/basic_ncsa_auth.8:78 helpers/basic_auth/PAM/basic_pam_auth.8:97 helpers/basic_auth/RADIUS/basic_radius_auth.8:112 helpers/basic_auth/SASL/basic_sasl_auth.8:93 helpers/basic_auth/SSPI/basic_sspi_auth.8:147 helpers/digest_auth/file/digest_file_auth.8:81 helpers/external_acl/AD_group/ext_ad_group_acl.8:250 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205 helpers/external_acl/file_userip/ext_file_userip_acl.8:93 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258 helpers/external_acl/LM_group/ext_lm_group_acl.8:182 helpers/external_acl/session/ext_session_acl.8:112 helpers/external_acl/time_quota/ext_time_quota_acl.8:230 helpers/external_acl/unix_group/ext_unix_group_acl.8:85 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263 tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210 src/acl/external/file_userip/ext_file_userip_acl.8:98 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242 src/acl/external/LDAP_group/ext_ldap_group_acl.8:263 src/acl/external/LM_group/ext_lm_group_acl.8:187 src/acl/external/session/ext_session_acl.8:117 src/acl/external/time_quota/ext_time_quota_acl.8:235 src/acl/external/unix_group/ext_unix_group_acl.8:90 src/auth/basic/getpwnam/basic_getpwnam_auth.8:92 src/auth/basic/LDAP/basic_ldap_auth.8:326 src/auth/basic/NCSA/basic_ncsa_auth.8:82 src/auth/basic/PAM/basic_pam_auth.8:102 src/auth/basic/RADIUS/basic_radius_auth.8:117 src/auth/basic/SASL/basic_sasl_auth.8:98 src/auth/basic/SSPI/basic_sspi_auth.8:152 src/auth/digest/file/digest_file_auth.8:89 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119 src/security/cert_generators/file/security_file_certgen.8.in:164 src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274 tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90 helpers/basic_auth/LDAP/basic_ldap_auth.8:324 helpers/basic_auth/NCSA/basic_ncsa_auth.8:81 helpers/basic_auth/PAM/basic_pam_auth.8:100 helpers/basic_auth/RADIUS/basic_radius_auth.8:115 helpers/basic_auth/SASL/basic_sasl_auth.8:96 helpers/basic_auth/SSPI/basic_sspi_auth.8:150 helpers/digest_auth/file/digest_file_auth.8:84 helpers/external_acl/AD_group/ext_ad_group_acl.8:253 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217 helpers/external_acl/file_userip/ext_file_userip_acl.8:96 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261 helpers/external_acl/LM_group/ext_lm_group_acl.8:185 helpers/external_acl/session/ext_session_acl.8:115 helpers/external_acl/time_quota/ext_time_quota_acl.8:233 helpers/external_acl/unix_group/ext_unix_group_acl.8:88 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222 src/acl/external/file_userip/ext_file_userip_acl.8:101 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245 src/acl/external/LDAP_group/ext_ldap_group_acl.8:266 src/acl/external/LM_group/ext_lm_group_acl.8:190 src/acl/external/session/ext_session_acl.8:120 src/acl/external/time_quota/ext_time_quota_acl.8:238 src/acl/external/unix_group/ext_unix_group_acl.8:93 src/auth/basic/getpwnam/basic_getpwnam_auth.8:95 src/auth/basic/LDAP/basic_ldap_auth.8:329 src/auth/basic/NCSA/basic_ncsa_auth.8:85 src/auth/basic/PAM/basic_pam_auth.8:105 src/auth/basic/RADIUS/basic_radius_auth.8:120 src/auth/basic/SASL/basic_sasl_auth.8:101 src/auth/basic/SSPI/basic_sspi_auth.8:155 src/auth/digest/file/digest_file_auth.8:92 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122 src/security/cert_generators/file/security_file_certgen.8.in:167 src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See "
 "http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you "
@@ -175,2582 +363,2483 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92 helpers/basic_auth/LDAP/basic_ldap_auth.8:326 helpers/basic_auth/NCSA/basic_ncsa_auth.8:83 helpers/basic_auth/PAM/basic_pam_auth.8:102 helpers/basic_auth/RADIUS/basic_radius_auth.8:117 helpers/basic_auth/SASL/basic_sasl_auth.8:98 helpers/basic_auth/SSPI/basic_sspi_auth.8:152 helpers/digest_auth/file/digest_file_auth.8:86 helpers/external_acl/AD_group/ext_ad_group_acl.8:255 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219 helpers/external_acl/file_userip/ext_file_userip_acl.8:98 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263 helpers/external_acl/LM_group/ext_lm_group_acl.8:187 helpers/external_acl/session/ext_session_acl.8:117 helpers/external_acl/time_quota/ext_time_quota_acl.8:235 helpers/external_acl/unix_group/ext_unix_group_acl.8:90 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268 tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224 src/acl/external/file_userip/ext_file_userip_acl.8:103 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247 src/acl/external/LDAP_group/ext_ldap_group_acl.8:268 src/acl/external/LM_group/ext_lm_group_acl.8:192 src/acl/external/session/ext_session_acl.8:122 src/acl/external/time_quota/ext_time_quota_acl.8:240 src/acl/external/unix_group/ext_unix_group_acl.8:95 src/auth/basic/getpwnam/basic_getpwnam_auth.8:97 src/auth/basic/LDAP/basic_ldap_auth.8:331 src/auth/basic/NCSA/basic_ncsa_auth.8:87 src/auth/basic/PAM/basic_pam_auth.8:107 src/auth/basic/RADIUS/basic_radius_auth.8:122 src/auth/basic/SASL/basic_sasl_auth.8:103 src/auth/basic/SSPI/basic_sspi_auth.8:157 src/auth/digest/file/digest_file_auth.8:94 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124 src/security/cert_generators/file/security_file_certgen.8.in:169 src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278 tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95 helpers/basic_auth/LDAP/basic_ldap_auth.8:329 helpers/basic_auth/NCSA/basic_ncsa_auth.8:86 helpers/basic_auth/PAM/basic_pam_auth.8:105 helpers/basic_auth/RADIUS/basic_radius_auth.8:120 helpers/basic_auth/SASL/basic_sasl_auth.8:101 helpers/basic_auth/SSPI/basic_sspi_auth.8:155 helpers/digest_auth/file/digest_file_auth.8:89 helpers/external_acl/AD_group/ext_ad_group_acl.8:258 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222 helpers/external_acl/file_userip/ext_file_userip_acl.8:101 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266 helpers/external_acl/LM_group/ext_lm_group_acl.8:190 helpers/external_acl/session/ext_session_acl.8:120 helpers/external_acl/time_quota/ext_time_quota_acl.8:238 helpers/external_acl/unix_group/ext_unix_group_acl.8:93 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271 tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227 src/acl/external/file_userip/ext_file_userip_acl.8:106 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250 src/acl/external/LDAP_group/ext_ldap_group_acl.8:271 src/acl/external/LM_group/ext_lm_group_acl.8:195 src/acl/external/session/ext_session_acl.8:125 src/acl/external/time_quota/ext_time_quota_acl.8:243 src/acl/external/unix_group/ext_unix_group_acl.8:98 src/auth/basic/getpwnam/basic_getpwnam_auth.8:100 src/auth/basic/LDAP/basic_ldap_auth.8:334 src/auth/basic/NCSA/basic_ncsa_auth.8:90 src/auth/basic/PAM/basic_pam_auth.8:110 src/auth/basic/RADIUS/basic_radius_auth.8:125 src/auth/basic/SASL/basic_sasl_auth.8:106 src/auth/basic/SSPI/basic_sspi_auth.8:160 src/auth/digest/file/digest_file_auth.8:97 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127 src/security/cert_generators/file/security_file_certgen.8.in:172 src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281 tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs "
 "E<lt>squid-bugs@squid-cache.orgE<gt>>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98 helpers/basic_auth/LDAP/basic_ldap_auth.8:332 helpers/basic_auth/NCSA/basic_ncsa_auth.8:89 helpers/basic_auth/PAM/basic_pam_auth.8:108 helpers/basic_auth/RADIUS/basic_radius_auth.8:123 helpers/basic_auth/SASL/basic_sasl_auth.8:104 helpers/basic_auth/SSPI/basic_sspi_auth.8:158 helpers/digest_auth/file/digest_file_auth.8:92 helpers/external_acl/AD_group/ext_ad_group_acl.8:261 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225 helpers/external_acl/file_userip/ext_file_userip_acl.8:104 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269 helpers/external_acl/LM_group/ext_lm_group_acl.8:193 helpers/external_acl/session/ext_session_acl.8:123 helpers/external_acl/time_quota/ext_time_quota_acl.8:241 helpers/external_acl/unix_group/ext_unix_group_acl.8:96 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274 tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230 src/acl/external/file_userip/ext_file_userip_acl.8:109 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253 src/acl/external/LDAP_group/ext_ldap_group_acl.8:274 src/acl/external/LM_group/ext_lm_group_acl.8:198 src/acl/external/session/ext_session_acl.8:128 src/acl/external/time_quota/ext_time_quota_acl.8:246 src/acl/external/unix_group/ext_unix_group_acl.8:101 src/auth/basic/getpwnam/basic_getpwnam_auth.8:103 src/auth/basic/LDAP/basic_ldap_auth.8:337 src/auth/basic/NCSA/basic_ncsa_auth.8:93 src/auth/basic/PAM/basic_pam_auth.8:113 src/auth/basic/RADIUS/basic_radius_auth.8:128 src/auth/basic/SASL/basic_sasl_auth.8:109 src/auth/basic/SSPI/basic_sspi_auth.8:163 src/auth/digest/file/digest_file_auth.8:100 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130 src/security/cert_generators/file/security_file_certgen.8.in:175 src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284 tools/squidclient/squidclient.1:260
 msgid "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100 helpers/basic_auth/LDAP/basic_ldap_auth.8:334 helpers/basic_auth/NCSA/basic_ncsa_auth.8:91 helpers/basic_auth/PAM/basic_pam_auth.8:110 helpers/basic_auth/RADIUS/basic_radius_auth.8:125 helpers/basic_auth/SASL/basic_sasl_auth.8:106 helpers/basic_auth/SSPI/basic_sspi_auth.8:160 helpers/digest_auth/file/digest_file_auth.8:94 helpers/external_acl/AD_group/ext_ad_group_acl.8:263 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227 helpers/external_acl/file_userip/ext_file_userip_acl.8:106 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271 helpers/external_acl/LM_group/ext_lm_group_acl.8:195 helpers/external_acl/session/ext_session_acl.8:125 helpers/external_acl/time_quota/ext_time_quota_acl.8:243 helpers/external_acl/unix_group/ext_unix_group_acl.8:101 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276 tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232 src/acl/external/file_userip/ext_file_userip_acl.8:111 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255 src/acl/external/LDAP_group/ext_ldap_group_acl.8:276 src/acl/external/LM_group/ext_lm_group_acl.8:200 src/acl/external/session/ext_session_acl.8:130 src/acl/external/time_quota/ext_time_quota_acl.8:248 src/acl/external/unix_group/ext_unix_group_acl.8:106 src/auth/basic/getpwnam/basic_getpwnam_auth.8:105 src/auth/basic/LDAP/basic_ldap_auth.8:339 src/auth/basic/NCSA/basic_ncsa_auth.8:95 src/auth/basic/PAM/basic_pam_auth.8:115 src/auth/basic/RADIUS/basic_radius_auth.8:130 src/auth/basic/SASL/basic_sasl_auth.8:111 src/auth/basic/SSPI/basic_sspi_auth.8:165 src/auth/digest/file/digest_file_auth.8:102 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132 src/security/cert_generators/file/security_file_certgen.8.in:177 src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286 tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114 helpers/basic_auth/LDAP/basic_ldap_auth.8:344 helpers/basic_auth/NCSA/basic_ncsa_auth.8:97 helpers/basic_auth/PAM/basic_pam_auth.8:121 helpers/basic_auth/RADIUS/basic_radius_auth.8:132 helpers/basic_auth/SASL/basic_sasl_auth.8:117 helpers/basic_auth/SSPI/basic_sspi_auth.8:165 helpers/digest_auth/file/digest_file_auth.8:99 helpers/external_acl/AD_group/ext_ad_group_acl.8:268 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233 helpers/external_acl/file_userip/ext_file_userip_acl.8:111 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282 helpers/external_acl/LM_group/ext_lm_group_acl.8:200 helpers/external_acl/session/ext_session_acl.8:130 helpers/external_acl/time_quota/ext_time_quota_acl.8:248 helpers/external_acl/unix_group/ext_unix_group_acl.8:108 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238 src/acl/external/file_userip/ext_file_userip_acl.8:116 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269 src/acl/external/LDAP_group/ext_ldap_group_acl.8:287 src/acl/external/LM_group/ext_lm_group_acl.8:205 src/acl/external/session/ext_session_acl.8:135 src/acl/external/time_quota/ext_time_quota_acl.8:253 src/acl/external/unix_group/ext_unix_group_acl.8:113 src/auth/basic/getpwnam/basic_getpwnam_auth.8:119 src/auth/basic/LDAP/basic_ldap_auth.8:349 src/auth/basic/NCSA/basic_ncsa_auth.8:101 src/auth/basic/PAM/basic_pam_auth.8:126 src/auth/basic/RADIUS/basic_radius_auth.8:137 src/auth/basic/SASL/basic_sasl_auth.8:122 src/auth/basic/SSPI/basic_sspi_auth.8:170 src/auth/digest/file/digest_file_auth.8:107 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137 src/security/cert_generators/file/security_file_certgen.8.in:182 src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117 helpers/basic_auth/LDAP/basic_ldap_auth.8:347 helpers/basic_auth/NCSA/basic_ncsa_auth.8:100 helpers/basic_auth/PAM/basic_pam_auth.8:124 helpers/basic_auth/RADIUS/basic_radius_auth.8:135 helpers/basic_auth/SASL/basic_sasl_auth.8:120 helpers/basic_auth/SSPI/basic_sspi_auth.8:168 helpers/digest_auth/file/digest_file_auth.8:102 helpers/external_acl/AD_group/ext_ad_group_acl.8:271 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236 helpers/external_acl/file_userip/ext_file_userip_acl.8:114 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285 helpers/external_acl/LM_group/ext_lm_group_acl.8:203 helpers/external_acl/session/ext_session_acl.8:133 helpers/external_acl/time_quota/ext_time_quota_acl.8:251 helpers/external_acl/unix_group/ext_unix_group_acl.8:111 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276 src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241 src/acl/external/file_userip/ext_file_userip_acl.8:119 src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272 src/acl/external/LDAP_group/ext_ldap_group_acl.8:290 src/acl/external/LM_group/ext_lm_group_acl.8:208 src/acl/external/session/ext_session_acl.8:138 src/acl/external/time_quota/ext_time_quota_acl.8:256 src/acl/external/unix_group/ext_unix_group_acl.8:116 src/auth/basic/getpwnam/basic_getpwnam_auth.8:122 src/auth/basic/LDAP/basic_ldap_auth.8:352 src/auth/basic/NCSA/basic_ncsa_auth.8:104 src/auth/basic/PAM/basic_pam_auth.8:129 src/auth/basic/RADIUS/basic_radius_auth.8:140 src/auth/basic/SASL/basic_sasl_auth.8:125 src/auth/basic/SSPI/basic_sspi_auth.8:173 src/auth/digest/file/digest_file_auth.8:110 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140 src/security/cert_generators/file/security_file_certgen.8.in:185 src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12 helpers/basic_auth/LDAP/basic_ldap_auth.8:27 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15 tools/squidclient/squidclient.1:22
+msgid "host"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17 src/acl/external/LDAP_group/ext_ldap_group_acl.8:20 src/auth/basic/LDAP/basic_ldap_auth.8:18 src/auth/basic/LDAP/basic_ldap_auth.8:33 src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15 tools/squidclient/squidclient.1:26
+msgid "port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16 helpers/basic_auth/LDAP/basic_ldap_auth.8:31 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+msgid "LDAP version"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18 helpers/basic_auth/LDAP/basic_ldap_auth.8:33 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20 helpers/basic_auth/LDAP/basic_ldap_auth.8:35 helpers/basic_auth/RADIUS/basic_radius_auth.8:18 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17 tools/squidclient/squidclient.1:27
-msgid "port"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22 helpers/basic_auth/LDAP/basic_ldap_auth.8:37 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29 src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
-msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user "
-"attribute. In the other mode of operation a search filter is used to locate "
-"valid user DN's below the base DN."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62 helpers/basic_auth/NCSA/basic_ncsa_auth.8:35 helpers/basic_auth/PAM/basic_pam_auth.8:21 helpers/basic_auth/RADIUS/basic_radius_auth.8:31 helpers/basic_auth/SSPI/basic_sspi_auth.8:34 helpers/digest_auth/file/digest_file_auth.8:20 helpers/external_acl/AD_group/ext_ad_group_acl.8:51 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44 helpers/external_acl/file_userip/ext_file_userip_acl.8:23 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49 helpers/external_acl/LM_group/ext_lm_group_acl.8:27 helpers/external_acl/session/ext_session_acl.8:34 helpers/external_acl/time_quota/ext_time_quota_acl.8:24 helpers/external_acl/unix_group/ext_unix_group_acl.8:19 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59 tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
+msgid ""
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
 msgstr ""
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
-msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
-msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 "
-"B<%s> are used."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
-msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
+msgid "Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"Search scope when performing user DN searches specified by the B<-f> "
-"option. Defaults to B<sub>"
+"Timeout factor for persistent connections. Set to B<0> for never "
+"timeout. Default is B<60> seconds."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105 src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108 src/acl/external/LDAP_group/ext_ldap_group_acl.8:176 src/auth/basic/LDAP/basic_ldap_auth.8:128
 msgid "B<base> object only,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111 src/acl/external/LDAP_group/ext_ldap_group_acl.8:179 src/auth/basic/LDAP/basic_ldap_auth.8:131
 msgid "B<one> level below the base object or"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114 src/acl/external/LDAP_group/ext_ldap_group_acl.8:182 src/auth/basic/LDAP/basic_ldap_auth.8:134
 msgid "B<sub>tree below the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
-msgid ""
-"The DN and password to bind as while performing searches. Required by the "
-"B<-f> flag if the directory does not allow anonymous searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow "
-"re-binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161 src/acl/external/unix_group/ext_unix_group_acl.8:60 src/auth/basic/NCSA/basic_ncsa_auth.8:45 src/security/cert_generators/file/security_file_certgen.8.in:88 tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
+msgid ""
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
+msgid ""
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not "
+"re-populating the networkAddress field in eDirectory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7 src/acl/external/time_quota/ext_time_quota_acl.8:7 src/auth/basic/SASL/basic_sasl_auth.8:7 src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
+msgid ""
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
 msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
-msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
 msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
 msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
 msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+msgid "Version 1.3.0sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
 msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302 helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
+msgid ""
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or "
+"B<-T> option which provides the LDAP group name the user has to belong "
+"too. For Active Directory a recursive group lookup is implemented until a "
+"max depth specified by B<-m> depth. For other LDAP servers a RFC2307bis "
+"schema of groups is assumed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
 msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+msgid "Write debug messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+msgid "Write informational messages to stderr."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
+msgid ""
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
 msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
+msgid ""
+"A list of Netbios name mappings to Kerberos domain names of the form "
+"Netbios-Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users "
+"using NTLM authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
-msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
-msgid "B<basic_ncsa_auth> must have access to the password file to be executed."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163 helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
 msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+msgid "LDAP server bind path."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
-msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"list of ldap servers of the form "
+"lserver|lserver@|lserver@Realm[:lserver@|lserver@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form "
+"Group|Group@|Group@Realm[:Group@|Group@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form "
+"Group|Group@|Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex "
+"format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
+msgid ""
+"A list of group name per Kerberos domain of the form "
+"Group|Group@|Group@Realm[:Group@|Group@Realm] where group and domain is in "
+"UTF-8 hex format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP "
-"authentication."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
 msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
-msgstr ""
-
-#. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
-msgid "Do not perform the PAM account management group (account expiration etc)"
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168 src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or "
-"B</etc/pam.d/squid>"
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
 msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
-msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
 #, no-wrap
-msgid "NOTES"
+msgid ""
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82 helpers/external_acl/session/ext_session_acl.8:99 helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
+msgid ""
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g "
+"GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g "
+"GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g "
+"GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g "
+"GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
+msgid ""
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g "
+"option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
+msgid ""
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid ""
+"  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g "
+"markus@WIN2003R2.HOME\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24 helpers/external_acl/session/ext_session_acl.8:14 tools/squidclient/squidclient.1:33
-msgid "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
+msgid ""
+"For a translation of hex UTF-8 see for example "
+"http://www.utf8-chartable.de/unicode-utf8-table.pl"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain "
+"server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 - A list "
+"is build with a colon as separator"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
-msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+msgid "B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
-msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264 src/acl/external/LDAP_group/ext_ldap_group_acl.8:285 src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
-msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+msgid "Version 2.18"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+msgid "base-DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16 src/auth/basic/LDAP/basic_ldap_auth.8:14 src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
-msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+msgid "server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
-msgid "Specifies the port number or service name where the helper should connect."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22 src/auth/basic/LDAP/basic_ldap_auth.8:20 src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-msgid "Specifies the RADIUS request timeout."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
+msgid ""
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
+msgid ""
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9 helpers/digest_auth/file/digest_file_auth.8:9 helpers/external_acl/file_userip/ext_file_userip_acl.8:9 helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
-msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
 msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
 msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
+msgid ""
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96 src/auth/basic/LDAP/basic_ldap_auth.8:150
+msgid ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101 src/auth/basic/LDAP/basic_ldap_auth.8:155
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105 src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-msgid "Basic authentication protocol"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9 helpers/external_acl/AD_group/ext_ad_group_acl.8:9 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
+msgid ""
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14 helpers/basic_auth/SSPI/basic_sspi_auth.8:16 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
+msgid ""
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
-msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168 src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186 src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42 helpers/external_acl/AD_group/ext_ad_group_acl.8:59 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63 helpers/external_acl/file_userip/ext_file_userip_acl.8:27 helpers/external_acl/LM_group/ext_lm_group_acl.8:35 helpers/external_acl/unix_group/ext_unix_group_acl.8:23 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190 src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
+msgid ""
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of "
+"B<%s> are supported."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204 src/auth/basic/LDAP/basic_ldap_auth.8:216
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
 msgstr ""
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
-msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208 src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
-msgstr ""
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
-msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
 msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86 helpers/external_acl/AD_group/ext_ad_group_acl.8:172 helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
 msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106 helpers/external_acl/AD_group/ext_ad_group_acl.8:205 helpers/external_acl/AD_group/ext_ad_group_acl.8:220 helpers/external_acl/LM_group/ext_lm_group_acl.8:148
-msgid "Test that entering no details does not result in an B<OK> or B<ERR> message."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
-msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
-msgid ""
-"Test that entering a valid username and password results in an B<OK> "
-"message."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
-msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128 helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14 tools/squidclient/squidclient.1:29
-msgid "file"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
+msgid ""
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
 msgid ""
-"B<digest_file_auth> is an installed binary authentication program for "
-"Squid. It handles digest authentication protocol and authenticates against a "
-"text file backend."
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
-msgid "Accept digest hashed passwords rather than plaintext in the password file"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
+msgid ""
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some "
+"not-english locales, the results can be unexpected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
 msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
-msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext "
-"equivalent\" - for the purposes of digest authentication they allow the user "
-"access. Password syncronisation is not tackled by digest - just preventing "
-"on the wire compromise."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7 helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
+msgid ""
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14 helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
-msgid "B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+#: src/acl/external/session/ext_session_acl.8:5
+msgid "ext_session_acl - Squid session tracking external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26 helpers/external_acl/LM_group/ext_lm_group_acl.8:26
-msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+#: src/acl/external/session/ext_session_acl.8:7
+msgid "Version 1.2"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/session/ext_session_acl.8:12 src/auth/basic/RADIUS/basic_radius_auth.8:22 tools/squidclient/squidclient.1:32
+msgid "timeout"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
-msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
+#: src/acl/external/session/ext_session_acl.8:36
 msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:49
 msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
+#: src/acl/external/session/ext_session_acl.8:62
+msgid ""
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session "
+"helper. Using multiple instances of the session helper with a single "
+"database file will cause synchronization problems between processes.  If "
+"this option is not specified the session details will be kept in memory only "
+"and all sessions will reset each time Squid restarts its helpers (Squid "
+"restart or rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
+#: src/acl/external/session/ext_session_acl.8:72
+msgid ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
+#: src/acl/external/session/ext_session_acl.8:79
+msgid ""
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72 helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82 helpers/external_acl/file_userip/ext_file_userip_acl.8:37 helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69 helpers/external_acl/LM_group/ext_lm_group_acl.8:47 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/session/ext_session_acl.8:81
+msgid "Passive session configuration example using the default automatic mode"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/session/ext_session_acl.8:94
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/acl/external/session/ext_session_acl.8:97 src/acl/external/time_quota/ext_time_quota_acl.8:216 src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
+msgid ""
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-msgid "As Exampled:"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
+msgid ""
+"This is useful for corporate lunch time allocations, wifi portal "
+"pay-per-minute installations or for parental control of children. The "
+"administrator can define a time budget (e.g. 1 hour per day) which is "
+"enforced through this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
-msgid "When using Plain NT4 Group Name, the Group is searched in the user's domain."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
+msgid ""
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
 msgid ""
-"In the previous example all validated AD users member of "
-"I<MYDOMAIN\\GProxyUsers> domain group or member of I<LProxyUsers> machine "
-"local group are allowed to use the cache."
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
-msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
 msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
-msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the "
-"B<-A> and B<-D> switches."
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
+msgid ""
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
 msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190 helpers/external_acl/LM_group/ext_lm_group_acl.8:133
-msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded "
-"I<domain%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> "
-"message."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194 helpers/external_acl/AD_group/ext_ad_group_acl.8:209 helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198 helpers/external_acl/AD_group/ext_ad_group_acl.8:213 helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224 helpers/external_acl/LM_group/ext_lm_group_acl.8:152
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
 msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228 helpers/external_acl/LM_group/ext_lm_group_acl.8:156
-msgid "Test that entering an valid username and group results in an B<OK> message."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-msgid "LDAP version"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
-msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
-msgid "Specify if LDAP search group is required. For example; B<groupMembership=>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<%SRC> "
+", B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at "
+"http://wiki.squid-cache.org/ConfigExamples."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never "
-"timeout. Default is B<60> seconds."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107 helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
 msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
-msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not "
-"re-populating the networkAddress field in eDirectory."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
+msgid ""
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
 msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
-msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9 src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
-msgstr ""
-
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-msgid "Version 1.3.0sq"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
-msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
 msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or "
-"B<-T> option which provides the LDAP group name the user has to belong "
-"too. For Active Directory a recursive group lookup is implemented until a "
-"max depth specified by B<-m> depth. For other LDAP servers a RFC2307bis "
-"schema of groups is assumed."
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source "
+"code."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
 msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
-msgid "Write debug messages to stderr."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
-msgid "Write informational messages to stderr."
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
 msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
-msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
-msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form "
-"Netbios-Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users "
-"using NTLM authentication)."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
+msgid "- Allows authentication of all known local users"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
+msgid "- Allows authentication through nsswitch.conf"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+msgid "- Can handle NIS(+) requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+msgid "- Can handle LDAP requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-msgid "LDAP server bind path."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+msgid "- Can handle PAM requests"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
+msgid ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62 src/auth/basic/PAM/basic_pam_auth.8:77
 msgid ""
-"list of ldap servers of the form "
-"lserver|lserver@|lserver@Realm[:lserver@|lserver@Realm]"
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
-msgid ""
-"A list of group name per Kerberos domain of the form "
-"Group|Group@|Group@Realm[:Group@|Group@Realm]"
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
-msgid ""
-"A list of group name per Kerberos domain of the form "
-"Group|Group@|Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex "
-"format"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
-msgid ""
-"A list of group name per Kerberos domain of the form "
-"Group|Group@|Group@Realm[:Group@|Group@Realm] where group and domain is in "
-"UTF-8 hex format"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10 src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
-msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16 src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
-msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170 helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user "
+"attribute. In the other mode of operation a search filter is used to locate "
+"valid user DN's below the base DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
-msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
+msgid ""
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
 msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g "
-"GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g "
-"GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g "
-"GROUP1:GROUP2\n"
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
 msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g "
-"GROUP1:GROUP2\n"
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 "
+"B<%s> are used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
 msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g "
-"option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
 msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
-#, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
+msgid ""
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Search scope when performing user DN searches specified by the B<-f> "
+"option. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
 msgid ""
-"  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g "
-"markus@WIN2003R2.HOME\n"
+"The DN and password to bind as while performing searches. Required by the "
+"B<-f> flag if the directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
 msgid ""
-"For a translation of hex UTF-8 see for example "
-"http://www.utf8-chartable.de/unicode-utf8-table.pl"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
 msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain "
-"server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 - A list "
-"is build with a colon as seperator"
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
+msgid ""
+"Only bind once per LDAP connection. Some LDAP servers do not allow "
+"re-binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
-msgid "B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
+msgid ""
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
 msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
+msgid ""
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
+msgid ""
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
 msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
-msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300 src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
-msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
 msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
 msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
-msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188 helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
+msgid ""
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
-msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of "
-"B<%s> are supported."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
+msgid "B<basic_ncsa_auth> must have access to the password file to be executed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
-msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
+msgid ""
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
 msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9 helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
+#: src/auth/basic/PAM/basic_pam_auth.8:18
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP "
+"authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/basic/PAM/basic_pam_auth.8:33
+msgid ""
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/basic/PAM/basic_pam_auth.8:38
+msgid "Do not perform the PAM account management group (account expiration etc)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or "
+"B</etc/pam.d/squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:52
 msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:56
 msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/basic/PAM/basic_pam_auth.8:64
+msgid ""
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
-msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some "
-"not-english locales, the results can be unexpected."
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
-msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
-msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
+msgid ""
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-msgid "Version 1.2"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
+msgid ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
 msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
 msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
 msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
-msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session "
-"helper. Using multiple instances of the session helper with a single "
-"database file will cause synchronisation problems between processes.  If "
-"this option is not specified the session details will be kept in memory only "
-"and all sessions will reset each time Squid restarts its helpers (Squid "
-"restart or rotation of logs)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
 msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
-msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-msgid "Passive session configuration example using the default automatic mode"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
+msgid "Specifies the port number or service name where the helper should connect."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+msgid "Specifies the RADIUS request timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-msgid "Squid time quota external acl helper."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
 msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
 msgid ""
-"This is useful for corporate lunch time allocations, wifi portal "
-"pay-per-minute installations or for parental control of children. The "
-"administrator can define a time budget (e.g. 1 hour per day) which is "
-"enforced through this helper."
+"basic_sasl_auth - Basic Authentication using SASL (specifically the "
+"cyrus-sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
 msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
+#, no-wrap
+msgid " - use PAM authentication database\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
+#, no-wrap
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
+#, no-wrap
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
 msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12 src/auth/basic/SSPI/basic_sspi_auth.8:14 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12 src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
 msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
-msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<%SRC> "
-", B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at "
-"http://wiki.squid-cache.org/ConfigExamples."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
-#, no-wrap
-msgid "IMPLEMENTATION"
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
+msgid ""
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
+#, no-wrap
 msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
+msgid ""
+"Test that entering a valid username and password results in an B<OK> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
-msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126 src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
-msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
+#: src/auth/digest/file/digest_file_auth.8:5
+msgid "digest_file_auth - File based digest authentication helper for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
+#: src/auth/digest/file/digest_file_auth.8:7
+msgid "Version 1.1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11 helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
+#: src/auth/digest/file/digest_file_auth.8:12 tools/squidclient/squidclient.1:28
+msgid "file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/auth/digest/file/digest_file_auth.8:17
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"B<digest_file_auth> is an installed binary authentication program for "
+"Squid. It handles digest authentication protocol and authenticates against a "
+"text file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
+#: src/auth/digest/file/digest_file_auth.8:20
+msgid ""
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
+#: src/auth/digest/file/digest_file_auth.8:25
+msgid "Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
-msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source "
-"code."
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/auth/digest/file/digest_file_auth.8:51
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
+#: src/auth/digest/file/digest_file_auth.8:59
+msgid ""
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext "
+"equivalent\" - for the purposes of digest authentication they allow the user "
+"access. Password synchronization is not tackled by digest - just preventing "
+"on the wire compromise."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
 msgid "Version 3.0.4sq"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
 msgid ""
 "B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
 "authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
 msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
 msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
 "This helper is intended to be used as an B<authentication> helper in "
 "B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
+msgid ""
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos "
+"domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be "
+"the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
 msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
 msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
 msgid ""
 "Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
 "(usually only possible in a 5 minute window) . If squid is under high load "
 "with Negotiate(Kerberos) proxy authentication requests the replay cache "
 "checks can create high CPU load. If the environment does not require high "
 "security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+"implementations by adding the below to the startup script or use the -t none "
+"option."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
 msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
 msgid ""
 "If negotiate_kerberos_auth doesn't determine for some reason the right "
 "service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
 "If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
 "principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
@@ -2758,31 +2847,40 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
 "B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
 "Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
 msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
 msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
-msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
 msgid ""
 "B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
 "provides native access to the Security Service Provider Interface of Windows "
@@ -2791,41 +2889,41 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
 msgid "Specify a Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid "Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
 msgid "Enables verbose NTLM packet debugging."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
 msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
 "Users that are allowed to access the web proxy must have the Windows NT User "
 "Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
 msgid ""
 "Optionally the authenticator can verify the NT LOCAL group membership of the "
 "user against the User Group specified in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
 "This can be accomplished creating a local user group on the NT machine, "
 "grant the privilege, and adding users to it, it works only with MACHINE "
@@ -2833,24 +2931,24 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
 msgid ""
 "Better group checking is available with external ACL, see "
 "B<ext_ad_group_acl.exe> documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
 msgid "B<squid.conf> typical minimal required changes:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
 msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
 "Internet Explorer has some problems with B<ftp://> URLs when handling "
 "internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
@@ -2858,42 +2956,188 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
 msgid "Based on prior work in by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:13
+#: src/security/cert_generators/file/security_file_certgen.8.in:15 src/security/cert_generators/file/security_file_certgen.8.in:22 src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
+msgid ""
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
+msgid ""
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
+msgid ""
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
+msgid ""
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
+msgid ""
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
+msgid ""
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:95 src/security/cert_generators/file/security_file_certgen.8.in:123
+msgid ""
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
+msgid ""
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
+msgid ""
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
+msgid ""
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+msgid "For example:"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
+msgid ""
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
+msgid ""
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:5
+msgid "squid - HTTP web proxy caching server"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:11
 msgid "facility"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:15
+#: src/squid.8.in:13
 msgid "config-file"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:19
+#: src/squid.8.in:17
 msgid "signal"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:21
+#: src/squid.8.in:19
 msgid "service-name"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:23
+#: src/squid.8.in:21
 msgid "command-line"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: src/squid.8.in:30
 msgid ""
 "B<squid> is a high-performance proxy caching server for web clients, "
 "supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
@@ -2902,7 +3146,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: src/squid.8.in:34
 msgid ""
 "Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
 "lookups, supports non-blocking DNS lookups, and implements negative caching "
@@ -2910,7 +3154,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: src/squid.8.in:39
 msgid ""
 "Squid supports SSL, extensive access controls, and full request logging.  By "
 "using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
@@ -2919,7 +3163,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: src/squid.8.in:47
 msgid ""
 "Squid consists of a main server program B<squid> , some optional programs "
 "for custom processing and authentication, and some management and client "
@@ -2929,12 +3173,12 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:51
+#: src/squid.8.in:49
 msgid "Squid is derived from the ARPA-funded Harvest Project."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: src/squid.8.in:55
 msgid ""
 "This manual page only lists the command line arguments.  For details on how "
 "to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
@@ -2943,24 +3187,24 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: src/squid.8.in:64
 msgid ""
 "Specify HTTP port number where Squid should listen for requests, in addition "
 "to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:70
+#: src/squid.8.in:68
 msgid "Do not catch fatal signals."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:74
+#: src/squid.8.in:72
 msgid "Write debugging to stderr also."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: src/squid.8.in:84
 msgid ""
 "Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
 "file name starts with a B<!> or B<|> then it is assumed to be an external "
@@ -2970,91 +3214,98 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:90
+#: src/squid.8.in:88
 msgid "Don't serve any requests until store is rebuilt."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:94
+#: src/squid.8.in:92
 msgid "Print help message."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
+#: src/squid.8.in:98
 msgid "Install as a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: src/squid.8.in:105
 msgid ""
 "Parse configuration file, then send signal to running copy (except B<-k "
 "parse> ) and exit."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
+#: src/squid.8.in:110
 msgid "Use specified syslog facility. Implies B<-s>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: src/squid.8.in:115
 msgid ""
 "Specify Windows Service name to use for service operations, default is: "
 "B<Squid>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:121
+#: src/squid.8.in:119
 msgid "No daemon mode."
 msgstr ""
 
 #. type: Plain text
 #: src/squid.8.in:125
+msgid ""
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:129
 msgid "Set Windows Service Command line options in Registry."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
+#: src/squid.8.in:135
 msgid "Remove a Windows Service (see B<-n> option)."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:137
+#: src/squid.8.in:141
 msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: src/squid.8.in:146
 msgid "Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:146
+#: src/squid.8.in:150
 msgid "Double-check swap during rebuild."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
+#: src/squid.8.in:154
 msgid "Specify ICP port number (default: 3130), disable with 0."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
+#: src/squid.8.in:158
 msgid "Print version and build details."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:158
+#: src/squid.8.in:162
 msgid "Force full debugging."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
+#: src/squid.8.in:170
 msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: src/squid.8.in:178
 msgid ""
 "Create missing swap directories and other missing cache_dir structures, then "
 "exit. All cache_dir types create the configured top-level directory if it is "
@@ -3064,7 +3315,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
+#: src/squid.8.in:183
 msgid ""
 "This option does not enable validation of any present swap structures. Its "
 "focus is on creation of missing pieces. If nothing is missing, squid -z just "
@@ -3073,25 +3324,25 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
+#: src/squid.8.in:188
 msgid ""
 "By default, squid -z runs in daemon mode (so that configuration macros and "
 "other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
 #. type: SH
-#: src/squid.8.in:185
+#: src/squid.8.in:189
 #, no-wrap
 msgid "FILES"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:187
+#: src/squid.8.in:191
 msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: src/squid.8.in:197
 msgid ""
 "The main configuration file. You must initially make changes to this file "
 "for B<squid> to work. For example, the default configuration only allows "
@@ -3100,21 +3351,21 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
 "Reference copy of the configuration file. Always kept up to date with the "
 "version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: src/squid.8.in:203
 msgid ""
 "Use this to look up the default configuration settings and syntax after "
 "upgrading."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
+#: src/squid.8.in:212
 msgid ""
 "Use this to read the documentation for configuration options available in "
 "your build of Squid. The online configuration manual is also available for a "
@@ -3122,17 +3373,17 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
+#: src/squid.8.in:217
 msgid "The main configuration file for the web B<cachemgr.cgi> tools."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
+#: src/squid.8.in:220
 msgid "The main configuration file for the Sample MSNT authenticator."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: src/squid.8.in:225
 msgid ""
 "CSS Stylesheet to control the display of generated error pages.  Use this to "
 "set any company branding you need, it will apply to every language Squid "
@@ -3140,29 +3391,29 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:224
+#: src/squid.8.in:228
 msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
+#: src/squid.8.in:231
 msgid "MIME type mappings for FTP gatewaying"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:230
+#: src/squid.8.in:234
 msgid "Location of Squid error pages and templates."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: src/squid.8.in:237
 msgid ""
 "Squid was written over many years by a changing team of developers and "
 "maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: src/squid.8.in:244
 msgid ""
 "With contributions from many others in the Squid community.  see "
 "CONTRIBUTORS for a full list of individuals who contributed code.  see "
@@ -3170,39 +3421,12 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:255
-msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:257
-msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
-msgstr ""
-
-#. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
+#: tools/cachemgr.cgi.8.in:5
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
+#: tools/cachemgr.cgi.8.in:16
 msgid ""
 "The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
 "statistics about the Squid HTTP proxy process as it runs. The cache manager "
@@ -3211,14 +3435,14 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/cachemgr.cgi.8.in:20
 msgid ""
 "Configuration examples for many common web servers can be found in the Squid "
 "FAQ wiki."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
+#: tools/cachemgr.cgi.8.in:32
 msgid ""
 "The access configuration file defining which Squid servers may be managed "
 "via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
@@ -3226,7 +3450,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/cachemgr.cgi.8.in:36
 msgid ""
 "The server name may contain shell wildcard characters such as *, [] etc.  A "
 "quick selection dropdown menu is automatically constructed from the simple "
@@ -3234,20 +3458,20 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
 "Specifying :port is optional. If not specified then the default proxy port "
 "is assumed. :* or :any matches any port on the target server."
 msgstr ""
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/cachemgr.cgi.8.in:41
 #, no-wrap
 msgid "SECURITY"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
 "B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
 "and returns a formatted version of the response. To avoid abuse it is "
@@ -3256,7 +3480,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
 "Derived from Harvest. Further developed by numerous individuals from the "
 "internet community. Development is led by Duane Wessels of the National "
@@ -3265,69 +3489,447 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276 tools/squidclient/squidclient.1:252
 msgid ""
 "See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
 "you need to include with your bug report."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:21
+msgid ""
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:23
+msgid "This is a tool for expert usage only, use it under your own responsibility."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:43
+msgid ""
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing "
+"squid.conf. It knows about both ways of Squid-2 cache_dir specifications, "
+"and will automatically try to use the correct one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:56
+msgid ""
+"For instance, if you specified \"-C /tmp\", purge will try to recreate "
+"/tmp/www.server.1/url/path/file, and so forth."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:63
+msgid ""
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:65
+msgid "default: 0"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is "
+"recommended. The capital letter version works case sensitive, the lower caps "
+"version does not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:91
+msgid ""
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:125
+msgid ""
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:145
+msgid ""
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:152
+msgid ""
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:157
+msgid ""
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:166
+msgid "default: off"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:171
+msgid ""
+"be verbose in the things reported about the file. See the output section "
+"below."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:198
+msgid ""
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:205
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:209
+msgid ""
+"/cache3/00/00/0000004A 0 5682 "
+"http://graphics.userfriendly.org/images/slovenia.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:214
+msgid ""
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:232
+msgid ""
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 "
+"http://www.netscape.com/images/nc_vera_tile.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:238
+msgid ""
+"It is still relatively slow, especially if your machine is low on memory "
+"and/or unable to hold all OS directory cache entries in main memory."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:241
+#, no-wrap
+msgid "TODO"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:248
+msgid ""
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:251
+msgid ""
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+msgid "This program and manual was written by"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+msgid "Based on original squidpurge README."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:5
+msgid "squidclient - A simple HTTP web client tool"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr ""
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr ""
 
@@ -3337,7 +3939,22 @@ msgid "interval"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -3347,164 +3964,189 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
+#: tools/squidclient/squidclient.1:122
 msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
+"Ping mode, perform.I count iterations (default is to loop until "
 "interrupted)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
diff --git a/doc/manuals/ru.po b/doc/manuals/ru.po
index 0ab049d45b..4e81c2a846 100644
--- a/doc/manuals/ru.po
+++ b/doc/manuals/ru.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
-"POT-Creation-Date: 2014-03-06 11:09+1300\n"
+"POT-Creation-Date: 2017-05-29 22:45+1200\n"
 "PO-Revision-Date: 2010-01-16 02:20+0000\n"
 "Last-Translator: Amos Jeffries <Unknown>\n"
 "Language-Team: Russian <ru@li.org>\n"
@@ -19,330 +19,582 @@ msgstr ""
 "X-Generator: Launchpad (build Unknown)\n"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:3
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:3
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:3
-#: helpers/basic_auth/PAM/basic_pam_auth.8:3
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:3
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:3
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:3
-#: helpers/digest_auth/file/digest_file_auth.8:3
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:3
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:3
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:3
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:3
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:3
-#: helpers/external_acl/session/ext_session_acl.8:3
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:3
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:3
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:3
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:3 src/squid.8.in:3
-#: tools/cachemgr.cgi.8.in:3 tools/squidclient/squidclient.1:3
+#: src/acl/external/AD_group/ext_ad_group_acl.8:3
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:3
+#: src/acl/external/file_userip/ext_file_userip_acl.8:3
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:3
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:3
+#: src/acl/external/LM_group/ext_lm_group_acl.8:3
+#: src/acl/external/session/ext_session_acl.8:3
+#: src/acl/external/time_quota/ext_time_quota_acl.8:3
+#: src/acl/external/unix_group/ext_unix_group_acl.8:3
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:3
+#: src/auth/basic/LDAP/basic_ldap_auth.8:3
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:3
+#: src/auth/basic/PAM/basic_pam_auth.8:3
+#: src/auth/basic/RADIUS/basic_radius_auth.8:3
+#: src/auth/basic/SASL/basic_sasl_auth.8:3
+#: src/auth/basic/SSPI/basic_sspi_auth.8:3
+#: src/auth/digest/file/digest_file_auth.8:3
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:3
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:3
+#: src/security/cert_generators/file/security_file_certgen.8.in:3
+#: src/squid.8.in:3 tools/cachemgr.cgi.8.in:3 tools/purge/purge.1:3
+#: tools/squidclient/squidclient.1:3
 #, no-wrap
 msgid "NAME"
 msgstr "НАЗВАНИЕ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:7
-msgid "Local Users auth helper for Squid"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:5
+msgid ""
+"ext_ad_group_acl.exe - Squid external ACL helper to check Windows users "
+"group membership."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:7
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:7
+#: src/auth/basic/SSPI/basic_sspi_auth.8:7
+msgid "Version 2.0"
 msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:8
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:8
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:8
-#: helpers/basic_auth/PAM/basic_pam_auth.8:8
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:8
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:10
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:10
-#: helpers/digest_auth/file/digest_file_auth.8:10
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:10
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:10
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:10
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:10
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:10
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:10
-#: helpers/external_acl/session/ext_session_acl.8:10
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:10
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:8
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:10
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:11 src/squid.8.in:8
-#: tools/cachemgr.cgi.8.in:8 tools/squidclient/squidclient.1:8
+#: src/acl/external/AD_group/ext_ad_group_acl.8:8
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:8
+#: src/acl/external/file_userip/ext_file_userip_acl.8:8
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:8
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:8
+#: src/acl/external/LM_group/ext_lm_group_acl.8:8
+#: src/acl/external/session/ext_session_acl.8:8
+#: src/acl/external/time_quota/ext_time_quota_acl.8:8
+#: src/acl/external/unix_group/ext_unix_group_acl.8:6
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:6
+#: src/auth/basic/LDAP/basic_ldap_auth.8:6
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:6
+#: src/auth/basic/PAM/basic_pam_auth.8:6
+#: src/auth/basic/RADIUS/basic_radius_auth.8:6
+#: src/auth/basic/SASL/basic_sasl_auth.8:8
+#: src/auth/basic/SSPI/basic_sspi_auth.8:8
+#: src/auth/digest/file/digest_file_auth.8:8
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:8
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:8
+#: src/security/cert_generators/file/security_file_certgen.8.in:8
+#: src/squid.8.in:6 tools/cachemgr.cgi.8.in:6 tools/purge/purge.1:6
+#: tools/squidclient/squidclient.1:6
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr "СИНТАКСИС"
 
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:12
+#: src/acl/external/LM_group/ext_lm_group_acl.8:12
+msgid "domain"
+msgstr ""
+
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:11
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:39
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:12
-#: helpers/basic_auth/PAM/basic_pam_auth.8:15
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:26
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:13
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:20
-#: helpers/digest_auth/file/digest_file_auth.8:15
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:16
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:33
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:16
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:14
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:16
-#: helpers/external_acl/session/ext_session_acl.8:18
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:14
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:15
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:14
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:19 src/squid.8.in:25
-#: tools/cachemgr.cgi.8.in:11 tools/squidclient/squidclient.1:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:14
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:31
+#: src/acl/external/file_userip/ext_file_userip_acl.8:14
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:12
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:14
+#: src/acl/external/session/ext_session_acl.8:16
+#: src/acl/external/time_quota/ext_time_quota_acl.8:12
+#: src/acl/external/unix_group/ext_unix_group_acl.8:13
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:9
+#: src/auth/basic/LDAP/basic_ldap_auth.8:37
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:10
+#: src/auth/basic/PAM/basic_pam_auth.8:13
+#: src/auth/basic/RADIUS/basic_radius_auth.8:24
+#: src/auth/basic/SASL/basic_sasl_auth.8:11
+#: src/auth/basic/SSPI/basic_sspi_auth.8:18
+#: src/auth/digest/file/digest_file_auth.8:13
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:16
+#: src/security/cert_generators/file/security_file_certgen.8.in:30
+#: src/squid.8.in:23 tools/cachemgr.cgi.8.in:9 tools/purge/purge.1:10
+#: tools/squidclient/squidclient.1:61
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr "ОПИСАНИЕ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:15
+#: src/acl/external/AD_group/ext_ad_group_acl.8:17
 msgid ""
-"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
-"to validate the user name and password of Basic HTTP authentication."
+"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
 msgstr ""
-"<basic_getpwnam_auth> позволяет Squid авторизовать любых пользователей чьи "
-"имена и пароли подходят для Базовой HTTP авторизации."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:21
-msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
-msgstr "Используйте процедуры B<getpwnam()> и B<getspnam()> для идентификации."
+#: src/acl/external/AD_group/ext_ad_group_acl.8:20
+msgid ""
+"This helper must be used in with an authentication scheme (typically Basic, "
+"NTLM or Negotiate) based on Windows Active Directory domain users."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:23
-msgid "This has the following advantages over the NCSA module:"
-msgstr "Это имеет приимущество над модулем NCSA:"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:24
+#: src/acl/external/LM_group/ext_lm_group_acl.8:24
+msgid ""
+"It reads from the standard input the domain username and a list of groups "
+"and tries to match each against the groups membership of the specified "
+"username."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:25
-#, fuzzy
-#| msgid "Allows authentication of all known local users"
-msgid "- Allows authentication of all known local users"
-msgstr "Позволяет идентифицировать всех известных локальных пользователей"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:26
+msgid "Two running mode are available:"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:28
-#, fuzzy
-#| msgid "Allows authentication through nsswitch.conf"
-msgid "- Allows authentication through nsswitch.conf"
-msgstr "Позволяет идентифицировать с помощью nsswitch.conf"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:30
+msgid ""
+"B<- Local mode:> membership is checked against machine's local groups, "
+"cannot be used when running on a Domain Controller."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:31
-#, fuzzy
-#| msgid "Can handle NIS(+) requests"
-msgid "- Can handle NIS(+) requests"
-msgstr "Может обрабатывать запросы NIS(+)"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:35
+msgid ""
+"B<- Active Directory Global mode:> membership is checked against the whole "
+"Active Directory Forest of the machine where Squid is running."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:34
-#, fuzzy
-#| msgid "Can handle LDAP requests"
-msgid "- Can handle LDAP requests"
-msgstr "Может обрабатывать запросы LDAP"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:39
+msgid ""
+"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
+"Windows 2000 SP4 member of an Active Directory Domain."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:37
-#, fuzzy
-#| msgid "Can handle PAM requests"
-msgid "- Can handle PAM requests"
-msgstr "Может обрабатывать запросы PAM"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:48
+msgid ""
+"When running in Active Directory Global mode, all types of Active Directory "
+"security groups are supported: B<Domain Global> , B<Domain Local> from "
+"user's domain, B<Universal> and Active Directory group nesting is fully "
+"supported."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:49
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:42
+#: src/acl/external/file_userip/ext_file_userip_acl.8:21
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:63
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:47
+#: src/acl/external/LM_group/ext_lm_group_acl.8:25
+#: src/acl/external/session/ext_session_acl.8:32
+#: src/acl/external/time_quota/ext_time_quota_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:17
+#: src/auth/basic/LDAP/basic_ldap_auth.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:33
+#: src/auth/basic/PAM/basic_pam_auth.8:19
+#: src/auth/basic/RADIUS/basic_radius_auth.8:29
+#: src/auth/basic/SSPI/basic_sspi_auth.8:32
+#: src/auth/digest/file/digest_file_auth.8:21
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:17
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:41
+#: src/squid.8.in:57 tools/purge/purge.1:24 tools/squidclient/squidclient.1:70
+#, no-wrap
+msgid "OPTIONS"
+msgstr "ПАРАМЕТРЫ"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:53
+msgid "Use case insensitive compare (local mode only)."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:57
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:61
+#: src/acl/external/file_userip/ext_file_userip_acl.8:25
+#: src/acl/external/LM_group/ext_lm_group_acl.8:33
+#: src/acl/external/unix_group/ext_unix_group_acl.8:21
+#: src/auth/basic/SSPI/basic_sspi_auth.8:40
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:30
+#: src/security/cert_generators/file/security_file_certgen.8.in:57
+msgid "Write debug info to stderr."
+msgstr ""
+"Записывать отладочную информацию в стандартный файл вывода сообщений об "
+"ошибках (stderr)."
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:62
+msgid "Specify the default user's B<domain>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:66
+msgid "Start helper in Active Directory Global mode."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:70
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:80
+#: src/acl/external/file_userip/ext_file_userip_acl.8:35
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:67
+#: src/acl/external/LM_group/ext_lm_group_acl.8:45
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:21
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:38
+#: src/security/cert_generators/file/security_file_certgen.8.in:68
+msgid "Display the binary help and command line syntax info using stderr."
+msgstr ""
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:38
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:244
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:39
-#: helpers/basic_auth/PAM/basic_pam_auth.8:41
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:61
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:19
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:51
-#: helpers/digest_auth/file/digest_file_auth.8:25
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:73
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:142
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:38
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:134
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:211
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:52
-#: helpers/external_acl/session/ext_session_acl.8:74
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:58
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:36
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:36
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:46 tools/cachemgr.cgi.8.in:19
+#: src/acl/external/AD_group/ext_ad_group_acl.8:71
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:140
+#: src/acl/external/file_userip/ext_file_userip_acl.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:132
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:209
+#: src/acl/external/LM_group/ext_lm_group_acl.8:50
+#: src/acl/external/session/ext_session_acl.8:72
+#: src/acl/external/time_quota/ext_time_quota_acl.8:56
+#: src/acl/external/unix_group/ext_unix_group_acl.8:34
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:36
+#: src/auth/basic/LDAP/basic_ldap_auth.8:242
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:37
+#: src/auth/basic/PAM/basic_pam_auth.8:39
+#: src/auth/basic/RADIUS/basic_radius_auth.8:59
+#: src/auth/basic/SASL/basic_sasl_auth.8:17
+#: src/auth/basic/SSPI/basic_sspi_auth.8:49
+#: src/auth/digest/file/digest_file_auth.8:26
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:43
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:43
+#: src/security/cert_generators/file/security_file_certgen.8.in:107
+#: tools/cachemgr.cgi.8.in:17 tools/purge/purge.1:172
 #, no-wrap
 msgid "CONFIGURATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:52
+#: src/acl/external/AD_group/ext_ad_group_acl.8:75
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program B<setuid> "
-"B<root>"
+"When running in Active Directory Global mode, the AD Group can be specified "
+"using the following syntax:"
 msgstr ""
-"При использовании локальной базы UNIX паролей для аутентификации программа "
-"должна быть запущена с правами администратора, иначе она не будет обладать "
-"достаточными правами для доступа к базе данных паролей пользователей. Такое "
-"использование этой программы не рекомендуется, но если это вам абсолютно "
-"необходимо, то измените B<setuid> на B<root>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:64
-#: helpers/basic_auth/PAM/basic_pam_auth.8:79
+#: src/acl/external/AD_group/ext_ad_group_acl.8:78
+msgid "B<1. Plain NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:81
+msgid "B<2. Full NT4 Group Name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:84
+msgid "B<3. Active Directory Canonical name>"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:87
+#, fuzzy
+#| msgid "Examples:"
+msgid "As Exampled:"
+msgstr "Например:"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:97
 msgid ""
-"Please note that in such configurations it is also strongly recommended that "
-"the program is moved into a directory where normal users cannot access it, "
-"as this mode of operation will allow any local user to brute-force other "
-"users passwords. Also note the program has not been fully audited and the "
-"author cannot be held responsible for any security issues due to such "
-"installations."
+"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:124
+msgid ""
+"In the previous example all validated AD users member of I<MYDOMAIN"
+"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
+"are allowed to use the cache."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:133
+msgid ""
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file .> The previous example will be:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:137
+msgid "and the DomainUsers files will contain only the following line:"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:139
+msgid "Domain Users"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:146
+msgid ""
+"B<NOTE 1:> When running in Active Directory Global mode, for better "
+"performance, all Domain Controllers of the Active Directory forest should be "
+"configured as Global Catalog."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:152
+msgid ""
+"B<NOTE 2:> When running in local mode, the standard group name comparison is "
+"case sensitive, so group name must be specified with same case as in the "
+"local SAM database."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:157
+msgid ""
+"It is possible to enable case insensitive group name comparison ( B<-c> ), "
+"but on some non-English locales, the results can be unexpected."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:165
+msgid ""
+"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
+"A> and B<-D> switches."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:169
+msgid "Refer to Squid documentation for more details on B<squid.conf>"
+msgstr ""
+
+#. type: SH
+#: src/acl/external/AD_group/ext_ad_group_acl.8:170
+#: src/acl/external/LM_group/ext_lm_group_acl.8:114
+#: src/auth/basic/SSPI/basic_sspi_auth.8:84
+#, no-wrap
+msgid "TESTING"
+msgstr "ТЕСТИРОВАНИЕ"
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:176
+msgid ""
+"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
+"used in a production environment. It may behave differently on different "
+"platforms."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:188
+#: src/acl/external/LM_group/ext_lm_group_acl.8:131
+msgid ""
+"To test it, run it from the command line. Enter username and group pairs "
+"separated by a space (username must entered with URL-encoded I<domain"
+"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:192
+#: src/acl/external/AD_group/ext_ad_group_acl.8:207
+#: src/acl/external/LM_group/ext_lm_group_acl.8:135
+msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:196
+#: src/acl/external/AD_group/ext_ad_group_acl.8:211
+#: src/acl/external/LM_group/ext_lm_group_acl.8:139
+msgid "Make sure pressing B<CTRL+C> aborts the program."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:218
+#: src/acl/external/LM_group/ext_lm_group_acl.8:146
+#: src/auth/basic/SSPI/basic_sspi_auth.8:104
+msgid ""
+"Test that entering no details does not result in an B<OK> or B<ERR> message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:222
+#: src/acl/external/LM_group/ext_lm_group_acl.8:150
+msgid ""
+"Test that entering an invalid username and group results in an B<ERR> "
+"message."
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:226
+#: src/acl/external/LM_group/ext_lm_group_acl.8:154
+msgid ""
+"Test that entering an valid username and group results in an B<OK> message."
 msgstr ""
-"Пожалуйста, обратите внимание, что в такой конфигурации, настоятельно "
-"рекомендуется, что бы программа была перемещена в папку недоступную обычным "
-"пользователям, так как это режим работы позволит любому локальному "
-"пользователю перебрать пароли других пользователей. Также обратите внимание, "
-"программа не была полностью проверена и автор не может нести ответственность "
-"за любые проблемы безопасности из-за такой установки."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:65
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:300
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:53
-#: helpers/basic_auth/PAM/basic_pam_auth.8:80
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:89
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:75
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:123
-#: helpers/digest_auth/file/digest_file_auth.8:59
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:229
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:187
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:75
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:232
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:157
-#: helpers/external_acl/session/ext_session_acl.8:97
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:216
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:68
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:86
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:93 src/squid.8.in:231
-#: tools/cachemgr.cgi.8.in:51 tools/squidclient/squidclient.1:195
+#: src/acl/external/AD_group/ext_ad_group_acl.8:227
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:185
+#: src/acl/external/file_userip/ext_file_userip_acl.8:73
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:230
+#: src/acl/external/LM_group/ext_lm_group_acl.8:155
+#: src/acl/external/session/ext_session_acl.8:95
+#: src/acl/external/time_quota/ext_time_quota_acl.8:214
+#: src/acl/external/unix_group/ext_unix_group_acl.8:66
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:63
+#: src/auth/basic/LDAP/basic_ldap_auth.8:298
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:51
+#: src/auth/basic/PAM/basic_pam_auth.8:78
+#: src/auth/basic/RADIUS/basic_radius_auth.8:87
+#: src/auth/basic/SASL/basic_sasl_auth.8:73
+#: src/auth/basic/SSPI/basic_sspi_auth.8:121
+#: src/auth/digest/file/digest_file_auth.8:60
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:94
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:90
+#: src/security/cert_generators/file/security_file_certgen.8.in:143
+#: src/squid.8.in:235 tools/cachemgr.cgi.8.in:49 tools/purge/purge.1:254
+#: tools/squidclient/squidclient.1:230
 #, no-wrap
 msgid "AUTHOR"
 msgstr "АВТОР"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:67
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:77
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:125
-#: helpers/digest_auth/file/digest_file_auth.8:61
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:231
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:189
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:77
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:234
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:159
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:70
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:88
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:95
+#: src/acl/external/AD_group/ext_ad_group_acl.8:229
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:187
+#: src/acl/external/file_userip/ext_file_userip_acl.8:75
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:220
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:232
+#: src/acl/external/LM_group/ext_lm_group_acl.8:157
+#: src/acl/external/unix_group/ext_unix_group_acl.8:68
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:75
+#: src/auth/basic/SSPI/basic_sspi_auth.8:123
+#: src/auth/digest/file/digest_file_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:96
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:92
+#: src/security/cert_generators/file/security_file_certgen.8.in:145
 msgid "This program was written by"
 msgstr "Эта программа была написана"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:72
-msgid "Based on original code by"
-msgstr "Основан на оригинальном коде"
+#: src/acl/external/AD_group/ext_ad_group_acl.8:233
+msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:75
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:55
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:97
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:80
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:134
-#: helpers/digest_auth/file/digest_file_auth.8:68
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:237
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:192
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:80
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:243
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:169
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:73
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:91
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:102
+#: src/acl/external/AD_group/ext_ad_group_acl.8:235
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:190
+#: src/acl/external/file_userip/ext_file_userip_acl.8:78
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:223
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:241
+#: src/acl/external/LM_group/ext_lm_group_acl.8:167
+#: src/acl/external/unix_group/ext_unix_group_acl.8:71
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:73
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:53
+#: src/auth/basic/RADIUS/basic_radius_auth.8:95
+#: src/auth/basic/SASL/basic_sasl_auth.8:78
+#: src/auth/basic/SSPI/basic_sspi_auth.8:132
+#: src/auth/digest/file/digest_file_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:99
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:99
+#: src/security/cert_generators/file/security_file_certgen.8.in:148
 msgid "This manual was written by"
 msgstr "Это руководство было написано"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:77
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:308
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:60
-#: helpers/basic_auth/PAM/basic_pam_auth.8:84
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:99
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:83
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:137
-#: helpers/digest_auth/file/digest_file_auth.8:71
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:240
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:195
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:83
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:227
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:245
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:172
-#: helpers/external_acl/session/ext_session_acl.8:102
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:220
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:93
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:105 src/squid.8.in:241
-#: tools/cachemgr.cgi.8.in:57 tools/squidclient/squidclient.1:201
+#: src/acl/external/AD_group/ext_ad_group_acl.8:238
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:193
+#: src/acl/external/file_userip/ext_file_userip_acl.8:81
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:225
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:243
+#: src/acl/external/LM_group/ext_lm_group_acl.8:170
+#: src/acl/external/session/ext_session_acl.8:100
+#: src/acl/external/time_quota/ext_time_quota_acl.8:218
+#: src/acl/external/unix_group/ext_unix_group_acl.8:73
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:75
+#: src/auth/basic/LDAP/basic_ldap_auth.8:306
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:58
+#: src/auth/basic/PAM/basic_pam_auth.8:82
+#: src/auth/basic/RADIUS/basic_radius_auth.8:97
+#: src/auth/basic/SASL/basic_sasl_auth.8:81
+#: src/auth/basic/SSPI/basic_sspi_auth.8:135
+#: src/auth/digest/file/digest_file_auth.8:72
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:101
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:102
+#: src/security/cert_generators/file/security_file_certgen.8.in:151
+#: src/squid.8.in:245 tools/cachemgr.cgi.8.in:55 tools/purge/purge.1:261
+#: tools/squidclient/squidclient.1:237
 #, no-wrap
 msgid "COPYRIGHT"
 msgstr "АВТОРСКОЕ ПРАВО"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:79
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:310
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:101
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:85
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:139
-#: helpers/digest_auth/file/digest_file_auth.8:73
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:242
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:197
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:85
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:229
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:247
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:174
-#: helpers/external_acl/session/ext_session_acl.8:104
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:222
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:77
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:95
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:107
+#: src/acl/external/AD_group/ext_ad_group_acl.8:245
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:200
+#: src/acl/external/file_userip/ext_file_userip_acl.8:88
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:250
+#: src/acl/external/LM_group/ext_lm_group_acl.8:177
+#: src/acl/external/session/ext_session_acl.8:107
+#: src/acl/external/time_quota/ext_time_quota_acl.8:225
+#: src/acl/external/unix_group/ext_unix_group_acl.8:80
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:313
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:65
+#: src/auth/basic/PAM/basic_pam_auth.8:89
+#: src/auth/basic/RADIUS/basic_radius_auth.8:104
+#: src/auth/basic/SASL/basic_sasl_auth.8:88
+#: src/auth/basic/SSPI/basic_sspi_auth.8:142
+#: src/auth/digest/file/digest_file_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:109
+#: src/security/cert_generators/file/security_file_certgen.8.in:158
+#: src/squid.8.in:252 tools/cachemgr.cgi.8.in:62 tools/purge/purge.1:268
+#: tools/squidclient/squidclient.1:244
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2017 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/acl/external/AD_group/ext_ad_group_acl.8:247
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:202
+#: src/acl/external/file_userip/ext_file_userip_acl.8:90
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:234
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:252
+#: src/acl/external/LM_group/ext_lm_group_acl.8:179
+#: src/acl/external/session/ext_session_acl.8:109
+#: src/acl/external/time_quota/ext_time_quota_acl.8:227
+#: src/acl/external/unix_group/ext_unix_group_acl.8:82
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:84
+#: src/auth/basic/LDAP/basic_ldap_auth.8:315
+#: src/auth/basic/RADIUS/basic_radius_auth.8:106
+#: src/auth/basic/SASL/basic_sasl_auth.8:90
+#: src/auth/basic/SSPI/basic_sspi_auth.8:144
+#: src/auth/digest/file/digest_file_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:110
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:111
 msgid "This program and documentation is copyright to the authors named above."
 msgstr ""
 "Эта программа и документация является интеллектуальной собственностью "
 "вышеуказанных авторов."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:81
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:312
-#: helpers/basic_auth/PAM/basic_pam_auth.8:91
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:103
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:87
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:141
-#: helpers/digest_auth/file/digest_file_auth.8:75
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:244
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:199
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:87
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:231
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:249
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:176
-#: helpers/external_acl/session/ext_session_acl.8:106
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:224
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:79
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:97
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:109 tools/cachemgr.cgi.8.in:59
-#: tools/squidclient/squidclient.1:203
+#: src/acl/external/AD_group/ext_ad_group_acl.8:249
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:204
+#: src/acl/external/file_userip/ext_file_userip_acl.8:92
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:236
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:254
+#: src/acl/external/LM_group/ext_lm_group_acl.8:181
+#: src/acl/external/session/ext_session_acl.8:111
+#: src/acl/external/time_quota/ext_time_quota_acl.8:229
+#: src/acl/external/unix_group/ext_unix_group_acl.8:84
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:86
+#: src/auth/basic/LDAP/basic_ldap_auth.8:317
+#: src/auth/basic/PAM/basic_pam_auth.8:96
+#: src/auth/basic/RADIUS/basic_radius_auth.8:108
+#: src/auth/basic/SASL/basic_sasl_auth.8:92
+#: src/auth/basic/SSPI/basic_sspi_auth.8:146
+#: src/auth/digest/file/digest_file_auth.8:83
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:112
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:113
 msgid ""
 "Distributed under the GNU General Public License (GNU GPL) version 2 or "
 "later (GPLv2+)."
@@ -351,51 +603,55 @@ msgstr ""
 "(GPLv2+)."
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:82
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:313
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:73
-#: helpers/basic_auth/PAM/basic_pam_auth.8:92
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:104
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:88
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:142
-#: helpers/digest_auth/file/digest_file_auth.8:76
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:245
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:200
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:88
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:250
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:177
-#: helpers/external_acl/session/ext_session_acl.8:107
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:225
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:80
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:98
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:110 src/squid.8.in:258
-#: tools/cachemgr.cgi.8.in:60 tools/squidclient/squidclient.1:204
+#: src/acl/external/AD_group/ext_ad_group_acl.8:250
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:205
+#: src/acl/external/file_userip/ext_file_userip_acl.8:93
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:255
+#: src/acl/external/LM_group/ext_lm_group_acl.8:182
+#: src/acl/external/session/ext_session_acl.8:112
+#: src/acl/external/time_quota/ext_time_quota_acl.8:230
+#: src/acl/external/unix_group/ext_unix_group_acl.8:85
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:87
+#: src/auth/basic/LDAP/basic_ldap_auth.8:318
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:97
+#: src/auth/basic/RADIUS/basic_radius_auth.8:109
+#: src/auth/basic/SASL/basic_sasl_auth.8:93
+#: src/auth/basic/SSPI/basic_sspi_auth.8:147
+#: src/auth/digest/file/digest_file_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:113
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:114
+#: src/security/cert_generators/file/security_file_certgen.8.in:159
+#: src/squid.8.in:253 tools/cachemgr.cgi.8.in:63 tools/purge/purge.1:269
+#: tools/squidclient/squidclient.1:245
 #, no-wrap
 msgid "QUESTIONS"
 msgstr "ВОПРОСЫ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:85
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:316
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:76
-#: helpers/basic_auth/PAM/basic_pam_auth.8:95
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:107
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:91
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:145
-#: helpers/digest_auth/file/digest_file_auth.8:79
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:248
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:203
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:91
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:235
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:253
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:180
-#: helpers/external_acl/session/ext_session_acl.8:110
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:228
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:83
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:101
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:113 src/squid.8.in:261
-#: tools/cachemgr.cgi.8.in:63 tools/squidclient/squidclient.1:207
+#: src/acl/external/AD_group/ext_ad_group_acl.8:253
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:208
+#: src/acl/external/file_userip/ext_file_userip_acl.8:96
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:258
+#: src/acl/external/LM_group/ext_lm_group_acl.8:185
+#: src/acl/external/session/ext_session_acl.8:115
+#: src/acl/external/time_quota/ext_time_quota_acl.8:233
+#: src/acl/external/unix_group/ext_unix_group_acl.8:88
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:90
+#: src/auth/basic/LDAP/basic_ldap_auth.8:321
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:80
+#: src/auth/basic/PAM/basic_pam_auth.8:100
+#: src/auth/basic/RADIUS/basic_radius_auth.8:112
+#: src/auth/basic/SASL/basic_sasl_auth.8:96
+#: src/auth/basic/SSPI/basic_sspi_auth.8:150
+#: src/auth/digest/file/digest_file_auth.8:87
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:116
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:117
+#: src/security/cert_generators/file/security_file_certgen.8.in:162
+#: src/squid.8.in:256 tools/cachemgr.cgi.8.in:66 tools/purge/purge.1:272
+#: tools/squidclient/squidclient.1:248
 msgid ""
 "Questions on the usage of this program can be sent to the I<Squid Users "
 "mailing list>"
@@ -404,50 +660,54 @@ msgstr ""
 "mailing list>"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:87
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:321
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:78
-#: helpers/basic_auth/PAM/basic_pam_auth.8:97
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:112
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:93
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:147
-#: helpers/digest_auth/file/digest_file_auth.8:81
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:250
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:205
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:93
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:258
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:182
-#: helpers/external_acl/session/ext_session_acl.8:112
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:230
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:85
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:103
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:115 src/squid.8.in:263
-#: tools/cachemgr.cgi.8.in:65 tools/squidclient/squidclient.1:209
+#: src/acl/external/AD_group/ext_ad_group_acl.8:255
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:210
+#: src/acl/external/file_userip/ext_file_userip_acl.8:98
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:263
+#: src/acl/external/LM_group/ext_lm_group_acl.8:187
+#: src/acl/external/session/ext_session_acl.8:117
+#: src/acl/external/time_quota/ext_time_quota_acl.8:235
+#: src/acl/external/unix_group/ext_unix_group_acl.8:90
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:92
+#: src/auth/basic/LDAP/basic_ldap_auth.8:326
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:82
+#: src/auth/basic/PAM/basic_pam_auth.8:102
+#: src/auth/basic/RADIUS/basic_radius_auth.8:117
+#: src/auth/basic/SASL/basic_sasl_auth.8:98
+#: src/auth/basic/SSPI/basic_sspi_auth.8:152
+#: src/auth/digest/file/digest_file_auth.8:89
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:118
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:119
+#: src/security/cert_generators/file/security_file_certgen.8.in:164
+#: src/squid.8.in:258 tools/cachemgr.cgi.8.in:68 tools/purge/purge.1:274
+#: tools/squidclient/squidclient.1:250
 #, no-wrap
 msgid "REPORTING BUGS"
 msgstr "СООБЩЕНИЕ ОБ ОШИБКАХ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:90
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:324
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:81
-#: helpers/basic_auth/PAM/basic_pam_auth.8:100
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:115
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:96
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:150
-#: helpers/digest_auth/file/digest_file_auth.8:84
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:253
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:217
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:96
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:240
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:261
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:185
-#: helpers/external_acl/session/ext_session_acl.8:115
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:233
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:88
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:106
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:118 src/squid.8.in:266
+#: src/acl/external/AD_group/ext_ad_group_acl.8:258
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:222
+#: src/acl/external/file_userip/ext_file_userip_acl.8:101
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:266
+#: src/acl/external/LM_group/ext_lm_group_acl.8:190
+#: src/acl/external/session/ext_session_acl.8:120
+#: src/acl/external/time_quota/ext_time_quota_acl.8:238
+#: src/acl/external/unix_group/ext_unix_group_acl.8:93
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:95
+#: src/auth/basic/LDAP/basic_ldap_auth.8:329
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:85
+#: src/auth/basic/PAM/basic_pam_auth.8:105
+#: src/auth/basic/RADIUS/basic_radius_auth.8:120
+#: src/auth/basic/SASL/basic_sasl_auth.8:101
+#: src/auth/basic/SSPI/basic_sspi_auth.8:155
+#: src/auth/digest/file/digest_file_auth.8:92
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:122
+#: src/security/cert_generators/file/security_file_certgen.8.in:167
+#: src/squid.8.in:261
 msgid ""
 "Bug reports need to be made in English.  See http://wiki.squid-cache.org/"
 "SquidFaq/BugReporting for details of what you need to include with your bug "
@@ -457,52 +717,56 @@ msgstr ""
 "wiki.squid-cache.org/SquidFaq/BugReporting, что нужно включать в отчёт."
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:92
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:326
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:83
-#: helpers/basic_auth/PAM/basic_pam_auth.8:102
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:117
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:98
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:152
-#: helpers/digest_auth/file/digest_file_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:255
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:219
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:98
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:242
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:263
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:187
-#: helpers/external_acl/session/ext_session_acl.8:117
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:235
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:90
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:108
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:120 src/squid.8.in:268
-#: tools/cachemgr.cgi.8.in:69 tools/squidclient/squidclient.1:213
+#: src/acl/external/AD_group/ext_ad_group_acl.8:260
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:224
+#: src/acl/external/file_userip/ext_file_userip_acl.8:103
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:247
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:268
+#: src/acl/external/LM_group/ext_lm_group_acl.8:192
+#: src/acl/external/session/ext_session_acl.8:122
+#: src/acl/external/time_quota/ext_time_quota_acl.8:240
+#: src/acl/external/unix_group/ext_unix_group_acl.8:95
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:97
+#: src/auth/basic/LDAP/basic_ldap_auth.8:331
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:87
+#: src/auth/basic/PAM/basic_pam_auth.8:107
+#: src/auth/basic/RADIUS/basic_radius_auth.8:122
+#: src/auth/basic/SASL/basic_sasl_auth.8:103
+#: src/auth/basic/SSPI/basic_sspi_auth.8:157
+#: src/auth/digest/file/digest_file_auth.8:94
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:124
+#: src/security/cert_generators/file/security_file_certgen.8.in:169
+#: src/squid.8.in:263 tools/cachemgr.cgi.8.in:72 tools/purge/purge.1:278
+#: tools/squidclient/squidclient.1:254
 msgid "Report bugs or bug fixes using http://bugs.squid-cache.org/"
 msgstr ""
 "Сообщите об ошибках или их исправлениях используя http://bugs.squid-cache."
 "org/"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:95
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:329
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:86
-#: helpers/basic_auth/PAM/basic_pam_auth.8:105
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:120
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:101
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:155
-#: helpers/digest_auth/file/digest_file_auth.8:89
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:258
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:222
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:101
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:245
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:266
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:190
-#: helpers/external_acl/session/ext_session_acl.8:120
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:238
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:93
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:111
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:123 src/squid.8.in:271
-#: tools/cachemgr.cgi.8.in:72 tools/squidclient/squidclient.1:216
+#: src/acl/external/AD_group/ext_ad_group_acl.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:227
+#: src/acl/external/file_userip/ext_file_userip_acl.8:106
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:271
+#: src/acl/external/LM_group/ext_lm_group_acl.8:195
+#: src/acl/external/session/ext_session_acl.8:125
+#: src/acl/external/time_quota/ext_time_quota_acl.8:243
+#: src/acl/external/unix_group/ext_unix_group_acl.8:98
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:100
+#: src/auth/basic/LDAP/basic_ldap_auth.8:334
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:90
+#: src/auth/basic/PAM/basic_pam_auth.8:110
+#: src/auth/basic/RADIUS/basic_radius_auth.8:125
+#: src/auth/basic/SASL/basic_sasl_auth.8:106
+#: src/auth/basic/SSPI/basic_sspi_auth.8:160
+#: src/auth/digest/file/digest_file_auth.8:97
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:126
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:127
+#: src/security/cert_generators/file/security_file_certgen.8.in:172
+#: src/squid.8.in:266 tools/cachemgr.cgi.8.in:75 tools/purge/purge.1:281
+#: tools/squidclient/squidclient.1:257
 msgid ""
 "Report serious security bugs to I<Squid Bugs E<lt>squid-bugs@squid-cache."
 "orgE<gt>>"
@@ -511,26 +775,28 @@ msgstr ""
 "bugs@squid-cache.orgE<gt>>"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:98
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:332
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:89
-#: helpers/basic_auth/PAM/basic_pam_auth.8:108
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:123
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:104
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:158
-#: helpers/digest_auth/file/digest_file_auth.8:92
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:261
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:225
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:104
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:248
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:269
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:193
-#: helpers/external_acl/session/ext_session_acl.8:123
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:241
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:96
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:114
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:126 src/squid.8.in:274
-#: tools/cachemgr.cgi.8.in:75 tools/squidclient/squidclient.1:219
+#: src/acl/external/AD_group/ext_ad_group_acl.8:266
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:230
+#: src/acl/external/file_userip/ext_file_userip_acl.8:109
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:253
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:274
+#: src/acl/external/LM_group/ext_lm_group_acl.8:198
+#: src/acl/external/session/ext_session_acl.8:128
+#: src/acl/external/time_quota/ext_time_quota_acl.8:246
+#: src/acl/external/unix_group/ext_unix_group_acl.8:101
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:103
+#: src/auth/basic/LDAP/basic_ldap_auth.8:337
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:93
+#: src/auth/basic/PAM/basic_pam_auth.8:113
+#: src/auth/basic/RADIUS/basic_radius_auth.8:128
+#: src/auth/basic/SASL/basic_sasl_auth.8:109
+#: src/auth/basic/SSPI/basic_sspi_auth.8:163
+#: src/auth/digest/file/digest_file_auth.8:100
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:129
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:130
+#: src/security/cert_generators/file/security_file_certgen.8.in:175
+#: src/squid.8.in:269 tools/cachemgr.cgi.8.in:78 tools/purge/purge.1:284
+#: tools/squidclient/squidclient.1:260
 msgid ""
 "Report ideas for new improvements to the I<Squid Developers mailing list>"
 msgstr ""
@@ -538,2776 +804,2657 @@ msgstr ""
 "list>"
 
 #. type: SH
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:100
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:334
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:91
-#: helpers/basic_auth/PAM/basic_pam_auth.8:110
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:125
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:106
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:160
-#: helpers/digest_auth/file/digest_file_auth.8:94
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:263
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:227
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:106
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:250
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:271
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:195
-#: helpers/external_acl/session/ext_session_acl.8:125
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:243
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:101
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:116
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:128 src/squid.8.in:276
-#: tools/cachemgr.cgi.8.in:77 tools/squidclient/squidclient.1:221
+#: src/acl/external/AD_group/ext_ad_group_acl.8:268
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:232
+#: src/acl/external/file_userip/ext_file_userip_acl.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:276
+#: src/acl/external/LM_group/ext_lm_group_acl.8:200
+#: src/acl/external/session/ext_session_acl.8:130
+#: src/acl/external/time_quota/ext_time_quota_acl.8:248
+#: src/acl/external/unix_group/ext_unix_group_acl.8:106
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:339
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:95
+#: src/auth/basic/PAM/basic_pam_auth.8:115
+#: src/auth/basic/RADIUS/basic_radius_auth.8:130
+#: src/auth/basic/SASL/basic_sasl_auth.8:111
+#: src/auth/basic/SSPI/basic_sspi_auth.8:165
+#: src/auth/digest/file/digest_file_auth.8:102
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:131
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:132
+#: src/security/cert_generators/file/security_file_certgen.8.in:177
+#: src/squid.8.in:271 tools/cachemgr.cgi.8.in:80 tools/purge/purge.1:286
+#: tools/squidclient/squidclient.1:262
 #, no-wrap
 msgid "SEE ALSO"
 msgstr "СМОТРИТЕ ТАКЖЕ"
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:114
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:344
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:97
-#: helpers/basic_auth/PAM/basic_pam_auth.8:121
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:132
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:117
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:165
-#: helpers/digest_auth/file/digest_file_auth.8:99
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:268
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:233
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:111
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:282
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:200
-#: helpers/external_acl/session/ext_session_acl.8:130
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:248
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:108
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:127
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:133 src/squid.8.in:286
+#: src/acl/external/AD_group/ext_ad_group_acl.8:273
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:238
+#: src/acl/external/file_userip/ext_file_userip_acl.8:116
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:269
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:287
+#: src/acl/external/LM_group/ext_lm_group_acl.8:205
+#: src/acl/external/session/ext_session_acl.8:135
+#: src/acl/external/time_quota/ext_time_quota_acl.8:253
+#: src/acl/external/unix_group/ext_unix_group_acl.8:113
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:119
+#: src/auth/basic/LDAP/basic_ldap_auth.8:349
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:101
+#: src/auth/basic/PAM/basic_pam_auth.8:126
+#: src/auth/basic/RADIUS/basic_radius_auth.8:137
+#: src/auth/basic/SASL/basic_sasl_auth.8:122
+#: src/auth/basic/SSPI/basic_sspi_auth.8:170
+#: src/auth/digest/file/digest_file_auth.8:107
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:142
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:137
+#: src/security/cert_generators/file/security_file_certgen.8.in:182
+#: src/squid.8.in:281
 msgid "The Squid FAQ wiki"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/getpwnam/basic_getpwnam_auth.8:117
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:347
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:100
-#: helpers/basic_auth/PAM/basic_pam_auth.8:124
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:135
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:120
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:168
-#: helpers/digest_auth/file/digest_file_auth.8:102
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:271
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:236
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:114
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:285
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:203
-#: helpers/external_acl/session/ext_session_acl.8:133
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:251
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:111
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:130
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:136 src/squid.8.in:289
+#: src/acl/external/AD_group/ext_ad_group_acl.8:276
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:241
+#: src/acl/external/file_userip/ext_file_userip_acl.8:119
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:272
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:290
+#: src/acl/external/LM_group/ext_lm_group_acl.8:208
+#: src/acl/external/session/ext_session_acl.8:138
+#: src/acl/external/time_quota/ext_time_quota_acl.8:256
+#: src/acl/external/unix_group/ext_unix_group_acl.8:116
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:122
+#: src/auth/basic/LDAP/basic_ldap_auth.8:352
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:104
+#: src/auth/basic/PAM/basic_pam_auth.8:129
+#: src/auth/basic/RADIUS/basic_radius_auth.8:140
+#: src/auth/basic/SASL/basic_sasl_auth.8:125
+#: src/auth/basic/SSPI/basic_sspi_auth.8:173
+#: src/auth/digest/file/digest_file_auth.8:110
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:145
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:140
+#: src/security/cert_generators/file/security_file_certgen.8.in:185
+#: src/squid.8.in:284
 msgid "The Squid Configuration Manual"
 msgstr "Руководство по настройке Squid"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:7
-msgid "LDAP authentication helper for Squid"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:5
+msgid "ext_edirectory_userip_acl - Squid eDirectory IP Lookup Helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:12
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:27
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:14
-msgid "base DN"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:15
+#: tools/squidclient/squidclient.1:22
+msgid "host"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:14
-msgid "attribute"
-msgstr "параметр"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:17
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:18
+#: src/auth/basic/LDAP/basic_ldap_auth.8:33
+#: src/auth/basic/RADIUS/basic_radius_auth.8:16 src/squid.8.in:15
+#: tools/squidclient/squidclient.1:26
+msgid "port"
+msgstr "порт"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:16
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:31
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:18
-msgid "options"
-msgstr "опции"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:19
+#, fuzzy
+#| msgid "LDAP server name"
+msgid "LDAP version"
+msgstr "Адрес сервера LDAP"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:18
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:33
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:20
-msgid "LDAP server name"
-msgstr "Адрес сервера LDAP"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:21
+msgid "basedn"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:20
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:35
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:18
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:19
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:22 src/squid.8.in:17
-#: tools/squidclient/squidclient.1:27
-msgid "port"
-msgstr "порт"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:22
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:37
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:24
-msgid "URI"
-msgstr "URL"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:29
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:16
-msgid "LDAP search filter"
-msgstr "Фильтр поиска LDAP"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:47
-msgid ""
-"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
-"the user name and password of Basic HTTP authentication.  LDAP options are "
-"specified as parameters on the command line, while the username(s) and "
-"password(s) to be checked against the LDAP directory are specified on "
-"subsequent lines of input to the helper, one username/password pair per line "
-"separated by a space."
-msgstr ""
-"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
-"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
-"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
-"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
-"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
-"каждой строке, отделена пробелом."
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:56
-msgid ""
-"As expected by the basic authentication construct of Squid, after specifying "
-"a username and password followed by a new line, this helper will produce "
-"either B<OK> or B<ERR> on the following line to show if the specified "
-"credentials are correct according to the LDAP directory."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:23
+msgid "scope"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:61
-msgid ""
-"The program has two major modes of operation. In the default mode of "
-"operation the users DN is constructed using the base DN and user attribute. "
-"In the other mode of operation a search filter is used to locate valid user "
-"DN's below the base DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:25
+msgid "binddn"
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:62
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:35
-#: helpers/basic_auth/PAM/basic_pam_auth.8:21
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:31
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:34
-#: helpers/digest_auth/file/digest_file_auth.8:20
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:51
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:44
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:23
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:65
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:49
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:27
-#: helpers/external_acl/session/ext_session_acl.8:34
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:24
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:19
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:19
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:25 src/squid.8.in:59
-#: tools/squidclient/squidclient.1:61
-#, no-wrap
-msgid "OPTIONS"
-msgstr "ПАРАМЕТРЫ"
-
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:27
+msgid "bindpass"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:75
-msgid ""
-"LDAP search B<filter> to locate the user DN. Required if the users are in a "
-"hierarchy below the base DN, or if the login name is not what builds the "
-"user specific part of the users DN."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:29
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:14
+msgid "filter"
 msgstr ""
 
-#. uid\=%s\""
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:82
-msgid ""
-"The search filter can contain up to 15 occurrences of B<%s> which will be "
-"replaced by the username, as in B<\\&\\&> for RFC2037 directories. For a "
-"detailed description of LDAP search filter syntax see RFC2254."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:34
+msgid "B<ext_edirectory_userip_acl> is an installed binary."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:90
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:38
 msgid ""
-"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
-"%s> are used."
+"This program has been written in order to solve the problems associated with "
+"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:99
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:41
 msgid ""
-"Specifies the name of the DN attribute that contains the username/login.  "
-"Combined with the base DN to construct the users DN when no search filter is "
-"specified ( B<-f> option). Defaults to B<uid>"
+"The limitations of the Perl script involved memory/cpu utilization, speed, "
+"the lack of eDirectory 8.8 support, and IPv6 support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:108
-msgid ""
-"B<Note:> This can only be done if all your users are located directly under "
-"the same position in the LDAP tree and the login name is used for naming "
-"each user object. If your LDAP tree does not match these criterias or if you "
-"want to filter who are valid users then you need to use a search filter to "
-"search for your users DN ( B<-f> option)."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:46
+msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:118
-msgid ""
-"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
-"password.  B<passwordattr> is the LDAP attribute storing the users password."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:50
+msgid "Force Addresses to be in IPv6 (:: format)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:126
-msgid ""
-"Search scope when performing user DN searches specified by the B<-f> option. "
-"Defaults to B<sub>"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:57
+msgid "Specify B<base> DN. For example; B<o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:130
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:110
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:178
-msgid "B<base> object only,"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:66
+msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:133
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:113
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:181
-msgid "B<one> level below the base object or"
-msgstr "B<one> уровнем ниже базового объекта или"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:136
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:116
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:184
-msgid "B<sub>tree below the base object"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:71
+msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:142
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:76
 msgid ""
-"The DN and password to bind as while performing searches. Required by the B<-"
-"f> flag if the directory does not allow anonymous searches."
+"Specify if LDAP search group is required. For example; B<groupMembership=>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:147
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use a account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:84
+msgid "Specify hostname or IP of server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:152
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:98
-msgid ""
-"The DN and the name of a file containing the password to bind as while "
-"performing searches."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:88
+msgid "Port number."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:157
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:103
-msgid ""
-"Less insecure version of the former parameter pair with two advantages: The "
-"password does not occur in the process listing, and the password is not "
-"being compromised if someone gets the squid configuration file without "
-"getting the secretfile."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:92
+msgid "Use persistent connections."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:165
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:100
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while validating a username to preserve resources at the LDAP server. This "
-"option causes the LDAP connection to be kept open, allowing it to be reused "
-"for further user validations. Recommended for larger installations."
+"Timeout factor for persistent connections. Set to B<0> for never timeout. "
+"Default is B<60> seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:178
-msgid ""
-"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
-"binding as another user after a successful I<ldap_bind.> The use of this "
-"option always opens a new connection for each login attempt. If combined "
-"with the B<-P> option for persistent LDAP connection then the connection "
-"used for searching for the user DN is kept persistent but a new connection "
-"is opened to verify each users password once the DN is found."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:105
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:173
+msgid "search scope. Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:182
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:170
-msgid "Do not follow referrals"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:108
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:176
+#: src/auth/basic/LDAP/basic_ldap_auth.8:128
+msgid "B<base> object only,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:187
-msgid "when to dereference aliases. Defaults to B<never>"
-msgstr ""
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:111
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:179
+#: src/auth/basic/LDAP/basic_ldap_auth.8:131
+msgid "B<one> level below the base object or"
+msgstr "B<one> уровнем ниже базового объекта или"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:196
-msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search ing> or only to B<find> the base object."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:114
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:182
+#: src/auth/basic/LDAP/basic_ldap_auth.8:134
+msgid "B<sub>tree below the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:201
-msgid ""
-"Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP "
-"libraries).  Servers can also be specified last on the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:121
+msgid "Set userid B<attribute .> Default is B<cn>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:206
-msgid ""
-"Specify the LDAP server to connect to. Servers can also be specified last on "
-"the command line."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:126
+msgid "Set LDAP B<version>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:212
-msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389. Can also be specified within the server "
-"specification by using servername:port syntax."
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:130
+msgid "Display version information and exit."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:218
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:206
-#, fuzzy
-#| msgid "LDAP protocol version. Defaults to 3 if not specified."
-msgid "LDAP protocol version. Defaults to B<3> if not specified."
-msgstr "Версия протокола LDAP. По умолчанию 3, если не указано."
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:222
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:210
-msgid "Use TLS encryption"
-msgstr "Используйте TLS шифрование"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:226
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:107
-msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
-msgstr "Включить LDAP через SSL (требуются Netscape LDAP API библиотеки)"
-
-#. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:233
-msgid ""
-"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
-"LDAP API libraries)"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:135
+msgid "Specify binding B<password>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:237
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:192
-msgid "Specify time limit on LDAP search operations"
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:139
+msgid "Enable TLS security."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:243
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:160
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the results is not what is expected."
+"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
+"that users may be used to control internet access, which can also be stacked "
+"against other ACL's.  Use of the groups is optional, unless the '-G' option "
+"has been passed.  Please note that you need to specify the full LDAP object "
+"for this, as shown above."
+msgstr ""
+
+#. type: SH
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:161
+#: src/acl/external/unix_group/ext_unix_group_acl.8:60
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:45
+#: src/security/cert_generators/file/security_file_certgen.8.in:88
+#: tools/purge/purge.1:233
+#, no-wrap
+msgid "KNOWN ISSUES"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:248
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:166
 msgid ""
-"For directories using the RFC2307 layout with a single domain, all you need "
-"to specify is usually the base DN under where your users are located and the "
-"server name:"
+"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
+"is in place to read IPv6 networkAddress fields, please attempt this in a "
+"TESTING environment first.  Please contact the author regarding IPv6 support "
+"development."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:256
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:171
 msgid ""
-"If you have sub-domains then you need to use a search filter approach to "
-"locate your user DNs as these can no longer be constructed directly from the "
-"base DN and login name alone:"
+"There is a known issue regarding Novell's Client for Windows, that is mostly "
+"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
+"populating the networkAddress field in eDirectory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:263
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:177
 msgid ""
-"And similarly if you only want to allow access to users having a specific "
-"attribute"
+"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
+"lower?) and connection licensing.  It appears that whenever a server runs "
+"low on connection licenses, that it I sometimes does not populate the "
+"networkAddress fields correctly."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:274
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:184
 msgid ""
-"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
-"do not want to have to search for the users then you could use something "
-"like the following example for Active Directory:"
+"Majority of Proxy Authentication issues can be resolved by having the users' "
+"B<reboot> if their networkAddress is not correct, or using "
+"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
+"networkAddress fields to troubleshoot."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:286
+#: src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8:218
 msgid ""
-"If you want to search for the user DN and your directory does not allow "
-"anonymous searches then you must also use the B<-D> and B<-w> flags to "
-"specify a user DN and password to log in as to perform the searches, as in "
-"the following complex Active Directory example"
+"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
+"situations B<before> seeking support! You may also need to make sure your "
+"servers have the latest service packs installed, and that your servers are "
+"properly synchronizing partitions."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:299
+#: src/acl/external/file_userip/ext_file_userip_acl.8:5
 msgid ""
-"B<NOTE:> When constructing search filters it is strongly recommended to test "
-"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
-"This to verify that the filter matches what you expect."
+"ext_file_userip_acl - Restrict users to certain IP addresses, using a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:302
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:91
-msgid "This program is written by"
-msgstr "Эта программа написана"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:7
+#: src/acl/external/time_quota/ext_time_quota_acl.8:7
+#: src/auth/basic/SASL/basic_sasl_auth.8:7
+#: src/security/cert_generators/file/security_file_certgen.8.in:7
+msgid "Version 1.0"
+msgstr "Версия 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:306
-msgid "This manual is written by"
-msgstr "Это руководство написано"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:12
+msgid "file name"
+msgstr "имя файла"
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:320
+#: src/acl/external/file_userip/ext_file_userip_acl.8:17
 msgid ""
-"Or to your favorite LDAP list/friend if the question is more related to LDAP "
-"than Squid."
+"B<ext_file_userip_acl> is an installed binary. An external helper for the "
+"Squid external acl scheme."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:340
-msgid "Your favorite LDAP documentation."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:20
+msgid ""
+"It works by reading a pair composed by an IP address and an username on "
+"STDIN and matching it against a configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/LDAP/basic_ldap_auth.8:342
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:259
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:280
-msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:31
+msgid "Configuration B<file> to load."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:7
-msgid "NCSA httpd-style password file authentication helper for Squid"
+#: src/acl/external/file_userip/ext_file_userip_acl.8:41
+msgid "The B<squid.conf> configuration for the external ACL should be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:11
-msgid "passwd file"
-msgstr "passwd файл"
-
-#. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:16
+#: src/acl/external/file_userip/ext_file_userip_acl.8:49
 msgid ""
-"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
-"information from an NCSA/Apache httpd-style password file when using basic "
-"HTTP authentication."
+"If the helper program finds a matching username/ip in the configuration "
+"file, it returns B<OK> , otherwise it returns B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:19
-msgid "This password file can be manipulated using B<htpasswd.>"
-msgstr ""
+#: src/acl/external/file_userip/ext_file_userip_acl.8:51
+msgid "The configuration file format is as follows:"
+msgstr "Формат конфигурационного файла выглядит следующим образом:"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:32
+#: src/acl/external/file_userip/ext_file_userip_acl.8:60
 msgid ""
-"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
-"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
-"and magic strings * MD5 - with optional salt and magic strings * DES - for "
-"passwords 8 characters or less in length"
+"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
+"in dotted quad format too."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:34
-msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
+#: src/acl/external/file_userip/ext_file_userip_acl.8:66
+msgid ""
+"When the second parameter is prefixed with an B<@> , the program will lookup "
+"the B</etc/group> file entry for the specified username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:38
+#: src/acl/external/file_userip/ext_file_userip_acl.8:72
 msgid ""
-"The only parameter is the password file.  It must have permissions to be "
-"read by the user that Squid is running as."
+"There are other two directives, B<ALL> and B<NONE> , which mean \"any user "
+"on this IP address may authenticate\" or \"no user on this IP address may "
+"authenticate\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:5
 msgid ""
-"B<basic_ncsa_auth> must have access to the password file to be executed."
+"ext_kerberos_ldap_group_acl - Squid LDAP external acl group helper for "
+"Kerberos or NTLM credentials."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:47
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:163
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:62
-#, no-wrap
-msgid "KNOWN ISSUES"
-msgstr ""
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.3.0sq"
+msgstr "Версия 1.0"
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:52
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:24
+#, fuzzy
+#| msgid ""
+#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
+#| "validate the user name and password of Basic HTTP authentication.  LDAP "
+#| "options are specified as parameters on the command line, while the "
+#| "username(s) and password(s) to be checked against the LDAP directory are "
+#| "specified on subsequent lines of input to the helper, one username/"
+#| "password pair per line separated by a space."
 msgid ""
-"DES functionality (used by htpasswd by default) silently truncates passwords "
-"to 8 characters.  Allowing login with password values shorter than the one "
-"desired.  This authenticator will reject login with long passwords when "
-"using DES."
+"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
+"connect to a LDAP directory to authorize users via LDAP groups. Options are "
+"specified as parameters on the command line, while the username (e.g.  "
+"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
+"directory are specified on subsequent lines of input to the helper, one "
+"username per line."
 msgstr ""
+"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
+"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
+"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
+"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
+"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
+"каждой строке, отделена пробелом."
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:58
-msgid "Based on original documentation by"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:37
+msgid ""
+"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
+"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
+"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
+"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
+"is available from the username the LDAP server will be determined through "
+"the command line options."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:49
 msgid ""
-"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
-"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
-"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
-"details."
+"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
+"T> option which provides the LDAP group name the user has to belong too. For "
+"Active Directory a recursive group lookup is implemented until a max depth "
+"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
+"groups is assumed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/NCSA/basic_ncsa_auth.8:72
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:62
 msgid ""
-"You should have received a copy of the GNU General Public License along with "
-"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
-"Place, Suite 330, Boston, MA 02111-1307 USA"
+"Different group names can be specified for different domains using a "
+"group@domain syntax.  As expected by the B<external_acl_type> construct of "
+"Squid, after specifying a username and group followed by a new line, this "
+"helper will produce either B<OK> or B<ERR> on the following line to show if "
+"the user is a member of the specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:7
-msgid "Squid PAM Basic authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:70
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:24
+#, fuzzy
+#| msgid "Write debug info to stderr."
+msgid "Write debug messages to stderr."
 msgstr ""
+"Записывать отладочную информацию в стандартный файл вывода сообщений об "
+"ошибках (stderr)."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:11
-msgid "service name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:73
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:27
+#, fuzzy
+#| msgid "Write debug info to stderr."
+msgid "Write informational messages to stderr."
 msgstr ""
+"Записывать отладочную информацию в стандартный файл вывода сообщений об "
+"ошибках (stderr)."
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:13
-msgid "TTL"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:76
+msgid "Use SSL for the LDAP connection."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:20
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
 msgid ""
-"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
-"database to validate the user name and password of Basic HTTP authentication."
+"The CA certificate file can be set via the environment variable "
+"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:26
-msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
+msgid ""
+"The SSL certificate database can be set via the environment variable "
+"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:35
-msgid ""
-"Enables persistent PAM connections where the connection to the PAM database "
-"is kept open and reused for new logins. The TTL specifies how long the "
-"connection will be kept open (in seconds).  Default is to not keep PAM "
-"connections open. Please note that the use of persistent PAM connections is "
-"slightly outside the PAM specification and may not work with all PAM "
-"configurations."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:83
+msgid "Allow SSL without certificate verification."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:40
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:87
 msgid ""
-"Do not perform the PAM account management group (account expiration etc)"
+"Default Kerberos domain to use for usernames which do not contain domain "
+"information (e.g. for users using basic authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:46
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:92
 msgid ""
-"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
-"etc/pam.d/squid>"
+"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
+"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
+"authentication)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:54
-msgid ""
-"The default service name is B<squid> , and the program makes use of the "
-"B<auth> and B<account> management groups to verify the password and the "
-"accounts validity."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:95
+msgid "Maximal depth of recursive group search."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:58
-msgid ""
-"For details on how to configure PAM services, see the PAM documentation for "
-"your system. This manual does not cover PAM configuration details."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:98
+msgid "Username for LDAP server."
 msgstr ""
 
-#. type: SH
-#: helpers/basic_auth/PAM/basic_pam_auth.8:59
-#, no-wrap
-msgid "NOTES"
-msgstr "ПРИМЕЧАНИЯ"
+#. type: Plain text
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:101
+msgid "Password for LDAP server."
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:66
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:106
 msgid ""
-"When used for authenticating to local UNIX shadow password databases the "
-"program must be running as root or else it won't have sufficient permissions "
-"to access the user password database. Such use of this program is not "
-"recommended, but if you absolutely need to then make the program setuid root"
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use an account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file or extracts the password "
+"used from a process listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:82
-#: helpers/external_acl/session/ext_session_acl.8:99
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:218
-msgid "This program and documentation was written by"
-msgstr ""
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:110
+#, fuzzy
+#| msgid "LDAP server name"
+msgid "LDAP server bind path."
+msgstr "Адрес сервера LDAP"
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:88
-msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:113
+msgid "LDAP server URL in form ldap[s]://server:port"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/PAM/basic_pam_auth.8:119
-msgid "PAM Systems Administrator Guide"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:117
+msgid ""
+"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
+"lserver@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:7
-msgid "Squid RADIUS authentication helper"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:121
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm]"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:12
-msgid "config file"
-msgstr "конфигурационный файл"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:126
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:16
-msgid "server name"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:131
+msgid ""
+"A list of group name per Kerberos domain of the form Group|Group@|"
+"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
+"format"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:20
-msgid "identifier"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:138
+msgid ""
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:22
-msgid "secret"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:153
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:62
+msgid "B<NOTE:> The following squid startup file modification may be required:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:24
-#: helpers/external_acl/session/ext_session_acl.8:14
-#: tools/squidclient/squidclient.1:33
-msgid "timeout"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:157
+msgid ""
+"Add the following lines to the squid startup script to point squid to a "
+"keytab file which contains the HTTP/fqdn service principal for the default "
+"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
+"can not use an IP address."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:30
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:168
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:74
 msgid ""
-"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
-"the user name and password of Basic HTTP authentication."
+"If you use a different Kerberos domain than the machine itself is in you can "
+"point squid to the separate Kerberos config file by setting the following "
+"environment variable in the startup script."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:36
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:178
 msgid ""
-"Specifies the path to a configuration file. See the CONFIGURATION section "
-"for details on the file content."
+"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
+"server. The following method is used:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:40
-msgid "Alternative method of specifying the server to connect to"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:183
+#, no-wrap
+msgid ""
+"1) For user@REALM\n"
+"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
+"   b) Query DNS for A record REALM\n"
+"   c) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:45
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:187
+#, no-wrap
 msgid ""
-"Specify another server port where the RADIUS server listens for requests if "
-"different from the default RADIUS port.  Normally not specified."
+"2) For user\n"
+"   a) Use domain -D REALM and follow step 1)\n"
+"   b) Use LDAP_URL if given\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:50
-msgid ""
-"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
-"specified the IP address is used to identify the proxy."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
+msgid "The Groups to check against are determined as follows:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:56
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:194
+#, no-wrap
 msgid ""
-"Alternative method of specifying the shared secret. Using the B<-f> option "
-"with a configuration file is generally more secure and recommended."
+"1) For user@REALM\n"
+"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
+"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:60
-msgid "RADIUS request timeout. Default is 10 seconds."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:197
+#, no-wrap
+msgid ""
+"2) For user\n"
+"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:67
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:200
+#, no-wrap
 msgid ""
-"The configuration specifies how the helper connects to RADIUS.  The file "
-"contains a list of directives (one per line). Lines beginning with a B<#> "
-"are ignored."
+"3) For NDOMAIN\\euser\n"
+"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:71
-msgid "specifies the name or address of the RADIUS server to connect to."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
+msgid ""
+"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
+"where GROUP is the hex UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:75
-msgid "specifies the shared RADIUS secret."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#, no-wrap
+msgid "   -t 6d61726b7573 instead of -g markus\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:80
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
 msgid ""
-"specifies what name the proxy should use to identify itself to the RADIUS "
-"server.  This directive is optional."
+"The REALM must still be based on the ASCII character set. If REALM contains "
+"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
+"UTF-8 representation e.g."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:84
-msgid ""
-"Specifies the port number or service name where the helper should connect."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#, no-wrap
+msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:88
-msgid "Specifies the RADIUS request timeout."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
+msgid ""
+"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
+"unicode-utf8-table.pl"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:95
-msgid "With contributions from many others."
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:216
+msgid ""
+"The ldap server list can be: server - In this case server can be used for "
+"all Kerberos domains server@ - In this case server can be used for all "
+"Kerberos domains server@domain - In this case server can be used for "
+"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
+"server3@:server4 - A list is build with a colon as separator"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:111
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:232
+#, no-wrap
 msgid ""
-"Or contact your favorite RADIUS list/friend if the question is more related "
-"to RADIUS than Squid."
+" * Copyright (C) 1996-2015 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/RADIUS/basic_radius_auth.8:130
-msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:260
+msgid "B<RFC1035> - Domain names - implementation and specification,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:7
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
 msgid ""
-"Basic Authentication using SASL (specifically the cyrus-sasl authentication "
-"method)"
+"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:9
-#: helpers/digest_auth/file/digest_file_auth.8:9
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:9
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:9
-msgid "Version 1.0"
-msgstr "Версия 1.0"
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:264
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:285
+#: src/auth/basic/LDAP/basic_ldap_auth.8:347
+msgid "B<RFC2254> - The String Representation of LDAP Search Filters,"
+msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:18
+#: src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:267
 msgid ""
-"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
-"configurable (somewhat like PAM).  Each service authenticating against SASL "
-"identifies itself with an application name.  Each application can be "
-"configured independently by the SASL administrator."
+"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
+"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:24
-msgid ""
-"To configure the authentication method used the file B<basic_sasl_auth.conf> "
-"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:5
+msgid "ext_ldap_group_acl - Squid LDAP external acl group helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:31
-msgid ""
-"The authentication database is defined by the B<pwcheck_method> parameter.  "
-"Only the B<PLAIN> authentication mechanism is used."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:7
+#, fuzzy
+#| msgid "Version 2.17"
+msgid "Version 2.18"
+msgstr "Версия 2.17"
+
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:12
+msgid "base-DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:33
-msgid "Examples:"
-msgstr "Например:"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:14
+#: src/auth/basic/LDAP/basic_ldap_auth.8:29
+msgid "options"
+msgstr "опции"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:36
-msgid "use sasldb - the default if no conf file is installed."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:18
+msgid "server"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:38
-#, no-wrap
-msgid " - use PAM authentication database\n"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:22
+#: src/auth/basic/LDAP/basic_ldap_auth.8:20
+#: src/auth/basic/LDAP/basic_ldap_auth.8:35
+msgid "URI"
+msgstr "URL"
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:41
-#, no-wrap
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:31
+#, fuzzy
+#| msgid ""
+#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
+#| "validate the user name and password of Basic HTTP authentication.  LDAP "
+#| "options are specified as parameters on the command line, while the "
+#| "username(s) and password(s) to be checked against the LDAP directory are "
+#| "specified on subsequent lines of input to the helper, one username/"
+#| "password pair per line separated by a space."
 msgid ""
-" - use traditional \n"
-"B</etc/passwd>\n"
+"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
+"authorize users via LDAP groups.  LDAP options are specified as parameters "
+"on the command line, while the username(s) and group(s) to be checked "
+"against the LDAP directory are specified on subsequent lines of input to the "
+"helper, one username/group pair per line separated by a space."
 msgstr ""
+"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
+"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
+"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
+"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
+"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
+"каждой строке, отделена пробелом."
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:43
-#, no-wrap
-msgid " - use slightly less traditional /etc/shadow\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:42
+msgid ""
+"As expected by the B<external_acl_type> construct of Squid, after specifying "
+"a username and group followed by a new line, this helper will produce either "
+"B<OK> or B<ERR> on the following line to show if the user is a member of the "
+"specified group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:46
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:46
 msgid ""
-"Others methods may be supported by your cyrus-sasl implementation - consult "
-"your cyrus-sasl documentation for information."
+"The program operates by searching with a search filter based on the users "
+"user name and requested group, and if a match is found it is determined that "
+"the user belongs to the group."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:59
-msgid ""
-"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
-"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
-"and an appropriate user/group on the executable to allow the authenticator "
-"to access the appropriate password database. If the access to the database "
-"is not permitted then the authenticator will typically fail with \"-1, "
-"generic error\"."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:51
+msgid "When to dereference aliases. Defaults to 'never'"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SASL/basic_sasl_auth.8:74
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:60
 msgid ""
-"If the application name B<basic_sasl_auth> will also be used for the PAM "
-"service name if B<pwcheck_method:pam> is chosen. And example PAM "
-"configuration file B<basic_sasl_auth.pam> is also included."
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:7
-#, fuzzy
-#| msgid "Allows authentication through nsswitch.conf"
-msgid "Basic authentication protocol"
-msgstr "Позволяет идентифицировать с помощью nsswitch.conf"
-
-#. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:9
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:9
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:9
-msgid "Version 2.0"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:14
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:16
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:15
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:17
-msgid "Group Name"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:69
+msgid "Specifies the base DN under which the users are located (if different)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:18
-msgid "Default Domain"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:74
+msgid ""
+"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
+"API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:80
 msgid ""
-"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
-"server running on Windows NT to authenticate users on an NT domain in native "
-"WIN32 mode."
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the result is not what was expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:33
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:85
 msgid ""
-"Usage is simple. It accepts a username and password on standard input and "
-"will return B<OK> if the username/password is valid for the domain/machine, "
-"or B<ERR> if there was some problem. It is possible to authenticate against "
-"NT trusted domains specifying the username in the domain\\eusername "
-"Microsoft notation."
+"The DN and password to bind as while performing searches. Required if the "
+"LDAP directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:38
-msgid "A Windows Local Group name allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:91
+msgid ""
+"As the password needs to be printed in plain text in your Squid "
+"configuration and will be sent on the command line to the helper it is "
+"strongly recommended to use a account with minimal associated privileges.  "
+"This to limit the damage in case someone could get hold of a copy of your "
+"Squid configuration file or extracts the password used from a process "
+"listing."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:42
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:59
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:63
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:27
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:35
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:33
-msgid "Write debug info to stderr."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:96
+#: src/auth/basic/LDAP/basic_ldap_auth.8:150
+msgid ""
+"The DN and the name of a file containing the password to bind as while "
+"performing searches."
 msgstr ""
-"Записывать отладочную информацию в стандартный файл вывода сообщений об "
-"ошибках (stderr)."
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:46
-msgid "A Windows Local Group name not allowed to authenticate."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:101
+#: src/auth/basic/LDAP/basic_ldap_auth.8:155
+msgid ""
+"Less insecure version of the former parameter pair with two advantages: The "
+"password does not occur in the process listing, and the password is not "
+"being compromised if someone gets the squid configuration file without "
+"getting the secretfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:50
-msgid "The default Domain against to authenticate."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:105
+#: src/auth/basic/LDAP/basic_ldap_auth.8:224
+msgid "Enable LDAP over SSL (requires Netscape LDAP API libraries)"
+msgstr "Включить LDAP через SSL (требуются Netscape LDAP API библиотеки)"
 
-#. logon from the network\"" 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:57
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:121
 msgid ""
-"Users that are allowed to access the web proxy must have the Windows NT User "
-"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
-"in the Authenticator's command line."
+"LDAP search filter used to search the LDAP directory for any matching group "
+"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
+"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
+"name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:60
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:133
 msgid ""
-"This can be accomplished creating a local user group on the NT machine, "
-"grant the privilege, and adding users to it."
+"LDAP search filter used to search the LDAP directory for any matching "
+"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
+"be included literally in the filter then use B<%%>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:65
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:139
 msgid ""
-"You will need to set the following line in B<squid.conf> to enable the "
-"authenticator:"
+"Specifies that the first query argument sent to the helper by Squid is a "
+"extension to the basedn and will be temporarily added in front of the global "
+"basedn for this query."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:73
-msgid ""
-"You will need to set the following lines in B<squid.conf> to enable "
-"authentication for your access list:"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:143
+msgid "Specify the LDAP server to connect to"
+msgstr "Укажите сервер LDAP для подключения к"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:85
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:147
+#, fuzzy
+#| msgid "Specify the LDAP server to connect to"
 msgid ""
-"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
-"B<auth_param basic program> directive."
-msgstr ""
-
-#. type: SH
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:86
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:172
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:116
-#, no-wrap
-msgid "TESTING"
-msgstr "ТЕСТИРОВАНИЕ"
+"Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
+"libraries)"
+msgstr "Укажите сервер LDAP для подключения к"
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:100
-#, no-wrap
-msgid ""
-"I strongly urge that \n"
-"B<basic_sspi_auth.exe>\n"
-"is tested prior to being used in a \n"
-"production environment. It may behave differently on different platforms.\n"
-"To test it, run it from the command line. Enter username and password\n"
-"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
-"Make sure pressing \n"
-"B<CTRL-D>\n"
-" behaves the same as a carriage return.\n"
-"Make sure pressing \n"
-"B<CTRL-C>\n"
-" aborts the program.\n"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:151
+msgid "Strip Kerberos Realm component from user names (@ separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:106
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:205
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:220
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:148
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:156
 msgid ""
-"Test that entering no details does not result in an B<OK> or B<ERR> message."
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:110
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:164
 msgid ""
-"Test that entering an invalid username and password results in an B<ERR> "
-"message."
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while verifying a users group membership to preserve resources at the LDAP "
+"server. This option causes the LDAP connection to be kept open, allowing it "
+"to be reused for further user validations. Recommended for larger "
+"installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:115
-msgid ""
-"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
-"may be returned instead of B<ERR>"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:168
+#: src/auth/basic/LDAP/basic_ldap_auth.8:180
+msgid "Do not follow referrals"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:119
-msgid ""
-"Test that entering a valid username and password results in an B<OK> message."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:186
+#: src/acl/external/unix_group/ext_unix_group_acl.8:33
+msgid "Strip NT domain name component from user names (/ or \\e separated)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:122
-msgid ""
-"Test that entering a guest username and password returns the correct "
-"response for the site's access policy."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:190
+#: src/auth/basic/LDAP/basic_ldap_auth.8:235
+msgid "Specify time limit on LDAP search operations"
 msgstr ""
 
 #. type: Plain text
-#: helpers/basic_auth/SSPI/basic_sspi_auth.8:128
-#: helpers/digest_auth/file/digest_file_auth.8:64
-msgid "Based on prior work by"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:198
+msgid ""
+"LDAP attribute used to construct the user DN from the user name and base dn "
+"without needing to search for the user.  A maximum of 16 occurrences of B<"
+"%s> are supported."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:7
-msgid "File based digest authentication helper for Squid."
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:216
+#, fuzzy
+#| msgid "LDAP protocol version. Defaults to 3 if not specified."
+msgid "LDAP protocol version. Defaults to B<3> if not specified."
+msgstr "Версия протокола LDAP. По умолчанию 3, если не указано."
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:14
-#: tools/squidclient/squidclient.1:29
-msgid "file"
-msgstr ""
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:220
+msgid "Use TLS encryption"
+msgstr "Используйте TLS шифрование"
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:19
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:214
 msgid ""
-"B<digest_file_auth> is an installed binary authentication program for Squid. "
-"It handles digest authentication protocol and authenticates against a text "
-"file backend."
+"This helper is intended to be used as an B<external_acl_type> helper in "
+"B<squid.conf .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:24
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:229
 msgid ""
-"Accept digest hashed passwords rather than plaintext in the password file"
+"B<NOTE:> When constructing search filters it is recommended to first test "
+"the filter using B<ldapsearch> to verify that the filter matches what you "
+"expect before you attempt to use B<ext_ldap_group_acl>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:28
-msgid "Username database file format:"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:28
-#, no-wrap
-msgid "- comment lines are possible and should start with a '#';"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:31
-#, no-wrap
-msgid "- empty or blank lines are possible;"
-msgstr ""
-
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:34
-#, no-wrap
-msgid "- plaintext entry format is username:password"
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:238
+msgid "Based on prior work in B<squid_ldap_auth> by"
 msgstr ""
 
-#. type: TP
-#: helpers/digest_auth/file/digest_file_auth.8:37
-#, no-wrap
-msgid "- HA1 entry format is username:realm:HA1"
+#. type: Plain text
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:262
+msgid ""
+"Or contact your favorite LDAP list/friend if the question is more related to "
+"LDAP than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:50
-msgid ""
-"To build a directory integrated backend, you need to be able to calculate "
-"the HA1 returned to squid. To avoid storing a plaintext password you can "
-"calculate B<MD5(username:realm:password)> when the user changes their "
-"password, and store the tuple B<username:realm:HA1.> then find the matching "
-"B<username:realm> when squid asks for the HA1."
+#: src/acl/external/LDAP_group/ext_ldap_group_acl.8:283
+msgid "Your favorite LDAP documentation"
 msgstr ""
 
 #. type: Plain text
-#: helpers/digest_auth/file/digest_file_auth.8:58
+#: src/acl/external/LM_group/ext_lm_group_acl.8:5
 msgid ""
-"This implementation could be improved by using such a triple for the file "
-"format.  However storing such a triple does little to improve security: If "
-"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
-"\" - for the purposes of digest authentication they allow the user access. "
-"Password syncronisation is not tackled by digest - just preventing on the "
-"wire compromise."
+"ext_lm_group_acl - Squid external ACL helper to check Windows users group "
+"membership."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:7
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:7
-msgid "Squid external ACL helper to check Windows users group membership."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:7
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:7
+msgid "Version 1.22"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:14
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:14
-msgid "domain"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:17
+msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:19
+#: src/acl/external/LM_group/ext_lm_group_acl.8:20
 msgid ""
-"B<ext_ad_group_acl.exe> is an installed binary in Squid for Windows builds."
+"This helper must be used in with an authentication scheme (typically Basic "
+"or NTLM) based on Windows NT/2000 domain users (LM mode)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:22
-msgid ""
-"This helper must be used in with an authentication scheme (typically Basic, "
-"NTLM or Negotiate) based on Windows Active Directory domain users."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:29
+msgid "Use case insensitive compare."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:26
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:26
-msgid ""
-"It reads from the standard input the domain username and a list of groups "
-"and tries to match each against the groups membership of the specified "
-"username."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:37
+msgid "Specify the default user's domain."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:28
-msgid "Two running mode are available:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:41
+msgid "Start helper in Domain Global Group mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:32
-msgid ""
-"B<- Local mode:> membership is checked against machine's local groups, "
-"cannot be used when running on a Domain Controller."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:49
+msgid "Use ONLY PDCs for group validation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:37
+#: src/acl/external/LM_group/ext_lm_group_acl.8:75
 msgid ""
-"B<- Active Directory Global mode:> membership is checked against the whole "
-"Active Directory Forest of the machine where Squid is running."
+"In the previous example all validated NT users member of GProxyUsers Global "
+"domain group or member of LProxyUsers machine local group are allowed to use "
+"the cache."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:41
+#: src/acl/external/LM_group/ext_lm_group_acl.8:83
 msgid ""
-"The minimal Windows version needed to run B<ext_ad_group_acl.exe> is a "
-"Windows 2000 SP4 member of an Active Directory Domain."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:50
-msgid ""
-"When running in Active Directory Global mode, all types of Active Directory "
-"security groups are supported: B<Domain Global> , B<Domain Local> from "
-"user's domain, B<Universal> and Active Directory group nesting is fully "
-"supported."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:55
-msgid "Use case insensitive compare (local mode only)."
+"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
+"the acl data ( B<Domain Users> ) must be placed into a separate file "
+"included by specifying B</path/to/file>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:64
-msgid "Specify the default user's B<domain>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:85
+msgid "The previous example will be:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:68
-msgid "Start helper in Active Directory Global mode."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:92
+msgid "The B<DomainUsers.txt> file will contain only the following line:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:72
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:82
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:37
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:69
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:47
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:23
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:41
-msgid "Display the binary help and command line syntax info using stderr."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:94
+msgid "B<Domain Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:77
+#: src/acl/external/LM_group/ext_lm_group_acl.8:103
 msgid ""
-"When running in Active Directory Global mode, the AD Group can be specified "
-"using the following syntax:"
+"B<NOTE:> The standard group name comparison is case sensitive, so group name "
+"must be specified with same case as in the NT/2000 Domain.  It's possible to "
+"enable case insensitive group name comparison ( B<-c> ), but on some not-"
+"english locales, the results can be unexpected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:80
-msgid "B<1. Plain NT4 Group Name>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:111
+msgid ""
+"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
+"and B<-D> switches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:83
-msgid "B<2. Full NT4 Group Name>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:113
+msgid "Refer to Squid documentation for the more details on squid.conf."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:86
-msgid "B<3. Active Directory Canonical name>"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:119
+msgid ""
+"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
+"in a production environment. It may behave differently on different "
+"platforms."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:89
-#, fuzzy
-#| msgid "Examples:"
-msgid "As Exampled:"
-msgstr "Например:"
+#: src/acl/external/LM_group/ext_lm_group_acl.8:159
+msgid "with contributions by"
+msgstr "внесут свой вклад"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:99
-msgid ""
-"When using Plain NT4 Group Name, the Group is searched in the user's domain."
+#: src/acl/external/LM_group/ext_lm_group_acl.8:164
+msgid "Based in part on prior work in B<check_group> by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:126
-msgid ""
-"In the previous example all validated AD users member of I<MYDOMAIN"
-"\\GProxyUsers> domain group or member of I<LProxyUsers> machine local group "
-"are allowed to use the cache."
+#: src/acl/external/session/ext_session_acl.8:5
+msgid "ext_session_acl - Squid session tracking external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:135
-msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file .> The previous example will be:"
-msgstr ""
+#: src/acl/external/session/ext_session_acl.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.2"
+msgstr "Версия 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:139
-msgid "and the DomainUsers files will contain only the following line:"
+#: src/acl/external/session/ext_session_acl.8:12
+#: src/auth/basic/RADIUS/basic_radius_auth.8:22
+#: tools/squidclient/squidclient.1:32
+msgid "timeout"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:141
-msgid "Domain Users"
+#: src/acl/external/session/ext_session_acl.8:14
+msgid "database"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:148
+#: src/acl/external/session/ext_session_acl.8:31
 msgid ""
-"B<NOTE 1:> When running in Active Directory Global mode, for better "
-"performance, all Domain Controllers of the Active Directory forest should be "
-"configured as Global Catalog."
+"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
+"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
+"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
+"terms and conditions to a user; the latter is suitable for the display of "
+"advertisements or other notices (both as a splash page - see config examples "
+"in the wiki online). The session helper can also be used to force users to "
+"re-authenticate if the B<%LOGIN> and B<-a> are both used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:154
+#: src/acl/external/session/ext_session_acl.8:36
 msgid ""
-"B<NOTE 2:> When running in local mode, the standard group name comparison is "
-"case sensitive, so group name must be specified with same case as in the "
-"local SAM database."
+"Idle timeout for any session. The default if not specified (set to 3600 "
+"seconds)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:159
+#: src/acl/external/session/ext_session_acl.8:49
 msgid ""
-"It is possible to enable case insensitive group name comparison ( B<-c> ), "
-"but on some non-English locales, the results can be unexpected."
+"Fixed timeout for any session. This will end the session after the timeout "
+"regardless of a user's activity. If used with B<active> mode, this will "
+"terminate the user's session after B<timeout> , after which another B<LOGIN> "
+"will be required.  B<LOGOUT> will reset the session and timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:167
+#: src/acl/external/session/ext_session_acl.8:62
 msgid ""
-"B<NOTE 3:> Native WIN32 NTLM and Basic helpers must be used without the B<-"
-"A> and B<-D> switches."
+"B<Path> to persistent database. If a file is specified then that single file "
+"is used as the database. If a path is specified, a Berkeley DB database "
+"environment is created within the directory. The advantage of the latter is "
+"better database support between multiple instances of the session helper. "
+"Using multiple instances of the session helper with a single database file "
+"will cause synchronization problems between processes.  If this option is "
+"not specified the session details will be kept in memory only and all "
+"sessions will reset each time Squid restarts its helpers (Squid restart or "
+"rotation of logs)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:171
-msgid "Refer to Squid documentation for more details on B<squid.conf>"
+#: src/acl/external/session/ext_session_acl.8:72
+msgid ""
+"Active mode. In this mode sessions are started by evaluating an acl with the "
+"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
+"flag the helper automatically starts the session after the first request."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:178
+#: src/acl/external/session/ext_session_acl.8:79
 msgid ""
-"I strongly recommend that B<ext_ad_group_acl.exe> is tested prior to being "
-"used in a production environment. It may behave differently on different "
-"platforms."
+"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
+"concurrency= option B<must> be specified in the configuration."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:190
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:133
-msgid ""
-"To test it, run it from the command line. Enter username and group pairs "
-"separated by a space (username must entered with URL-encoded I<domain"
-"%5Cusername> syntax). Press B<ENTER> to get an B<OK> or B<ERR> message."
+#: src/acl/external/session/ext_session_acl.8:81
+msgid "Passive session configuration example using the default automatic mode"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:194
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:209
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:137
-msgid "Make sure pressing B<CTRL+D> behaves the same as a carriage return."
+#: src/acl/external/session/ext_session_acl.8:94
+msgid ""
+"Then set up B<http://your.server.example.com/bannerpage> to display a "
+"session startup page and then redirect the user back to the requested URL "
+"given in the url query parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:198
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:213
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:141
-msgid "Make sure pressing B<CTRL+C> aborts the program."
+#: src/acl/external/session/ext_session_acl.8:97
+#: src/acl/external/time_quota/ext_time_quota_acl.8:216
+#: src/auth/basic/PAM/basic_pam_auth.8:80
+msgid "This program and documentation was written by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:224
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:152
-msgid ""
-"Test that entering an invalid username and group results in an B<ERR> "
-"message."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:5
+msgid "ext_time_quota_acl - Squid time quota external acl helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:228
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:156
+#: src/acl/external/time_quota/ext_time_quota_acl.8:16
 msgid ""
-"Test that entering an valid username and group results in an B<OK> message."
+"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
+"users of squid to limit the time using squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/AD_group/ext_ad_group_acl.8:235
-msgid "Based on prior work in B<mswin_check_lm_group (ext_lm_group_acl)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:21
+msgid ""
+"This is useful for corporate lunch time allocations, wifi portal pay-per-"
+"minute installations or for parental control of children. The administrator "
+"can define a time budget (e.g. 1 hour per day) which is enforced through "
+"this helper."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:7
-msgid "Squid eDirectory IP Lookup Helper"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:29
+msgid ""
+"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
+"Squids state directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:17
-msgid "host"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:36
+msgid ""
+"B<Pauselen> is given in seconds and defines the period between two requests "
+"to be treated as part of the same session.  Pauses shorter than this value "
+"will be counted against the quota, longer ones ignored.  Default is 300 "
+"seconds (5 minutes)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:21
-#, fuzzy
-#| msgid "LDAP server name"
-msgid "LDAP version"
-msgstr "Адрес сервера LDAP"
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:23
-msgid "basedn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:42
+msgid ""
+"B<Filename> where all logging and debugging information will be written. If "
+"none is given, then stderr will be used and the logging will go to Squids "
+"main cache.log."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:25
-msgid "scope"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:46
+msgid "Enables debug logging in the logfile."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:27
-msgid "binddn"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:50
+msgid "show a short command line help."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:29
-msgid "bindpass"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:54
+msgid "This file contains the definition of the time budgets for the users."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:31
-msgid "filter"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:63
+msgid ""
+"The time quotas of the users are defined in a text file typically residing "
+"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
+"and is ignored. Every line must start with a user followed by a time budget "
+"and a corresponding time period separated by \"/\". Here is an example file:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:36
-msgid "B<ext_edirectory_userip_acl> is an installed binary."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:66
+msgid "# user budget / period"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:40
+#: src/acl/external/time_quota/ext_time_quota_acl.8:77
 msgid ""
-"This program has been written in order to solve the problems associated with "
-"running the Perl B<squid_ip_lookup.pl> as a squid external helper."
+"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
+"hour and the poor babymary only 30 minutes a week."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:43
+#: src/acl/external/time_quota/ext_time_quota_acl.8:81
 msgid ""
-"The limitations of the Perl script involved memory/cpu utilization, speed, "
-"the lack of eDirectory 8.8 support, and IPv6 support."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:48
-msgid "Force Addresses to be in IPv4 (0.0.0.0 format)."
+"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
+"days and \"w\" for weeks. Numerical values can be given as integer values or "
+"with a fraction. E.g. \"0.5h\" means 30 minutes."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:52
-msgid "Force Addresses to be in IPv6 (:: format)."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:87
+msgid ""
+"This helper is configured in B<squid.conf> using the B<external_acl_type> "
+"directive then access controls which use it to allow or deny."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:59
-msgid "Specify B<base> DN. For example; B<o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:90
+msgid "Here is an example."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:68
-msgid "Specify binding DN. For example; B<cn=squid,o=ORG>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:93
+msgid "# Ensure that users have a valid login. We need their username."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:73
-msgid "Specify LDAP search filter. For example; B<(objectClass=User)>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:100
+msgid "# Define program and quota file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:78
+#: src/acl/external/time_quota/ext_time_quota_acl.8:116
 msgid ""
-"Specify if LDAP search group is required. For example; B<groupMembership=>"
+"In this example, after restarting Squid it should allow access only for "
+"users as long as they have time budget left.  If the budget is exceeded the "
+"user will be presented with an error page informing them."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:86
-msgid "Specify hostname or IP of server"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:122
+msgid ""
+"In this example we use separate B<users> access control and B<noquota> ACL "
+"in order to keep the username and password prompt and the quota-exceeded "
+"messages separated."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:90
-msgid "Port number."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:142
+msgid ""
+"User is just a unique key value. The above example uses %LOGIN and the "
+"username but any of the B<external_acl_type> format tags can be substituted "
+"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
+"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
+"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
+"org/ConfigExamples."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:94
-msgid "Use persistent connections."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:143
+#, no-wrap
+msgid "LIMITATIONS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:102
+#: src/acl/external/time_quota/ext_time_quota_acl.8:148
 msgid ""
-"Timeout factor for persistent connections. Set to B<0> for never timeout. "
-"Default is B<60> seconds."
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:107
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:175
-msgid "search scope. Defaults to B<sub>"
+"This helper only controls access to the Internet through HTTP. It does not "
+"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:123
-msgid "Set userid B<attribute .> Default is B<cn>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:156
+msgid ""
+"Desktop browsers are typically able to deal with authentication to HTTP "
+"proxies like B<squid .> But more and more different programs and devices "
+"(smartphones, games on mobile devices, ...) are using the Internet over "
+"HTTP. These devices are often not able to work through an authenticating "
+"proxy.  Means other than %LOGIN authentication are required to authorize "
+"these devices and software."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:128
-msgid "Set LDAP B<version>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:161
+msgid ""
+"A more general control to Internet access could be a captive portal approach "
+"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
+"or maybe a 802.11X solution. But the latter is often not supported by mobile "
+"devices."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:132
-msgid "Display version information and exit."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:162
+#, no-wrap
+msgid "IMPLEMENTATION"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:137
-msgid "Specify binding B<password>"
+#: src/acl/external/time_quota/ext_time_quota_acl.8:170
+msgid ""
+"When the helper is called it will be asked if the current user is allowed to "
+"access squid. The helper will reduce the remaining time budget of this user "
+"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:141
-msgid "Enable TLS security."
+#: src/acl/external/time_quota/ext_time_quota_acl.8:183
+msgid ""
+"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
+"be called, the example config uses a 1 minute TTL.  The interaction is that "
+"Squid will only call the helper on new requests B<if> there has been more "
+"than TTL seconds passed since last check.  This handling creates an amount "
+"of slippage outside the quota by whatever amount is configured.  TTL can be "
+"set as short as desired, down to and including zero.  Though values of 1 or "
+"more are recommended due to a quota resolution of one second."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:162
+#: src/acl/external/time_quota/ext_time_quota_acl.8:188
 msgid ""
-"In this example, the B<Internet_Allowed> and B<Internet_Denied> are Groups "
-"that users may be used to control internet access, which can also be stacked "
-"against other ACL's.  Use of the groups is optional, unless the '-G' option "
-"has been passed.  Please note that you need to specify the full LDAP object "
-"for this, as shown above."
+"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
+"budget will be restored to the configured value thus allowing the user to "
+"access squid with a fresh budget."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:168
+#: src/acl/external/time_quota/ext_time_quota_acl.8:200
 msgid ""
-"IPv6 support has yet to be tested in a real IPv6 environment, but the code "
-"is in place to read IPv6 networkAddress fields, please attempt this in a "
-"TESTING environment first.  Please contact the author regarding IPv6 support "
-"development."
+"If the time between the current request and the previous request is greater "
+"than B<pauselen> (default 5 minutes and adjustable with command line "
+"parameter B<-p> ), the current request will be considered as a new request "
+"and the time budget will not be decreased. If the time is less than "
+"B<pauselen> , then both requests will be considered as part of the same "
+"active time period and the time budget will be decreased by the time "
+"difference. This allows the user to take arbitrary breaks during Internet "
+"access without losing their time budget."
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:173
-msgid ""
-"There is a known issue regarding Novell's Client for Windows, that is mostly "
-"fixed by using version 4.91 SP3+, with the 'Auto-Reconnect' feature not re-"
-"populating the networkAddress field in eDirectory."
+#. type: SH
+#: src/acl/external/time_quota/ext_time_quota_acl.8:201
+#, no-wrap
+msgid "FURTHER IDEAS"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:179
+#: src/acl/external/time_quota/ext_time_quota_acl.8:204
 msgid ""
-"I have also experienced an issue related to using NetWare 6.5 (SP6 and "
-"lower?) and connection licensing.  It appears that whenever a server runs "
-"low on connection licenses, that it I sometimes does not populate the "
-"networkAddress fields correctly."
+"The following ideas could further improve this helper. Maybe someone wants "
+"to help? Any support or feedback is welcome!"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:186
+#: src/acl/external/time_quota/ext_time_quota_acl.8:209
 msgid ""
-"Majority of Proxy Authentication issues can be resolved by having the users' "
-"B<reboot> if their networkAddress is not correct, or using "
-"B<basic_ldap_auth> as a fallback.  Check ConsoleOne, etc to verify their "
-"networkAddress fields to troubleshoot."
+"There should be a way for a user to see their configured and remaining time "
+"budget. This could be realized by implementing a web page accessing the "
+"database of the helper showing the corresponding data. One of the problems "
+"to be solved is user authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8:213
+#: src/acl/external/time_quota/ext_time_quota_acl.8:212
 msgid ""
-"I B<STRONGLY RECOMMEND> using the latest version of the Novell Client in all "
-"situations B<before> seeking support! You may also need to make sure your "
-"servers have the latest service packs installed, and that your servers are "
-"properly synchronizing partitions."
+"We could always return \"OK\" and use the module simply as an Internet usage "
+"tracker showing who has stayed how long in the WWW."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:7
-msgid "Restrict users to certain IP addresses, using a text file backend."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:5
+msgid "ext_unix_group_acl - Squid UNIX Group ACL helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:14
-msgid "file name"
-msgstr "имя файла"
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:19
-msgid ""
-"B<ext_file_userip_acl> is an installed binary. An external helper for the "
-"Squid external acl scheme."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:9
+#: src/acl/external/unix_group/ext_unix_group_acl.8:11
+msgid "group"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:22
+#: src/acl/external/unix_group/ext_unix_group_acl.8:16
 msgid ""
-"It works by reading a pair composed by an IP address and an username on "
-"STDIN and matching it against a configuration file."
+"B<ext_unix_group_acl> allows Squid to base access controls on users "
+"memberships in UNIX groups."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:33
-msgid "Configuration B<file> to load."
+#: src/acl/external/unix_group/ext_unix_group_acl.8:24
+msgid "Specifies a group name to match."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:43
-msgid "The B<squid.conf> configuration for the external ACL should be:"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:29
+msgid "Also match the users primary group from B</etc/passwd>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:51
+#: src/acl/external/unix_group/ext_unix_group_acl.8:47
 msgid ""
-"If the helper program finds a matching username/ip in the configuration "
-"file, it returns B<OK> , otherwise it returns B<ERR .>"
+"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
+"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
+"I<group3>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:53
-msgid "The configuration file format is as follows:"
-msgstr "Формат конфигурационного файла выглядит следующим образом:"
-
-#. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:62
+#: src/acl/external/unix_group/ext_unix_group_acl.8:59
 msgid ""
-"Where B<ip_addr> is a dotted quad format IP address, the B<netmask> must be "
-"in dotted quad format too."
+"By default up to 11 groups can be matched in one acl (including commandline "
+"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:68
+#: src/acl/external/unix_group/ext_unix_group_acl.8:65
 msgid ""
-"When the second parameter is prefixed with an B<@> , the program will lookup "
-"the B</etc/group> file entry for the specified username."
+"Does not understand GID aliased groups sometimes used to work around groups "
+"size limitations. If you are using GID aliased groups then you must specify "
+"each alias by name."
 msgstr ""
 
-#. any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
 #. type: Plain text
-#: helpers/external_acl/file_userip/ext_file_userip_acl.8:74
-msgid "There are other two directives, B<ALL> and B<NONE> , which mean"
+#: src/acl/external/unix_group/ext_unix_group_acl.8:104
+msgid "Additionally bugs or bug-fixes can be reported to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper for Kerberos or NTLM credentials."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:5
+msgid "basic_getpwnam_auth - Local Users auth helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 1.3.0sq"
-msgstr "Версия 1.0"
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:26
-#, fuzzy
-#| msgid ""
-#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
-#| "validate the user name and password of Basic HTTP authentication.  LDAP "
-#| "options are specified as parameters on the command line, while the "
-#| "username(s) and password(s) to be checked against the LDAP directory are "
-#| "specified on subsequent lines of input to the helper, one username/"
-#| "password pair per line separated by a space."
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:13
 msgid ""
-"B<ext_kerberos_ldap_group_acl> is an installed binary and allows Squid to "
-"connect to a LDAP directory to authorize users via LDAP groups. Options are "
-"specified as parameters on the command line, while the username (e.g.  "
-"B<user> , B<user@REALM> , B<NDOMAIN\\user> ) to be checked against the LDAP "
-"directory are specified on subsequent lines of input to the helper, one "
-"username per line."
-msgstr ""
-"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
-"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
-"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
-"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
-"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
-"каждой строке, отделена пробелом."
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:39
-msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine the ldap server name from DNS "
-"SRV and/or A records or a local hosts file (e.g. for the Kerberos Realm "
-"B<SUSE.HOME> it will look for an SRV record B<_ldap._tcp.SUSE.HOME> and an A "
-"record B<SUSE.HOME> or a B<SUSE.HOME> hosts entry). If no domain information "
-"is available from the username the LDAP server will be determined through "
-"the command line options."
+"B<basic_getpwnam_auth> allows Squid to authenticate any local user accounts "
+"to validate the user name and password of Basic HTTP authentication."
 msgstr ""
+"<basic_getpwnam_auth> позволяет Squid авторизовать любых пользователей чьи "
+"имена и пароли подходят для Базовой HTTP авторизации."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:51
-msgid ""
-"B<ext_kerberos_ldap_group_acl> requires as a minimum the B<-g> , B<-t> or B<-"
-"T> option which provides the LDAP group name the user has to belong too. For "
-"Active Directory a recursive group lookup is implemented until a max depth "
-"specified by B<-m> depth. For other LDAP servers a RFC2307bis schema of "
-"groups is assumed."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:19
+msgid "It uses B<getpwnam()> and B<getspnam()> routines for authentication."
+msgstr "Используйте процедуры B<getpwnam()> и B<getspnam()> для идентификации."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:64
-msgid ""
-"Different group names can be specified for different domains using a "
-"group@domain syntax.  As expected by the B<external_acl_type> construct of "
-"Squid, after specifying a username and group followed by a new line, this "
-"helper will produce either B<OK> or B<ERR> on the following line to show if "
-"the user is a member of the specified group."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:21
+msgid "This has the following advantages over the NCSA module:"
+msgstr "Это имеет приимущество над модулем NCSA:"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:72
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:26
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:23
 #, fuzzy
-#| msgid "Write debug info to stderr."
-msgid "Write debug messages to stderr."
-msgstr ""
-"Записывать отладочную информацию в стандартный файл вывода сообщений об "
-"ошибках (stderr)."
+#| msgid "Allows authentication of all known local users"
+msgid "- Allows authentication of all known local users"
+msgstr "Позволяет идентифицировать всех известных локальных пользователей"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:75
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:29
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:26
 #, fuzzy
-#| msgid "Write debug info to stderr."
-msgid "Write informational messages to stderr."
-msgstr ""
-"Записывать отладочную информацию в стандартный файл вывода сообщений об "
-"ошибках (stderr)."
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:78
-msgid "Use SSL for the LDAP connection."
-msgstr ""
+#| msgid "Allows authentication through nsswitch.conf"
+msgid "- Allows authentication through nsswitch.conf"
+msgstr "Позволяет идентифицировать с помощью nsswitch.conf"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:80
-msgid ""
-"The CA certificate file can be set via the environment variable "
-"TLS_CACERTFILE (default /etc/ssl/certs/cert.pem) (OpenLDAP)."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:29
+#, fuzzy
+#| msgid "Can handle NIS(+) requests"
+msgid "- Can handle NIS(+) requests"
+msgstr "Может обрабатывать запросы NIS(+)"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:82
-msgid ""
-"The SSL certificate database can be set via the environment variable "
-"SSL_CERTDBPATH (default /etc/certs) (Sun and Mozilla LDAP SDK)."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:32
+#, fuzzy
+#| msgid "Can handle LDAP requests"
+msgid "- Can handle LDAP requests"
+msgstr "Может обрабатывать запросы LDAP"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:85
-msgid "Allow SSL without certificate verification."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:35
+#, fuzzy
+#| msgid "Can handle PAM requests"
+msgid "- Can handle PAM requests"
+msgstr "Может обрабатывать запросы PAM"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:89
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:50
 msgid ""
-"Default Kerberos domain to use for usernames which do not contain domain "
-"information (e.g. for users using basic authentication)."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program B<setuid> "
+"B<root>"
 msgstr ""
+"При использовании локальной базы UNIX паролей для аутентификации программа "
+"должна быть запущена с правами администратора, иначе она не будет обладать "
+"достаточными правами для доступа к базе данных паролей пользователей. Такое "
+"использование этой программы не рекомендуется, но если это вам абсолютно "
+"необходимо, то измените B<setuid> на B<root>"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:94
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:62
+#: src/auth/basic/PAM/basic_pam_auth.8:77
 msgid ""
-"A list of Netbios name mappings to Kerberos domain names of the form Netbios-"
-"Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users using NTLM "
-"authentication)."
+"Please note that in such configurations it is also strongly recommended that "
+"the program is moved into a directory where normal users cannot access it, "
+"as this mode of operation will allow any local user to brute-force other "
+"users passwords. Also note the program has not been fully audited and the "
+"author cannot be held responsible for any security issues due to such "
+"installations."
 msgstr ""
+"Пожалуйста, обратите внимание, что в такой конфигурации, настоятельно "
+"рекомендуется, что бы программа была перемещена в папку недоступную обычным "
+"пользователям, так как это режим работы позволит любому локальному "
+"пользователю перебрать пароли других пользователей. Также обратите внимание, "
+"программа не была полностью проверена и автор не может нести ответственность "
+"за любые проблемы безопасности из-за такой установки."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:97
-msgid "Maximal depth of recursive group search."
-msgstr ""
+#: src/auth/basic/getpwnam/basic_getpwnam_auth.8:70
+msgid "Based on original code by"
+msgstr "Основан на оригинальном коде"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:100
-msgid "Username for LDAP server."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:5
+msgid "basic_ldap_auth - LDAP authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:103
-msgid "Password for LDAP server."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:10
+#: src/auth/basic/LDAP/basic_ldap_auth.8:25
+msgid "base DN"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:108
-msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration it is strongly recommended to use an account with minimal "
-"associated privileges.  This to limit the damage in case someone could get "
-"hold of a copy of your Squid configuration file or extracts the password "
-"used from a process listing."
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:12
+msgid "attribute"
+msgstr "параметр"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:112
-#, fuzzy
-#| msgid "LDAP server name"
-msgid "LDAP server bind path."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:16
+#: src/auth/basic/LDAP/basic_ldap_auth.8:31
+msgid "LDAP server name"
 msgstr "Адрес сервера LDAP"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:115
-msgid "LDAP server URL in form ldap[s]://server:port"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:119
-msgid ""
-"list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|"
-"lserver@Realm]"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:123
-msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm]"
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:27
+msgid "LDAP search filter"
+msgstr "Фильтр поиска LDAP"
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:128
+#: src/auth/basic/LDAP/basic_ldap_auth.8:45
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group is in UTF-8 hex format"
+"B<basic_ldap_auth> allows Squid to connect to a LDAP directory to validate "
+"the user name and password of Basic HTTP authentication.  LDAP options are "
+"specified as parameters on the command line, while the username(s) and "
+"password(s) to be checked against the LDAP directory are specified on "
+"subsequent lines of input to the helper, one username/password pair per line "
+"separated by a space."
 msgstr ""
+"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
+"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
+"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
+"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
+"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
+"каждой строке, отделена пробелом."
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:133
+#: src/auth/basic/LDAP/basic_ldap_auth.8:54
 msgid ""
-"A list of group name per Kerberos domain of the form Group|Group@|"
-"Group@Realm[:Group@|Group@Realm] where group and domain is in UTF-8 hex "
-"format"
+"As expected by the basic authentication construct of Squid, after specifying "
+"a username and password followed by a new line, this helper will produce "
+"either B<OK> or B<ERR> on the following line to show if the specified "
+"credentials are correct according to the LDAP directory."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:140
+#: src/auth/basic/LDAP/basic_ldap_auth.8:59
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf.>"
+"The program has two major modes of operation. In the default mode of "
+"operation the users DN is constructed using the base DN and user attribute. "
+"In the other mode of operation a search filter is used to locate valid user "
+"DN's below the base DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:155
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:55
-msgid "B<NOTE:> The following squid startup file modification may be required:"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:65
+msgid "B<REQUIRED.> Specifies the base DN under which the users are located."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:159
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:59
+#: src/auth/basic/LDAP/basic_ldap_auth.8:73
 msgid ""
-"Add the following lines to the squid startup script to point squid to a "
-"keytab file which contains the HTTP/fqdn service principal for the default "
-"Kerberos domain. The fqdn must be the proxy name set in IE or firefox. You "
-"can not use an IP address."
+"LDAP search B<filter> to locate the user DN. Required if the users are in a "
+"hierarchy below the base DN, or if the login name is not what builds the "
+"user specific part of the users DN."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:170
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:66
+#: src/auth/basic/LDAP/basic_ldap_auth.8:80
 msgid ""
-"If you use a different Kerberos domain than the machine itself is in you can "
-"point squid to the seperate Kerberos config file by setting the following "
-"environmnet variable in the startup script."
+"The search filter can contain up to 15 occurrences of B<%s> which will be "
+"replaced by the username, as in B<\"uid\\=%s\"> for RFC2037 directories. For "
+"a detailed description of LDAP search filter syntax see RFC2254."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:180
+#: src/auth/basic/LDAP/basic_ldap_auth.8:88
 msgid ""
-"B<ext_kerberos_ldap_group_acl> will determine automagically the right ldap "
-"server. The following method is used:"
+"Will crash if other B<%> values than B<%s> are used, or if more than 15 B<"
+"%s> are used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:185
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:97
 msgid ""
-"1) For user@REALM\n"
-"   a) Query DNS for SRV record _ldap._tcp.REALM\n"
-"   b) Query DNS for A record REALM\n"
-"   c) Use LDAP_URL if given\n"
+"Specifies the name of the DN attribute that contains the username/login.  "
+"Combined with the base DN to construct the users DN when no search filter is "
+"specified ( B<-f> option). Defaults to B<uid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:189
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:106
 msgid ""
-"2) For user\n"
-"   a) Use domain -D REALM and follow step 1)\n"
-"   b) Use LDAP_URL if given\n"
-msgstr ""
-
-#. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:191
-msgid "The Groups to check against are determined as follows:"
+"B<Note:> This can only be done if all your users are located directly under "
+"the same position in the LDAP tree and the login name is used for naming "
+"each user object. If your LDAP tree does not match these criteria or if you "
+"want to filter who are valid users then you need to use a search filter to "
+"search for your users DN ( B<-f> option)."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:196
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:116
 msgid ""
-"1) For user@REALM\n"
-"   a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
-"   b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@\n"
-"   c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"Use I<ldap_compare> instead of I<ldap_simple_bind> to verify the users "
+"password.  B<passwordattr> is the LDAP attribute storing the users password."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:199
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:124
 msgid ""
-"2) For user\n"
-"   a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2\n"
+"Search scope when performing user DN searches specified by the B<-f> option. "
+"Defaults to B<sub>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:202
-#, no-wrap
+#: src/auth/basic/LDAP/basic_ldap_auth.8:140
 msgid ""
-"3) For NDOMAIN\\euser\n"
-"   a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM\n"
+"The DN and password to bind as while performing searches. Required by the B<-"
+"f> flag if the directory does not allow anonymous searches."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:204
+#: src/auth/basic/LDAP/basic_ldap_auth.8:145
 msgid ""
-"To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g "
-"where GROUP is the hex UTF-8 representation e.g."
+"As the password needs to be printed in plain text in your Squid "
+"configuration it is strongly recommended to use a account with minimal "
+"associated privileges.  This to limit the damage in case someone could get "
+"hold of a copy of your Squid configuration file."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:206
-#, no-wrap
-msgid "   -t 6d61726b7573 instead of -g markus\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:163
+msgid ""
+"Use a persistent LDAP connection. Normally the LDAP connection is only open "
+"while validating a username to preserve resources at the LDAP server. This "
+"option causes the LDAP connection to be kept open, allowing it to be reused "
+"for further user validations. Recommended for larger installations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:208
+#: src/auth/basic/LDAP/basic_ldap_auth.8:176
 msgid ""
-"The REALM must still be based on the ASCII character set. If REALM contains "
-"also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex "
-"UTF-8 representation e.g."
+"Only bind once per LDAP connection. Some LDAP servers do not allow re-"
+"binding as another user after a successful I<ldap_bind.> The use of this "
+"option always opens a new connection for each login attempt. If combined "
+"with the B<-P> option for persistent LDAP connection then the connection "
+"used for searching for the user DN is kept persistent but a new connection "
+"is opened to verify each users password once the DN is found."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:210
-#, no-wrap
-msgid "  -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME\n"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:185
+msgid "when to dereference aliases. Defaults to B<never>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:212
+#: src/auth/basic/LDAP/basic_ldap_auth.8:194
 msgid ""
-"For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/"
-"unicode-utf8-table.pl"
+"B<never> dereference aliases (default), B<always> dereference aliases, only "
+"during a B<search> or only to B<find> the base object."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:218
+#: src/auth/basic/LDAP/basic_ldap_auth.8:199
 msgid ""
-"The ldap server list can be: server - In this case server can be used for "
-"all Kerberos domains server@ - In this case server can be used for all "
-"Kerberos domains server@domain - In this case server can be used for "
-"Kerberos domain domain server1a@domain1:server1b@domain1:server2@domain2:"
-"server3@:server4 - A list is build with a colon as seperator"
+"Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP "
+"libraries).  Servers can also be specified last on the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:255
-msgid "B<RFC1035> - Domain names - implementation and specification,"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:204
+msgid ""
+"Specify the LDAP server to connect to. Servers can also be specified last on "
+"the command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:257
+#: src/auth/basic/LDAP/basic_ldap_auth.8:210
 msgid ""
-"B<RFC2782> - A DNS RR for specifying the location of services (DNS SRV),"
+"Specify an alternate TCP port where the LDAP server is listening if other "
+"than the default LDAP port 389. Can also be specified within the server "
+"specification by using servername:port syntax."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8:262
+#: src/auth/basic/LDAP/basic_ldap_auth.8:231
 msgid ""
-"B<RFC2307bis> - An Approach for Using LDAP as a Network Information Service "
-"http://www.padl.com/~lukeh/rfc2307bis.txt,\""
+"Specify B<timeout> used when connecting to LDAP servers (requires Netscape "
+"LDAP API libraries)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:7
-msgid "Squid LDAP external acl group helper"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:241
+msgid ""
+"Debug mode where each step taken will get reported in detail.  Useful for "
+"understanding what goes wrong if the results is not what is expected."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:9
-msgid "Version 2.17"
-msgstr "Версия 2.17"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:33
-#, fuzzy
-#| msgid ""
-#| "B<basic_ldap_auth> allows Squid to connect to a LDAP directory to "
-#| "validate the user name and password of Basic HTTP authentication.  LDAP "
-#| "options are specified as parameters on the command line, while the "
-#| "username(s) and password(s) to be checked against the LDAP directory are "
-#| "specified on subsequent lines of input to the helper, one username/"
-#| "password pair per line separated by a space."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:246
 msgid ""
-"B<ext_ldap_group_acl> allows Squid to connect to a LDAP directory to "
-"authorize users via LDAP groups.  LDAP options are specified as parameters "
-"on the command line, while the username(s) and group(s) to be checked "
-"against the LDAP directory are specified on subsequent lines of input to the "
-"helper, one username/group pair per line separated by a space."
+"For directories using the RFC2307 layout with a single domain, all you need "
+"to specify is usually the base DN under where your users are located and the "
+"server name:"
 msgstr ""
-"B<basic_ldap_auth> позволяет Squid подключиться к каталогу LDAP для проверки "
-"имени пользователя и пароля для идентификации по HTTP (Basic HTTP "
-"authentication).Опции LDAP задаются в виде параметров в командной строке, а "
-"имя пользователя(ей) и пароль(и) проверяются в каталоге LDAP указанном "
-"следующей строкой ввода в помощнике, одна пара имя пользователя/пароль в "
-"каждой строке, отделена пробелом."
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:44
+#: src/auth/basic/LDAP/basic_ldap_auth.8:254
 msgid ""
-"As expected by the B<external_acl_type> construct of Squid, after specifying "
-"a username and group followed by a new line, this helper will produce either "
-"B<OK> or B<ERR> on the following line to show if the user is a member of the "
-"specified group."
+"If you have sub-domains then you need to use a search filter approach to "
+"locate your user DNs as these can no longer be constructed directly from the "
+"base DN and login name alone:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:48
+#: src/auth/basic/LDAP/basic_ldap_auth.8:261
 msgid ""
-"The program operates by searching with a search filter based on the users "
-"user name and requested group, and if a match is found it is determined that "
-"the user belongs to the group."
+"And similarly if you only want to allow access to users having a specific "
+"attribute"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:53
-msgid "When to dereference aliases. Defaults to 'never'"
+#: src/auth/basic/LDAP/basic_ldap_auth.8:272
+msgid ""
+"Or if the user attribute of the user DN is B<cn> instead of B<uid> and you "
+"do not want to have to search for the users then you could use something "
+"like the following example for Active Directory:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:62
+#: src/auth/basic/LDAP/basic_ldap_auth.8:284
 msgid ""
-"B<never> dereference aliases (default), B<always> dereference aliases, only "
-"while B<search>ing or only to B<find> the base object"
+"If you want to search for the user DN and your directory does not allow "
+"anonymous searches then you must also use the B<-D> and B<-w> flags to "
+"specify a user DN and password to log in as to perform the searches, as in "
+"the following complex Active Directory example"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:67
-msgid "B<REQUIRED.> Specifies the base DN under which the groups are located."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:297
+msgid ""
+"B<NOTE:> When constructing search filters it is strongly recommended to test "
+"the filter using B<ldapsearch> before you attempt to use B<basic_ldap_auth.> "
+"This to verify that the filter matches what you expect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:71
-msgid "Specifies the base DN under which the users are located (if different)"
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:300
+#: src/auth/basic/RADIUS/basic_radius_auth.8:89
+msgid "This program is written by"
+msgstr "Эта программа написана"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:76
-msgid ""
-"Specify timeout used when connecting to LDAP servers (requires Netscape LDAP "
-"API libraries)"
-msgstr ""
+#: src/auth/basic/LDAP/basic_ldap_auth.8:304
+msgid "This manual is written by"
+msgstr "Это руководство написано"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:82
+#: src/auth/basic/LDAP/basic_ldap_auth.8:325
 msgid ""
-"Debug mode where each step taken will get reported in detail.  Useful for "
-"understanding what goes wrong if the result is not what was expected."
+"Or to your favorite LDAP list/friend if the question is more related to LDAP "
+"than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:87
-msgid ""
-"The DN and password to bind as while performing searches. Required if the "
-"LDAP directory does not allow anonymous searches."
+#: src/auth/basic/LDAP/basic_ldap_auth.8:345
+msgid "Your favorite LDAP documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:93
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:5
 msgid ""
-"As the password needs to be printed in plain text in your Squid "
-"configuration and will be sent on the command line to the helper it is "
-"strongly recommended to use a account with minimal associated privileges.  "
-"This to limit the damage in case someone could get hold of a copy of your "
-"Squid configuration file or extracts the password used from a process "
-"listing."
+"basic_ncsa_auth - NCSA httpd-style password file authentication helper for "
+"Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:123
-msgid ""
-"LDAP search filter used to search the LDAP directory for any matching group "
-"memberships.  In the filter B<%u> will be replaced by the user name (or DN "
-"if the B<-F> or B<-u> options are used) and B<%g> by the requested group "
-"name."
-msgstr ""
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:9
+msgid "passwd file"
+msgstr "passwd файл"
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:135
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:14
 msgid ""
-"LDAP search filter used to search the LDAP directory for any matching "
-"users.  In the filter B<%s> will be replaced by the user name. If B<%> is to "
-"be included literally in the filter then use B<%%>"
+"B<basic_ncsa_auth> allows Squid to read and authenticate user and password "
+"information from an NCSA/Apache httpd-style password file when using basic "
+"HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:141
-msgid ""
-"Specifies that the first query argument sent to the helper by Squid is a "
-"extension to the basedn and will be temporarily added in front of the global "
-"basedn for this query."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:17
+msgid "This password file can be manipulated using B<htpasswd.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:145
-msgid "Specify the LDAP server to connect to"
-msgstr "Укажите сервер LDAP для подключения к"
-
-#. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:149
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:30
 msgid ""
-"Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP "
-"libraries)"
+"This authenticator accepts: * Blowfish - for passwords 72 characters or less "
+"in length * SHA256 - with salting and magic strings * SHA512 - with salting "
+"and magic strings * MD5 - with optional salt and magic strings * DES - for "
+"passwords 8 characters or less in length"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:153
-msgid "Strip Kerberos Realm component from user names (@ separated)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:32
+msgid "NOTE: Blowfish and SHA algorithms require system-specific support."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:158
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:36
 msgid ""
-"Specify an alternate TCP port where the LDAP server is listening if other "
-"than the default LDAP port 389."
+"The only parameter is the password file.  It must have permissions to be "
+"read by the user that Squid is running as."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:166
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:44
 msgid ""
-"Use a persistent LDAP connection. Normally the LDAP connection is only open "
-"while verifying a users group membership to preserve resources at the LDAP "
-"server. This option causes the LDAP connection to be kept open, allowing it "
-"to be reused for further user validations. Recommended for larger "
-"installations."
+"B<basic_ncsa_auth> must have access to the password file to be executed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:188
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:35
-msgid "Strip NT domain name component from user names (/ or \\e separated)"
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:50
+msgid ""
+"DES functionality (used by htpasswd by default) silently truncates passwords "
+"to 8 characters.  Allowing login with password values shorter than the one "
+"desired.  This authenticator will reject login with long passwords when "
+"using DES."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:200
-msgid ""
-"LDAP attribute used to construct the user DN from the user name and base dn "
-"without needing to search for the user.  A maximum of 16 occurrences of B<"
-"%s> are supported."
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:56
+msgid "Based on original documentation by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:216
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:70
 msgid ""
-"This helper is intended to be used as an B<external_acl_type> helper in "
-"B<squid.conf .>"
+"This file is distributed in the hope that it will be useful, but WITHOUT ANY "
+"WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS "
+"FOR A PARTICULAR PURPOSE. See the GNU General Public License for more "
+"details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:231
+#: src/auth/basic/NCSA/basic_ncsa_auth.8:76
 msgid ""
-"B<NOTE:> When constructing search filters it is recommended to first test "
-"the filter using B<ldapsearch> to verify that the filter matches what you "
-"expect before you attempt to use B<ext_ldap_group_acl>"
+"You should have received a copy of the GNU General Public License along with "
+"this file; if not, write to the Free Software Foundation, Inc., 59 Temple "
+"Place, Suite 330, Boston, MA 02111-1307 USA"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:240
-msgid "Based on prior work in B<squid_ldap_auth> by"
+#: src/auth/basic/PAM/basic_pam_auth.8:5
+msgid "basic_pam_auth - PAM Basic authentication helper for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:257
-msgid ""
-"Or contact your favorite LDAP list/friend if the question is more related to "
-"LDAP than Squid."
+#: src/auth/basic/PAM/basic_pam_auth.8:9
+msgid "service name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LDAP_group/ext_ldap_group_acl.8:278
-msgid "Your favorite LDAP documentation"
+#: src/auth/basic/PAM/basic_pam_auth.8:11
+msgid "TTL"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:9
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:10
-msgid "Version 1.22"
+#: src/auth/basic/PAM/basic_pam_auth.8:18
+msgid ""
+"B<basic_pam_auth> allows Squid to connect to a mostly any available PAM "
+"database to validate the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:19
-msgid "B<ext_lm_group_acl> is an installed binary in Squid for Windows builds."
+#: src/auth/basic/PAM/basic_pam_auth.8:24
+msgid "Specifies the PAM service name Squid uses, defaults to B<squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:22
+#: src/auth/basic/PAM/basic_pam_auth.8:33
 msgid ""
-"This helper must be used in with an authentication scheme (typically Basic "
-"or NTLM) based on Windows NT/2000 domain users (LM mode)."
+"Enables persistent PAM connections where the connection to the PAM database "
+"is kept open and reused for new logins. The TTL specifies how long the "
+"connection will be kept open (in seconds).  Default is to not keep PAM "
+"connections open. Please note that the use of persistent PAM connections is "
+"slightly outside the PAM specification and may not work with all PAM "
+"configurations."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:31
-msgid "Use case insensitive compare."
+#: src/auth/basic/PAM/basic_pam_auth.8:38
+msgid ""
+"Do not perform the PAM account management group (account expiration etc)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:39
-msgid "Specify the default user's domain."
+#: src/auth/basic/PAM/basic_pam_auth.8:44
+msgid ""
+"The program needs a PAM service to be configured in B</etc/pam.conf> or B</"
+"etc/pam.d/squid>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:43
-msgid "Start helper in Domain Global Group mode."
+#: src/auth/basic/PAM/basic_pam_auth.8:52
+msgid ""
+"The default service name is B<squid> , and the program makes use of the "
+"B<auth> and B<account> management groups to verify the password and the "
+"accounts validity."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:51
-msgid "Use ONLY PDCs for group validation."
+#: src/auth/basic/PAM/basic_pam_auth.8:56
+msgid ""
+"For details on how to configure PAM services, see the PAM documentation for "
+"your system. This manual does not cover PAM configuration details."
 msgstr ""
 
+#. type: SH
+#: src/auth/basic/PAM/basic_pam_auth.8:57
+#, no-wrap
+msgid "NOTES"
+msgstr "ПРИМЕЧАНИЯ"
+
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:77
+#: src/auth/basic/PAM/basic_pam_auth.8:64
 msgid ""
-"In the previous example all validated NT users member of GProxyUsers Global "
-"domain group or member of LProxyUsers machine local group are allowed to use "
-"the cache."
+"When used for authenticating to local UNIX shadow password databases the "
+"program must be running as root or else it won't have sufficient permissions "
+"to access the user password database. Such use of this program is not "
+"recommended, but if you absolutely need to then make the program setuid root"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:85
-msgid ""
-"Groups with spaces in name, for example B<Domain Users> , must be quoted and "
-"the acl data ( B<Domain Users> ) must be placed into a separate file "
-"included by specifying B</path/to/file>"
+#: src/auth/basic/PAM/basic_pam_auth.8:93
+msgid "Squid B<basic_pam_auth> and this manual is Copyright 1999,2002,2003"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:87
-msgid "The previous example will be:"
+#: src/auth/basic/PAM/basic_pam_auth.8:124
+msgid "PAM Systems Administrator Guide"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:94
-msgid "The B<DomainUsers.txt> file will contain only the following line:"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:5
+msgid "basic_radius_auth - Squid RADIUS authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:96
-msgid "B<Domain Users>"
-msgstr ""
+#: src/auth/basic/RADIUS/basic_radius_auth.8:10
+msgid "config file"
+msgstr "конфигурационный файл"
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:105
-msgid ""
-"B<NOTE:> The standard group name comparison is case sensitive, so group name "
-"must be specified with same case as in the NT/2000 Domain.  It's possible to "
-"enable case insensitive group name comparison ( B<-c> ), but on some not-"
-"english locales, the results can be unexpected."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:14
+msgid "server name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:113
-msgid ""
-"B<NOTE:> Native WIN32 NTLM and Basic Helpers must be used without the B<-A> "
-"and B<-D> switches."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:18
+msgid "identifier"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:115
-msgid "Refer to Squid documentation for the more details on squid.conf."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:20
+msgid "secret"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:121
+#: src/auth/basic/RADIUS/basic_radius_auth.8:28
 msgid ""
-"I strongly recommend that B<ext_lm_group_acl> is tested prior to being used "
-"in a production environment. It may behave differently on different "
-"platforms."
+"B<basic_radius_auth> allows Squid to connect to a RADIUS server to validate "
+"the user name and password of Basic HTTP authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:161
-msgid "with contributions by"
-msgstr "внесут свой вклад"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:34
+msgid ""
+"Specifies the path to a configuration file. See the CONFIGURATION section "
+"for details on the file content."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/LM_group/ext_lm_group_acl.8:166
-msgid "Based in part on prior work in B<check_group> by"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:38
+msgid "Alternative method of specifying the server to connect to"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:7
-msgid "Squid session tracking external acl helper."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:43
+msgid ""
+"Specify another server port where the RADIUS server listens for requests if "
+"different from the default RADIUS port.  Normally not specified."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:9
-#, fuzzy
-#| msgid "Version 1.0"
-msgid "Version 1.2"
-msgstr "Версия 1.0"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:48
+msgid ""
+"Unique identifier identifying this Squid proxy to the RADIUS server.  If not "
+"specified the IP address is used to identify the proxy."
+msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:16
-msgid "database"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:54
+msgid ""
+"Alternative method of specifying the shared secret. Using the B<-f> option "
+"with a configuration file is generally more secure and recommended."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:33
-msgid ""
-"B<ext_session_acl> maintains a concept of sessions by monitoring requests "
-"and timing out sessions. The timeout is based either on idle use ( B<-t> ) "
-"or a fixed period of time ( B<-T> ). The former is suitable for displaying "
-"terms and conditions to a user; the latter is suitable for the display of "
-"advertisments or other notices (both as a splash page - see config examples "
-"in the wiki online). The session helper can also be used to force users to "
-"re-authenticate if the B<%LOGIN> and B<-a> are both used."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:58
+msgid "RADIUS request timeout. Default is 10 seconds."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:38
+#: src/auth/basic/RADIUS/basic_radius_auth.8:65
 msgid ""
-"Idle timeout for any session. The default if not specified (set to 3600 "
-"seconds)."
+"The configuration specifies how the helper connects to RADIUS.  The file "
+"contains a list of directives (one per line). Lines beginning with a B<#> "
+"are ignored."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:51
-msgid ""
-"Fixed timeout for any session. This will end the session after the timeout "
-"regardless of a user's activity. If used with B<active> mode, this will "
-"terminate the user's session after B<timeout> , after which another B<LOGIN> "
-"will be required.  B<LOGOUT> will reset the session and timeout."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:69
+msgid "specifies the name or address of the RADIUS server to connect to."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:64
-msgid ""
-"B<Path> to persistent database. If a file is specified then that single file "
-"is used as the database. If a path is specified, a Berkeley DB database "
-"environment is created within the directory. The advantage of the latter is "
-"better database support between multiple instances of the session helper. "
-"Using multiple instances of the session helper with a single database file "
-"will cause synchronisation problems between processes.  If this option is "
-"not specified the session details will be kept in memory only and all "
-"sessions will reset each time Squid restarts its helpers (Squid restart or "
-"rotation of logs)."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:73
+msgid "specifies the shared RADIUS secret."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:74
+#: src/auth/basic/RADIUS/basic_radius_auth.8:78
 msgid ""
-"Active mode. In this mode sessions are started by evaluating an acl with the "
-"argument B<LOGIN> , or terminated by the argument B<LOGOUT .> Without this "
-"flag the helper automatically starts the session after the first request."
+"specifies what name the proxy should use to identify itself to the RADIUS "
+"server.  This directive is optional."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:81
+#: src/auth/basic/RADIUS/basic_radius_auth.8:82
 msgid ""
-"The B<ext_session_acl> helper is a concurrent helper; therefore, the "
-"concurrency= option B<must> be specified in the configuration."
+"Specifies the port number or service name where the helper should connect."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:83
-msgid "Passive session configuration example using the default automatic mode"
+#: src/auth/basic/RADIUS/basic_radius_auth.8:86
+msgid "Specifies the RADIUS request timeout."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/session/ext_session_acl.8:96
-msgid ""
-"Then set up B<http://your.server.example.com/bannerpage> to display a "
-"session startup page and then redirect the user back to the requested URL "
-"given in the url query parameter."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:93
+msgid "With contributions from many others."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:7
-msgid "Squid time quota external acl helper."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:116
+msgid ""
+"Or contact your favorite RADIUS list/friend if the question is more related "
+"to RADIUS than Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:18
-msgid ""
-"B<ext_time_quota_acl> allows an administrator to define time budgets for the "
-"users of squid to limit the time using squid."
+#: src/auth/basic/RADIUS/basic_radius_auth.8:135
+msgid "B<RFC2058> - Remote Authentication Dial In User Service (RADIUS)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:23
+#: src/auth/basic/SASL/basic_sasl_auth.8:5
 msgid ""
-"This is useful for corporate lunch time allocations, wifi portal pay-per-"
-"minute installations or for parental control of children. The administrator "
-"can define a time budget (e.g. 1 hour per day) which is enforced through "
-"this helper."
+"basic_sasl_auth - Basic Authentication using SASL (specifically the cyrus-"
+"sasl authentication method)"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:31
+#: src/auth/basic/SASL/basic_sasl_auth.8:16
 msgid ""
-"B<Filename> of persistent database. This defaults to ext_time_quota.db in "
-"Squids state directory."
+"B<basic_sasl_auth> is an installed binary helper for Squid. SASL is "
+"configurable (somewhat like PAM).  Each service authenticating against SASL "
+"identifies itself with an application name.  Each application can be "
+"configured independently by the SASL administrator."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:38
+#: src/auth/basic/SASL/basic_sasl_auth.8:22
 msgid ""
-"B<Pauselen> is given in seconds and defines the period between two requests "
-"to be treated as part of the same session.  Pauses shorter than this value "
-"will be counted against the quota, longer ones ignored.  Default is 300 "
-"seconds (5 minutes)."
+"To configure the authentication method used the file B<basic_sasl_auth.conf> "
+"can be placed in the appropriate location, usually B</usr/lib/sasl.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:44
+#: src/auth/basic/SASL/basic_sasl_auth.8:29
 msgid ""
-"B<Filename> where all logging and debugging information will be written. If "
-"none is given, then stderr will be used and the logging will go to Squids "
-"main cache.log."
+"The authentication database is defined by the B<pwcheck_method> parameter.  "
+"Only the B<PLAIN> authentication mechanism is used."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:48
-msgid "Enables debug logging in the logfile."
-msgstr ""
+#: src/auth/basic/SASL/basic_sasl_auth.8:31
+msgid "Examples:"
+msgstr "Например:"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:52
-msgid "show a short command line help."
+#: src/auth/basic/SASL/basic_sasl_auth.8:34
+msgid "use sasldb - the default if no conf file is installed."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:56
-msgid "This file contains the definition of the time budgets for the users."
+#: src/auth/basic/SASL/basic_sasl_auth.8:36
+#, no-wrap
+msgid " - use PAM authentication database\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:65
+#: src/auth/basic/SASL/basic_sasl_auth.8:39
+#, no-wrap
 msgid ""
-"The time quotas of the users are defined in a text file typically residing "
-"in /etc/squid/time_quota. Any line starting with \"#\" contains a comment "
-"and is ignored. Every line must start with a user followed by a time budget "
-"and a corresponding time period separated by \"/\". Here is an example file:"
+" - use traditional \n"
+"B</etc/passwd>\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:68
-msgid "# user budget / period"
+#: src/auth/basic/SASL/basic_sasl_auth.8:41
+#, no-wrap
+msgid " - use slightly less traditional /etc/shadow\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:79
+#: src/auth/basic/SASL/basic_sasl_auth.8:44
 msgid ""
-"John has a time budget of 8 hours every day, littlejoe is only allowed 1 "
-"hour and the poor babymary only 30 minutes a week."
+"Others methods may be supported by your cyrus-sasl implementation - consult "
+"your cyrus-sasl documentation for information."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:83
+#: src/auth/basic/SASL/basic_sasl_auth.8:57
 msgid ""
-"You can use \"s\" for seconds, \"m\" for minutes, \"h\" for hours, \"d\" for "
-"days and \"w\" for weeks. Numerical values can be given as integer values or "
-"with a fraction. E.g. \"0.5h\" means 30 minutes."
+"Typically the authentication database ( B</etc/sasldb> , B</etc/shadow> , "
+"B<PAM> )  can not be accessed by a normal user. You should use setuid/setgid "
+"and an appropriate user/group on the executable to allow the authenticator "
+"to access the appropriate password database. If the access to the database "
+"is not permitted then the authenticator will typically fail with \"-1, "
+"generic error\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:89
+#: src/auth/basic/SASL/basic_sasl_auth.8:72
 msgid ""
-"This helper is configured in B<squid.conf> using the B<external_acl_type> "
-"directive then access controls which use it to allow or deny."
+"If the application name B<basic_sasl_auth> will also be used for the PAM "
+"service name if B<pwcheck_method:pam> is chosen. And example PAM "
+"configuration file B<basic_sasl_auth.pam> is also included."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:92
-msgid "Here is an example."
-msgstr ""
+#: src/auth/basic/SSPI/basic_sspi_auth.8:5
+#, fuzzy
+#| msgid "Allows authentication through nsswitch.conf"
+msgid "basic_sspi_auth.exe - Basic authentication protocol"
+msgstr "Позволяет идентифицировать с помощью nsswitch.conf"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:95
-msgid "# Ensure that users have a valid login. We need their username."
+#: src/auth/basic/SSPI/basic_sspi_auth.8:12
+#: src/auth/basic/SSPI/basic_sspi_auth.8:14
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:12
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:14
+msgid "Group Name"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:102
-msgid "# Define program and quota file"
+#: src/auth/basic/SSPI/basic_sspi_auth.8:16
+msgid "Default Domain"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:118
+#: src/auth/basic/SSPI/basic_sspi_auth.8:22
 msgid ""
-"In this example, after restarting Squid it should allow access only for "
-"users as long as they have time budget left.  If the budget is exceeded the "
-"user will be presented with an error page informing them."
+"B<basic_sspi_auth.exe> is a simple authentication module for the Squid proxy "
+"server running on Windows NT to authenticate users on an NT domain in native "
+"WIN32 mode."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:124
+#: src/auth/basic/SSPI/basic_sspi_auth.8:31
 msgid ""
-"In this example we use separate B<users> access control and B<noquota> ACL "
-"in order to keep the username and password prompt and the quota-exceeded "
-"messages separated."
+"Usage is simple. It accepts a username and password on standard input and "
+"will return B<OK> if the username/password is valid for the domain/machine, "
+"or B<ERR> if there was some problem. It is possible to authenticate against "
+"NT trusted domains specifying the username in the domain\\eusername "
+"Microsoft notation."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:36
+msgid "A Windows Local Group name allowed to authenticate."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:44
+msgid "A Windows Local Group name not allowed to authenticate."
+msgstr ""
+
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:48
+msgid "The default Domain against to authenticate."
 msgstr ""
 
+#. logon from the network\"" 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:144
+#: src/auth/basic/SSPI/basic_sspi_auth.8:55
 msgid ""
-"User is just a unique key value. The above example uses %LOGIN and the "
-"username but any of the B<external_acl_type> format tags can be substituted "
-"in its place.  B<%EXT_TAG> , B<%LOGIN> , B<%IDENT> , B<%EXT_USER> , B<"
-"%SRC> , B<%SRCEUI48> , and B<%SRCEUI64> are all likely candidates for client "
-"identification.  The Squid wiki has more examples at http://wiki.squid-cache."
-"org/ConfigExamples."
+"Users that are allowed to access the web proxy must have the Windows NT User "
+"Rights I<\\&\\&> and must be included in the NT LOCAL User Groups specified "
+"in the Authenticator's command line."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:145
-#, no-wrap
-msgid "LIMITATIONS"
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:58
+msgid ""
+"This can be accomplished creating a local user group on the NT machine, "
+"grant the privilege, and adding users to it."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:150
+#: src/auth/basic/SSPI/basic_sspi_auth.8:63
 msgid ""
-"This helper only controls access to the Internet through HTTP. It does not "
-"control other protocols, like VOIP, ICQ, IRC, FTP, IMAP, SMTP or SSH."
+"You will need to set the following line in B<squid.conf> to enable the "
+"authenticator:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:158
+#: src/auth/basic/SSPI/basic_sspi_auth.8:71
 msgid ""
-"Desktop browsers are typically able to deal with authentication to HTTP "
-"proxies like B<squid .> But more and more different programs and devices "
-"(smartphones, games on mobile devices, ...) are using the Internet over "
-"HTTP. These devices are often not able to work through an authenticating "
-"proxy.  Means other than %LOGIN authentication are required to authorize "
-"these devices and software."
+"You will need to set the following lines in B<squid.conf> to enable "
+"authentication for your access list:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:163
+#: src/auth/basic/SSPI/basic_sspi_auth.8:83
 msgid ""
-"A more general control to Internet access could be a captive portal approach "
-"(such as pfSense or ChilliSpot) using %SRC, %SRCEUI48 and %SRCEUI64 as keys "
-"or maybe a 802.11X solution. But the latter is often not supported by mobile "
-"devices."
+"You will need to specify the absolute path to B<basic_sspi_auth.exe> in the "
+"B<auth_param basic program> directive."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:164
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:98
 #, no-wrap
-msgid "IMPLEMENTATION"
+msgid ""
+"I strongly urge that \n"
+"B<basic_sspi_auth.exe>\n"
+"is tested prior to being used in a \n"
+"production environment. It may behave differently on different platforms.\n"
+"To test it, run it from the command line. Enter username and password\n"
+"pairs separated by a space. Press ENTER to get an OK or ERR message.\n"
+"Make sure pressing \n"
+"B<CTRL-D>\n"
+" behaves the same as a carriage return.\n"
+"Make sure pressing \n"
+"B<CTRL-C>\n"
+" aborts the program.\n"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:172
+#: src/auth/basic/SSPI/basic_sspi_auth.8:108
 msgid ""
-"When the helper is called it will be asked if the current user is allowed to "
-"access squid. The helper will reduce the remaining time budget of this user "
-"and return B<OK> if there is budget left. Otherwise it will return B<ERR .>"
+"Test that entering an invalid username and password results in an B<ERR> "
+"message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:185
+#: src/auth/basic/SSPI/basic_sspi_auth.8:113
 msgid ""
-"The B<ttl=N> parameter in B<squid.conf> determines how often the helper will "
-"be called, the example config uses a 1 minute TTL.  The interaction is that "
-"Squid will only call the helper on new requests B<if> there has been more "
-"than TTL seconds passed since last check.  This handling creates an amount "
-"of slippage outside the quota by whatever amount is configured.  TTL can be "
-"set as short as desired, down to and including zero.  Though values of 1 or "
-"more are recommended due to a quota resolution of one second."
+"Note that if NT guest user access is allowed on the PDC, an B<OK> message "
+"may be returned instead of B<ERR>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:190
+#: src/auth/basic/SSPI/basic_sspi_auth.8:117
 msgid ""
-"If the configured time period (e.g. \"1w\" for babymary) is over, the time "
-"budget will be restored to the configured value thus allowing the user to "
-"access squid with a fresh budget."
+"Test that entering a valid username and password results in an B<OK> message."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:202
+#: src/auth/basic/SSPI/basic_sspi_auth.8:120
 msgid ""
-"If the time between the current request and the previous request is greater "
-"than B<pauselen> (default 5 minutes and adjustable with command line "
-"parameter B<-p> ), the current request will be considered as a new request "
-"and the time budget will not be decreased. If the time is less than "
-"B<pauselen> , then both requests will be considered as part of the same "
-"active time period and the time budget will be decreased by the time "
-"difference. This allows the user to take arbitrary breaks during Internet "
-"access without losing their time budget."
+"Test that entering a guest username and password returns the correct "
+"response for the site's access policy."
 msgstr ""
 
-#. type: SH
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:203
-#, no-wrap
-msgid "FURTHER IDEAS"
+#. type: Plain text
+#: src/auth/basic/SSPI/basic_sspi_auth.8:126
+#: src/auth/digest/file/digest_file_auth.8:65
+msgid "Based on prior work by"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:206
-msgid ""
-"The following ideas could further improve this helper. Maybe someone wants "
-"to help? Any support or feedback is welcome!"
+#: src/auth/digest/file/digest_file_auth.8:5
+msgid "digest_file_auth - File based digest authentication helper for Squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:211
-msgid ""
-"There should be a way for a user to see their configured and remaining time "
-"budget. This could be realized by implementing a web page accessing the "
-"database of the helper showing the corresponding data. One of the problems "
-"to be solved is user authentication."
-msgstr ""
+#: src/auth/digest/file/digest_file_auth.8:7
+#, fuzzy
+#| msgid "Version 1.0"
+msgid "Version 1.1"
+msgstr "Версия 1.0"
 
 #. type: Plain text
-#: helpers/external_acl/time_quota/ext_time_quota_acl.8:214
-msgid ""
-"We could always return \"OK\" and use the module simply as an Internet usage "
-"tracker showing who has stayed how long in the WWW."
+#: src/auth/digest/file/digest_file_auth.8:12
+#: tools/squidclient/squidclient.1:28
+msgid "file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:7
-msgid "Squid UNIX Group ACL helper"
+#: src/auth/digest/file/digest_file_auth.8:17
+msgid ""
+"B<digest_file_auth> is an installed binary authentication program for Squid. "
+"It handles digest authentication protocol and authenticates against a text "
+"file backend."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:11
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:13
-msgid "group"
+#: src/auth/digest/file/digest_file_auth.8:20
+msgid ""
+"This program will automatically detect the existence of a concurrency "
+"channel-ID and adjust appropriately.  It may be used with any value 0 or "
+"above for the auth_param children concurrency= parameter."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:18
+#: src/auth/digest/file/digest_file_auth.8:25
 msgid ""
-"B<ext_unix_group_acl> allows Squid to base access controls on users "
-"memberships in UNIX groups."
+"Accept digest hashed passwords rather than plaintext in the password file"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:26
-msgid "Specifies a group name to match."
+#: src/auth/digest/file/digest_file_auth.8:29
+msgid "Username database file format:"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:31
-msgid "Also match the users primary group from B</etc/passwd>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:29
+#, no-wrap
+msgid "- comment lines are possible and should start with a '#';"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:49
-msgid ""
-"This B<squid.conf> example defines two Squid acls.  I<usergroup1> matches "
-"users in I<group1> , and I<usergroup2> matches users in I<group2> or "
-"I<group3>"
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:32
+#, no-wrap
+msgid "- empty or blank lines are possible;"
 msgstr ""
 
-#. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:61
-msgid ""
-"By default up to 11 groups can be matched in one acl (including commandline "
-"specified groups). This limit is defined by B<MAX_GROUPS> in the source code."
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:35
+#, no-wrap
+msgid "- plaintext entry format is username:password"
+msgstr ""
+
+#. type: TP
+#: src/auth/digest/file/digest_file_auth.8:38
+#, no-wrap
+msgid "- HA1 entry format is username:realm:HA1"
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:67
+#: src/auth/digest/file/digest_file_auth.8:51
 msgid ""
-"Does not understand GID aliased groups sometimes used to work around groups "
-"size limitations. If you are using GID aliased groups then you must specify "
-"each alias by name."
+"To build a directory integrated backend, you need to be able to calculate "
+"the HA1 returned to squid. To avoid storing a plaintext password you can "
+"calculate B<MD5(username:realm:password)> when the user changes their "
+"password, and store the tuple B<username:realm:HA1.> then find the matching "
+"B<username:realm> when squid asks for the HA1."
 msgstr ""
 
 #. type: Plain text
-#: helpers/external_acl/unix_group/ext_unix_group_acl.8:99
-msgid "Additionally bugs or bug-fixes can be reported to"
+#: src/auth/digest/file/digest_file_auth.8:59
+msgid ""
+"This implementation could be improved by using such a triple for the file "
+"format.  However storing such a triple does little to improve security: If "
+"compromised the B<username:realm:HA1> combination is \"plaintext equivalent"
+"\" - for the purposes of digest authentication they allow the user access. "
+"Password synchronization is not tackled by digest - just preventing on the "
+"wire compromise."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:7
-msgid "Squid kerberos based authentication helper"
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:5
+msgid "negotiate_kerberos_auth - Squid kerberos based authentication helper"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:9
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:7
 #, fuzzy
 #| msgid "Version 1.0"
 msgid "Version 3.0.4sq"
 msgstr "Версия 1.0"
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:18
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:16
 msgid ""
 "B<negotiate_kerberos_auth> is an installed binary and allows Squid to "
 "authenticate users via the Negotiate protocol and Kerberos."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:32
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:30
 msgid "Remove realm from username before returning the username to squid."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:35
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:33
 msgid "Provide Service Principal Name."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:42
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:36
+msgid "Provide Kerberos Keytab Name (Default: /etc/krb5.keytab)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:39
+msgid "Provide Replay Cache Directory (Default: /var/tmp)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:42
+msgid "Provide Replay Cache Type (Default: dfl)"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:49
 msgid ""
 "This helper is intended to be used as an B<authentication> helper in B<squid."
 "conf.>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:62
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:67
+#, no-wrap
+msgid ""
+"Add the following lines to the squid startup script to point squid to a keytab file which\n"
+"contains the HTTP/fqdn service principal for the default Kerberos domain. The keytab name can\n"
+"also be provided by the -k E<lt>keytab nameE<gt> option. The fqdn must be the proxy name set in IE\n"
+" or firefox. You can not use an IP address.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:70
 msgid "KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:69
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:77
 msgid "KRB5_CONFIG=/etc/krb5-squid.conf export KRB5_CONFIG"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:75
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:83
 msgid ""
 "Kerberos can keep a replay cache to detect the reuse of Kerberos tickets "
 "(usually only possible in a 5 minute window) . If squid is under high load "
 "with Negotiate(Kerberos) proxy authentication requests the replay cache "
 "checks can create high CPU load. If the environment does not require high "
 "security the replay cache check can be disabled for MIT based Kerberos "
-"implementations by adding the following to the startup script"
+"implementations by adding the below to the startup script or use the -t none "
+"option."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:78
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:86
 msgid "KRB5RCACHETYPE=none export KRB5RCACHETYPE"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:81
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:89
 msgid ""
 "If negotiate_kerberos_auth doesn't determine for some reason the right "
 "service principal you can provide it with -s HTTP/fqdn."
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:84
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:92
 msgid ""
 "If you serve multiple Kerberos realms add a HTTP/fqdn@REALM service "
 "principal per realm to the HTTP.keytab file and use the -s GSS_C_NO_NAME "
@@ -3315,31 +3462,40 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:121
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:108
+#, no-wrap
+msgid ""
+" * Copyright (C) 1996-2014 The Squid Software Foundation and contributors\n"
+" *\n"
+" * Squid software is distributed under GPLv2+ license and includes\n"
+" * contributions from numerous individuals and organizations.\n"
+" * Please see the COPYING and CONTRIBUTORS files for details.\n"
+msgstr ""
+
+#. type: Plain text
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:136
 msgid ""
 "B<RFC4559> - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft "
 "Windows,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:123
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:138
 msgid "B<RFC2478> - The Simple and Protected GSS-API Negotiation Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8:125
+#: src/auth/negotiate/kerberos/negotiate_kerberos_auth.8:140
 msgid "B<RFC1964> - The Kerberos Version 5 GSS-API Mechanism,"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:8
-msgid ""
-"Native Windows NTLM/NTLMv2 authenticator for Squid with automatic support "
-"for NTLM NEGOTIATE packets."
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:5
+msgid "ntlm_sspi_auth.exe - Native Windows NTLM/NTLMv2 authenticator for Squid"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:24
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:21
 msgid ""
 "B<ntlm_sspi_auth.exe> is an installed binary built on Windows systems. It "
 "provides native access to the Security Service Provider Interface of Windows "
@@ -3348,42 +3504,42 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:29
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:26
 msgid "Specify a Windows Local Group name allowed to authenticate."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:37
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:34
 msgid ""
 "Specify a Windows Local Group name which is to be denied authentication."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:45
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:42
 msgid "Enables verbose NTLM packet debugging."
 msgstr "Включить подробную отладку NTLM пакетов."
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:49
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:46
 msgid "B<Allowing Users>"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:52
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:49
 msgid ""
 "Users that are allowed to access the web proxy must have the Windows NT User "
 "Rights \"logon from the network\"."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:56
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:53
 msgid ""
 "Optionally the authenticator can verify the NT LOCAL group membership of the "
 "user against the User Group specified in the Authenticator's command line."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:60
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:57
 msgid ""
 "This can be accomplished creating a local user group on the NT machine, "
 "grant the privilege, and adding users to it, it works only with MACHINE "
@@ -3391,24 +3547,24 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:64
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:61
 msgid ""
 "Better group checking is available with external ACL, see B<ext_ad_group_acl."
 "exe> documentation."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:67
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:64
 msgid "B<squid.conf> typical minimal required changes:"
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:79
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:76
 msgid "Refer to Squid documentation for more details."
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:87
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:84
 msgid ""
 "Internet Explorer has some problems with B<ftp://> URLs when handling "
 "internal Squid FTP icons.  The following B<squid.conf> ACL works around this "
@@ -3416,44 +3572,195 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8:98
+#: src/auth/ntlm/SSPI/ntlm_sspi_auth.8:95
 #, fuzzy
 #| msgid "Based on original code by"
 msgid "Based on prior work in by"
 msgstr "Основан на оригинальном коде"
 
 #. type: Plain text
-#: src/squid.8.in:7
-msgid "HTTP web proxy caching server"
+#: src/security/cert_generators/file/security_file_certgen.8.in:5
+msgid "security_file_certgen - SSL certificate generator for Squid."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:13
+#: src/security/cert_generators/file/security_file_certgen.8.in:15
+#: src/security/cert_generators/file/security_file_certgen.8.in:22
+#: src/security/cert_generators/file/security_file_certgen.8.in:29
+msgid "directory"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:17
+msgid "size"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:24
+msgid "serial number"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:33
+msgid "B<security_file_certgen> is an installed binary."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:36
+msgid ""
+"Because the generation and signing of SSL certificates takes time Squid must "
+"use external process to handle the work."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:40
+msgid ""
+"This process generates new SSL certificates and uses a disk cache of "
+"certificates to improve response times on repeated requests.  Communication "
+"occurs via TCP sockets bound to the loopback interface."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:46
+msgid ""
+"File system block size in bytes. Needed for processing natural size of "
+"certificate on disk.  Default value is 2048 bytes."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:53
+msgid ""
+"Initialize the SSL storage database and exit.  Requires the B<-s> option to "
+"determine the storage location being created."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:64
+msgid ""
+"Display the current serial number using stderr and exit.  Requires B<-s> "
+"option to determine which storage directory the serial is located in."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:72
+msgid "Directory path of disk storage for new SSL certificates."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:76
+msgid "Maximum size of SSL certificate disk storage."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:83
+msgid ""
+"HEX B<serial number > to use when initializing an SSL storage database.  The "
+"default value of serial number is the number of seconds since Epoch minus "
+"1200000000."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:87
+msgid "Display the binary version details using stderr."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:91
+msgid "B<SSL errors after changing the CA>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:95
+#: src/security/cert_generators/file/security_file_certgen.8.in:123
+msgid ""
+"Certificates are stored in this database in signed form.  After any change "
+"to the signing CA in squid.conf be sure to erase and re-initialize the "
+"certificate database."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:98
+msgid "B<Certificate chaining>"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:103
+msgid ""
+"The version 1.0 of this helper will not add chained intermediate CA "
+"certificates.  The client must have a full chain of trust from the root CA "
+"all the way down to the end certificate generated by this program."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:106
+msgid ""
+"Signing with an intermediate CA needs to install both the root and the "
+"intermediate public CA on the clients."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:113
+msgid ""
+"Before this helper can be used the storage area for new certificates must be "
+"initialized manually.  This is done from the command line using the B<-c> "
+"parameters."
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:116
+#, fuzzy
+#| msgid "Examples:"
+msgid "For example:"
+msgstr "Например:"
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:128
+msgid ""
+"For simple configuration the helper defaults can be used.  Only HTTP "
+"listening port options are required to enable generation and set the signing "
+"CA certificate.  For Example:"
+msgstr ""
+
+#. type: Plain text
+#: src/security/cert_generators/file/security_file_certgen.8.in:137
+msgid ""
+"For more customized configuration the helper certificate storage directory "
+"location and size can be altered with the B<sslcrtd_program> configuration "
+"directive.  For example:"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:5
+msgid "squid - HTTP web proxy caching server"
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:11
 msgid "facility"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:15
+#: src/squid.8.in:13
 msgid "config-file"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:19
+#: src/squid.8.in:17
 msgid "signal"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:21
+#: src/squid.8.in:19
 msgid "service-name"
 msgstr "название службы"
 
 #. type: Plain text
-#: src/squid.8.in:23
+#: src/squid.8.in:21
 msgid "command-line"
 msgstr "командная строка"
 
 #. type: Plain text
-#: src/squid.8.in:32
+#: src/squid.8.in:30
 msgid ""
 "B<squid> is a high-performance proxy caching server for web clients, "
 "supporting FTP, gopher, ICAP, ICP, HTCP and HTTP data objects.  Unlike "
@@ -3462,7 +3769,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:36
+#: src/squid.8.in:34
 msgid ""
 "Squid keeps meta data and especially hot objects cached in RAM, caches DNS "
 "lookups, supports non-blocking DNS lookups, and implements negative caching "
@@ -3470,7 +3777,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:41
+#: src/squid.8.in:39
 msgid ""
 "Squid supports SSL, extensive access controls, and full request logging.  By "
 "using the lightweight Internet Cache Protocols ICP, HTCP or CARP, Squid "
@@ -3479,7 +3786,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:49
+#: src/squid.8.in:47
 msgid ""
 "Squid consists of a main server program B<squid> , some optional programs "
 "for custom processing and authentication, and some management and client "
@@ -3489,12 +3796,12 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:51
+#: src/squid.8.in:49
 msgid "Squid is derived from the ARPA-funded Harvest Project."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:57
+#: src/squid.8.in:55
 msgid ""
 "This manual page only lists the command line arguments.  For details on how "
 "to configure Squid see the file B<@SYSCONFDIR@/squid.conf.documented,> the "
@@ -3503,26 +3810,26 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:66
+#: src/squid.8.in:64
 msgid ""
 "Specify HTTP port number where Squid should listen for requests, in addition "
 "to any B<http_port> specifications in B<squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:70
+#: src/squid.8.in:68
 msgid "Do not catch fatal signals."
 msgstr "Не перехватывать сигналы отказов."
 
 #. type: Plain text
-#: src/squid.8.in:74
+#: src/squid.8.in:72
 msgid "Write debugging to stderr also."
 msgstr ""
 "Отладочную информацию тоже записывать в стандартный файл вывода сообщений об "
 "ошибках (stderr)."
 
 #. type: Plain text
-#: src/squid.8.in:86
+#: src/squid.8.in:84
 msgid ""
 "Use the given config-file instead of B<@SYSCONFDIR@/squid.conf .> If the "
 "file name starts with a B<!> or B<|> then it is assumed to be an external "
@@ -3532,92 +3839,99 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:90
+#: src/squid.8.in:88
 msgid "Don't serve any requests until store is rebuilt."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:94
+#: src/squid.8.in:92
 msgid "Print help message."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:100
+#: src/squid.8.in:98
 msgid "Install as a Windows Service (see B<-n> option)."
 msgstr "установить как Службу Windows (see B<-n> option)."
 
 #. type: Plain text
-#: src/squid.8.in:107
+#: src/squid.8.in:105
 msgid ""
 "Parse configuration file, then send signal to running copy (except B<-k "
 "parse> ) and exit."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:112
+#: src/squid.8.in:110
 msgid "Use specified syslog facility. Implies B<-s>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:117
+#: src/squid.8.in:115
 msgid ""
 "Specify Windows Service name to use for service operations, default is: "
 "B<Squid>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:121
+#: src/squid.8.in:119
 msgid "No daemon mode."
 msgstr "Не в режиме демона."
 
 #. type: Plain text
 #: src/squid.8.in:125
+msgid ""
+"Parent process does not exit until its children have finished. It has no "
+"effect with B<-N> which does not fork/exit at startup."
+msgstr ""
+
+#. type: Plain text
+#: src/squid.8.in:129
 msgid "Set Windows Service Command line options in Registry."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:131
+#: src/squid.8.in:135
 msgid "Remove a Windows Service (see B<-n> option)."
 msgstr "Убрать из служб Windows (see B<-n> option)."
 
 #. type: Plain text
-#: src/squid.8.in:137
+#: src/squid.8.in:141
 msgid "Do not set B<REUSEADDR> on port."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:142
+#: src/squid.8.in:146
 msgid ""
 "Enable logging to syslog. Also configurable in B<@SYSCONFDIR@/squid.conf>"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:146
+#: src/squid.8.in:150
 msgid "Double-check swap during rebuild."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:150
+#: src/squid.8.in:154
 msgid "Specify ICP port number (default: 3130), disable with 0."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:154
+#: src/squid.8.in:158
 msgid "Print version and build details."
 msgstr "Показать версию и информацию о сборке."
 
 #. type: Plain text
-#: src/squid.8.in:158
+#: src/squid.8.in:162
 msgid "Force full debugging."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:166
+#: src/squid.8.in:170
 msgid "Only return B<UDP_HIT> or B<UDP_MISS_NOFETCH> during fast reload."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:174
+#: src/squid.8.in:178
 msgid ""
 "Create missing swap directories and other missing cache_dir structures, then "
 "exit. All cache_dir types create the configured top-level directory if it is "
@@ -3627,7 +3941,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:179
+#: src/squid.8.in:183
 msgid ""
 "This option does not enable validation of any present swap structures. Its "
 "focus is on creation of missing pieces. If nothing is missing, squid -z just "
@@ -3636,25 +3950,25 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:184
+#: src/squid.8.in:188
 msgid ""
 "By default, squid -z runs in daemon mode (so that configuration macros and "
 "other SMP features work as expected). Use B<-N> option to overwrite this."
 msgstr ""
 
 #. type: SH
-#: src/squid.8.in:185
+#: src/squid.8.in:189
 #, no-wrap
 msgid "FILES"
 msgstr "ФАЙЛЫ"
 
 #. type: Plain text
-#: src/squid.8.in:187
+#: src/squid.8.in:191
 msgid "Squid configuration files located in @SYSCONFDIR@/:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:193
+#: src/squid.8.in:197
 msgid ""
 "The main configuration file. You must initially make changes to this file "
 "for B<squid> to work. For example, the default configuration only allows "
@@ -3663,21 +3977,21 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:197 src/squid.8.in:203
+#: src/squid.8.in:201 src/squid.8.in:207
 msgid ""
 "Reference copy of the configuration file. Always kept up to date with the "
 "version of Squid you are using."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:199
+#: src/squid.8.in:203
 msgid ""
 "Use this to look up the default configuration settings and syntax after "
 "upgrading."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:208
+#: src/squid.8.in:212
 msgid ""
 "Use this to read the documentation for configuration options available in "
 "your build of Squid. The online configuration manual is also available for a "
@@ -3685,17 +3999,17 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:213
+#: src/squid.8.in:217
 msgid "The main configuration file for the web B<cachemgr.cgi> tools."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:216
+#: src/squid.8.in:220
 msgid "The main configuration file for the Sample MSNT authenticator."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:221
+#: src/squid.8.in:225
 msgid ""
 "CSS Stylesheet to control the display of generated error pages.  Use this to "
 "set any company branding you need, it will apply to every language Squid "
@@ -3703,29 +4017,29 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:224
+#: src/squid.8.in:228
 msgid "Some files also located elsewhere:"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:227
+#: src/squid.8.in:231
 msgid "MIME type mappings for FTP gatewaying"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:230
+#: src/squid.8.in:234
 msgid "Location of Squid error pages and templates."
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:233
+#: src/squid.8.in:237
 msgid ""
 "Squid was written over many years by a changing team of developers and "
 "maintained in turn by"
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:240
+#: src/squid.8.in:244
 msgid ""
 "With contributions from many others in the Squid community.  see "
 "CONTRIBUTORS for a full list of individuals who contributed code.  see "
@@ -3733,39 +4047,12 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: src/squid.8.in:248
-msgid ""
-"This software product, SQUID, is developed by a team of individuals, and "
-"copyrighted (C) 2001 by the Regents of the University of California, with "
-"all rights reserved.  UCSD administered the NLANR Cache grants, NCR 9616602 "
-"and NCR 9521745 under which most of this code was developed."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:255
-msgid ""
-"This program is free software; you can redistribute it and/or modify it "
-"under the terms of the GNU General Public License (version 2) as published "
-"by the Free Software Foundation.  It is distributed in the hope that it will "
-"be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of "
-"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General "
-"Public License for more details."
-msgstr ""
-
-#. type: Plain text
-#: src/squid.8.in:257
-msgid ""
-"see the CREDITS file for further copyright licensing of third-party code "
-"contributions."
-msgstr ""
-
-#. type: Plain text
-#: tools/cachemgr.cgi.8.in:7
-msgid "Squid HTTP proxy manager CGI web interface"
+#: tools/cachemgr.cgi.8.in:5
+msgid "cachemgr.cgi - Squid HTTP proxy manager CGI web interface"
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:18
+#: tools/cachemgr.cgi.8.in:16
 msgid ""
 "The cache manager ( B<cachemgr.cgi> ) is a CGI utility for displaying "
 "statistics about the Squid HTTP proxy process as it runs. The cache manager "
@@ -3774,14 +4061,14 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:22
+#: tools/cachemgr.cgi.8.in:20
 msgid ""
 "Configuration examples for many common web servers can be found in the Squid "
 "FAQ wiki."
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:34
+#: tools/cachemgr.cgi.8.in:32
 msgid ""
 "The access configuration file defining which Squid servers may be managed "
 "via this B<cachemgr.cgi> program. Each line specifies a B<server>:B<port> "
@@ -3789,7 +4076,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:38
+#: tools/cachemgr.cgi.8.in:36
 msgid ""
 "The server name may contain shell wildcard characters such as *, [] etc.  A "
 "quick selection dropdown menu is automatically constructed from the simple "
@@ -3797,20 +4084,20 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:42
+#: tools/cachemgr.cgi.8.in:40
 msgid ""
 "Specifying :port is optional. If not specified then the default proxy port "
 "is assumed. :* or :any matches any port on the target server."
 msgstr ""
 
 #. type: SH
-#: tools/cachemgr.cgi.8.in:43
+#: tools/cachemgr.cgi.8.in:41
 #, no-wrap
 msgid "SECURITY"
 msgstr "БЕЗОПАСНОСТЬ"
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:50
+#: tools/cachemgr.cgi.8.in:48
 msgid ""
 "B<cachemgr.cgi> calls the requested server on the requested port using HTTP "
 "and returns a formatted version of the response. To avoid abuse it is "
@@ -3819,7 +4106,7 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:56
+#: tools/cachemgr.cgi.8.in:54
 msgid ""
 "Derived from Harvest. Further developed by numerous individuals from the "
 "internet community. Development is led by Duane Wessels of the National "
@@ -3828,69 +4115,453 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/cachemgr.cgi.8.in:67 tools/squidclient/squidclient.1:211
+#: tools/cachemgr.cgi.8.in:70 tools/purge/purge.1:276
+#: tools/squidclient/squidclient.1:252
 msgid ""
 "See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what "
 "you need to include with your bug report."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:7
-msgid "A simple HTTP web client tool"
+#: tools/purge/purge.1:5
+msgid "purge - magnifying glass into your squid cache"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:21
+msgid ""
+"B<purge> is used to have a look at what URLs are stored in which file within "
+"your cache. The B<purge> tool can also be used to release objects which URLs "
+"match user specified regular expressions. A more troublesome feature is the "
+"ability to remove files B<squid> does not seem to know about any longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:23
+msgid ""
+"This is a tool for expert usage only, use it under your own responsibility."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:34
+msgid ""
+"a kind of \"i am alive\" flag. It can only be activated, if your stdout is a "
+"tty. If active, it will display a little rotating line to indicate that "
+"there is actually something happening. You should not use this switch if you "
+"capture your stdout in a file or if your expression list produces many "
+"matches. The -a flag is also incompatible with the (default) multi cache_dir "
+"mode."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:36
+msgid "default: off\t\tSee also: -n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:43
+msgid ""
+"this option lets you specify the location of the squid.conf file.  Purge "
+"understands about more than one cache_dir, and does so by parsing squid."
+"conf. It knows about both ways of Squid-2 cache_dir specifications, and will "
+"automatically try to use the correct one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:45
+msgid "default: /usr/local/squid/etc/squid.conf"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:53
+msgid ""
+"if you want to rescue files from your cache, you need to specify the "
+"directory into which the files will be copied. Please note that purge will "
+"try to establish the original server directory structure. This switch also "
+"activates copy-out mode. Please do not use copy-out mode with any purge mode "
+"(-P) other than 0."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:56
+msgid ""
+"For instance, if you specified \"-C /tmp\", purge will try to recreate /tmp/"
+"www.server.1/url/path/file, and so forth."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:58
+msgid "default: off\t\tSee also: -H, -P"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:63
+msgid ""
+"lets you specify a debug level. Different bits are reserved for different "
+"output."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:65
+msgid "default: 0"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:74
+msgid ""
+"Specify one regular expression to be searched for in the cache.  This is "
+"useful if there is only a handful of objects you want to check. Please "
+"remember to escape the shell meta characters used in your regular "
+"expression. The use of single quotes around your expression is recommended. "
+"The capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:76 tools/purge/purge.1:86
+msgid "default: (no default)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:84
+msgid ""
+"if you have more than a handful of expressions, or want to check the same "
+"set at regular intervals, the file option might be more useful to you. Each "
+"line in the text file will be regarded as one regular expression.  Again, "
+"the capital letter version works case sensitive, the lower caps version does "
+"not."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:91
+msgid ""
+"if in copy-out mode (see: -C), you can specify to keep the HTTP Header in "
+"the recreated file."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:93
+msgid "default: off\t\tSee also: -C"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:104
+msgid ""
+"tell purge to process one cache_dir after another, instead of doing things "
+"in parallel.  If you have more than one cache_dir in your configuration "
+"purge will fork off a worker process for each cache_dir to do the checks for "
+"optimum speed, assuming a decently designed cache. Since parallel execution "
+"will put quite some load on the system and its controllers, it is sometimes "
+"preferred to use less resources,\tthough it will take longer."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:106
+msgid "default: parallel mode for more than one cache_dir"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:116
+msgid ""
+"Some cache admins use a different port than 3128. The purge tool will need "
+"to connect to your cache in order to send the PURGE request (see -P). This "
+"option lets you specify the host and port to connect to. The port is "
+"optional. The port can be a name (check your /etc/services) or number. It is "
+"separated from the host name portion by a single colon, no spaces allowed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:118
+msgid "default: localhost:3128"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:125
+msgid ""
+"If you want to do more than just print your cache content, you will need to "
+"specify this option. Each bit is reserved for a different action. Only the "
+"use of the LSB is recommended, the rest should be considered experimental."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:128
+msgid "B<no bit set:\tjust print>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:130
+msgid "B<bit#0 set:\tsend PURGE for matches>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:132
+msgid "B<bit#1 set:\tunlink object file for 404 not found PURGEs>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:134
+msgid "B<bit#2 set:\tunlink weird object files>"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:145
+msgid ""
+"If you use a value other than 0 or 1, you will need to slow rebuild your "
+"cache content. A warning message will remind you of that. If you use bit#1, "
+"all unsuccessful PURGEs will result in the object file in your cache "
+"directory to be removed, because squid does not seem to know about it any "
+"longer. Beware that the asyncio might try to remove it after the purge tool, "
+"and thus complains bitterly. Bit#1 only makes sense, if Bit#0 is also set, "
+"otherwise it has no effect (since the HTTP status 404 is never returned)."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:152
+msgid ""
+"Bit#2 is reserved for strange files which do not even contain a URL. Beware "
+"that these files may indicate a new object squid currently intends to swap "
+"onto disk. If the file suddenly went away, or is removed when squid tries to "
+"fetch the object, it will complain bitterly. You must slow rebuild your "
+"cache, if you use this option."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:157
+msgid ""
+"It is recommended that if you dare to use bit#1 or bit#2, you should only "
+"grant the purge tool access to your squid, e.g.  move the HTTP and ICP "
+"listening port of squid to a different non-standard location during the "
+"purge."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:159
+msgid "default: 0 (just print)"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:164
+msgid ""
+"If you specify this switch, all commandline parameters will be shown after "
+"they were parsed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:166
+msgid "default: off"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:171
+msgid ""
+"be verbose in the things reported about the file. See the output section "
+"below."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:180
+msgid ""
+"In order to use B<purge> to affect a running proxy with PURGE method, you "
+"will have to enable this feature in squid.conf. By default, PURGE is "
+"disabled. You should watch closely for whom you enable the PURGE ability, "
+"otherwise a total stranger just might wipe your cache content. Lines similar "
+"to the following will need to be added to your squid.conf:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:192
+msgid ""
+"Reconfigure or restart (preferred) your squid after changing the "
+"configuration file."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:193
+#, no-wrap
+msgid "OUTPUT"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:198
+msgid ""
+"In regular mode, the output of purge consists of four columns. If the URL "
+"contains not encoded whitespaces, it may look as if there are more columns, "
+"but the last one is the URI."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:205
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the regular expression.\n"
+" 2 status return result of purge request, \"  0\" in print mode.\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 uri    perceived uri\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:207
+msgid "Example for non-verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:209
+msgid ""
+"/cache3/00/00/0000004A 0 5682 http://graphics.userfriendly.org/images/"
+"slovenia.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:214
+msgid ""
+"In verbose mode, additional columns are inserted before the uri. Time stamps "
+"are reported using hexadecimal notation, and Squid's standard for reporting "
+"\"no such timestamp\" == -1, and \"unparsable timestamp\" == -2."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:228
+#, no-wrap
+msgid ""
+" # name   meaning\n"
+" = ====== ===========================================================\n"
+" 1 file   name of cache file eximed which matches the re.\n"
+" 2 status return result of purge request, \"  0\" in print mode \"-P 0\".\n"
+" 3 size   object size including stored headers, not file size.\n"
+" 4 md5    MD5 of URI from file, or \"(no_md5_data_available)\" string.\n"
+" 5 ts     UTC of Value of Date: header in hex notation\n"
+" 6 lr     UTC of last time the object was referenced\n"
+" 7 ex     UTC of Expires: header\n"
+" 8 lr     UTC of Last-Modified: header\n"
+" 9 flags  Value of objects flags field in hex, see: Programmers Guide\n"
+"10 refcnt number of times the object was referenced.\n"
+"11 uri    STORE_META_URL uri or \"strange_file\"\n"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:230
+msgid "Example for verbose output in print-mode:"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:232
+msgid ""
+"/cache1/00/00/000000B7 0 406 7CFCB1D319F158ADC9CFD991BB8F6DCE 397d449b "
+"39bf677b ffffffff 3820abfc 0460 1 http://www.netscape.com/images/"
+"nc_vera_tile.gif"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:235
+msgid "Purge does not slow rebuild the cache for you."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:238
+msgid ""
+"It is still relatively slow, especially if your machine is low on memory and/"
+"or unable to hold all OS directory cache entries in main memory."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:240
+msgid "Should never be used on \"busy\" caches with purge modes higher than 1."
+msgstr ""
+
+#. type: SH
+#: tools/purge/purge.1:241
+#, no-wrap
+msgid "TODO"
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:248
+msgid ""
+"1) use the stat() result on weird files to have a look at their ctime and "
+"mtime. If they are younger than, lets say 30 seconds, they were just created "
+"by B<squid> and should not be removed."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:251
+msgid ""
+"2) Add a query before purging objects or removing files, and add another "
+"option to remove nagging for the experienced user."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:253
+msgid "3) The reported object size may be off by one."
+msgstr ""
+
+#. type: Plain text
+#: tools/purge/purge.1:256 tools/squidclient/squidclient.1:232
+#, fuzzy
+#| msgid "This program was written by"
+msgid "This program and manual was written by"
+msgstr "Эта программа была написана"
+
+#. type: Plain text
+#: tools/purge/purge.1:260
+#, fuzzy
+#| msgid "Based on original code by"
+msgid "Based on original squidpurge README."
+msgstr "Основан на оригинальном коде"
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:5
+msgid "squidclient - A simple HTTP web client tool"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:13 tools/squidclient/squidclient.1:17
+#: tools/squidclient/squidclient.1:12 tools/squidclient/squidclient.1:16
 msgid "string"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:15
+#: tools/squidclient/squidclient.1:14
 msgid "remote host"
 msgstr "удалённый хост"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:19
+#: tools/squidclient/squidclient.1:18
 msgid "IMS"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:21
+#: tools/squidclient/squidclient.1:20
 msgid "Host header"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:23
-msgid "local host"
-msgstr "локальный хост"
-
-#. type: Plain text
-#: tools/squidclient/squidclient.1:25
+#: tools/squidclient/squidclient.1:24
 msgid "method"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:31 tools/squidclient/squidclient.1:48
+#: tools/squidclient/squidclient.1:30 tools/squidclient/squidclient.1:48
 msgid "count"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:35 tools/squidclient/squidclient.1:37
+#: tools/squidclient/squidclient.1:34 tools/squidclient/squidclient.1:36
 msgid "user"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:39
+#: tools/squidclient/squidclient.1:38
 msgid "version"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:41 tools/squidclient/squidclient.1:43
+#: tools/squidclient/squidclient.1:40 tools/squidclient/squidclient.1:42
 msgid "password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:45
+#: tools/squidclient/squidclient.1:44
 msgid "url"
 msgstr ""
 
@@ -3900,7 +4571,22 @@ msgid "interval"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:60
+#: tools/squidclient/squidclient.1:55
+msgid "CA certificates file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:57
+msgid "client X.509 certificate file"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:59
+msgid "TLS session parameters"
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:69
 msgid ""
 "B<squidclient> is a tool providing a command line interface for retrieving "
 "URLs.  Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.  "
@@ -3910,169 +4596,196 @@ msgid ""
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:65
+#: tools/squidclient/squidclient.1:74
 msgid "Do NOT include Accept: header."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:71
+#: tools/squidclient/squidclient.1:80
 msgid ""
 "Send B<string> as User-Agent: header. To omit the header completely set "
 "string to empty ('')."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:76
-msgid "Retrieve URL from cache on hostname.  Default is B<localhost>"
+#: tools/squidclient/squidclient.1:85
+msgid "Retrieve URL from server host.  Default is B<localhost>"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:82
-msgid "Extra headers to send. Use B<'\\n'> for new lines."
+#: tools/squidclient/squidclient.1:91
+msgid "Extra headers to send. Use B<'\\en'> for new lines."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:86
+#: tools/squidclient/squidclient.1:95
 msgid "If-Modified-Since time (in Epoch seconds)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:90
+#: tools/squidclient/squidclient.1:99
 msgid "Host header content"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:94
+#: tools/squidclient/squidclient.1:103
 msgid ""
 "Keep the connection active. Default is to do only one request then close."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:98
+#: tools/squidclient/squidclient.1:107
 msgid "Specify a local IP address to bind to.  Default is none."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:113
-#, no-wrap
+#: tools/squidclient/squidclient.1:122
 msgid ""
-"Request method, default is\n"
-"I<GET.>\n"
-"Squid also supports a non-standard method called\n"
-"I<PURGE.>\n"
-"You can use that to purge a specific URL from the cache.\n"
-"You need to have\n"
-"I<purge>\n"
-"access setup in\n"
-"B<squid.conf>\n"
-"similar to\n"
-"I<manager>\n"
-" access. Here is an example:\n"
+"Request method, default is I<GET.> Squid also supports a non-standard method "
+"called I<PURGE.> You can use that to purge a specific URL from the cache.  "
+"You need to have I<purge> access setup in B<squid.conf> similar to "
+"I<manager> access. Here is an example:"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:121
+#: tools/squidclient/squidclient.1:130
 msgid "Proxy Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:123 tools/squidclient/squidclient.1:129
+#: tools/squidclient/squidclient.1:132 tools/squidclient/squidclient.1:138
 msgid "Use kinit username@DOMAIN first to get initial TGS."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:127
+#: tools/squidclient/squidclient.1:136
 msgid "WWW Negotiate(Kerberos) authentication."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:133
+#: tools/squidclient/squidclient.1:143
 msgid "Port number of cache.  Default is 3128."
 msgstr "Номер аорта кэширующего прокси-сервера. По умолчанию 3128."
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:137
+#: tools/squidclient/squidclient.1:147
 msgid "Request body. Using the named file as data."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:141
+#: tools/squidclient/squidclient.1:151
 msgid "Force cache to reload URL."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:145
+#: tools/squidclient/squidclient.1:155
 msgid "Silent.  Do not print data to stdout."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:151
+#: tools/squidclient/squidclient.1:161
 msgid "Trace I<count> HTTP relay or proxy hops"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:155
+#: tools/squidclient/squidclient.1:165
 msgid "Timeout value (seconds) for read/write operations."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:159
+#: tools/squidclient/squidclient.1:169
 msgid "Proxy authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:163
+#: tools/squidclient/squidclient.1:173
 msgid "WWW authentication username"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:167
+#: tools/squidclient/squidclient.1:177
 msgid "Verbose. Print outgoing message to stderr."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:171
+#: tools/squidclient/squidclient.1:181
 msgid "HTTP Version. Use '-' for HTTP/0.9 omitted case"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:175
+#: tools/squidclient/squidclient.1:185
 msgid "Proxy authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:179
+#: tools/squidclient/squidclient.1:189
 msgid "WWW authentication password"
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:184
+#: tools/squidclient/squidclient.1:193
+msgid "Use Transport Layer Security on the HTTP connection."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:197
+msgid "Use TLS with unauthenticated (anonymous) certificate."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:202
+msgid ""
+"File containing client X.509 certificate in PEM format.  May be repeated to "
+"load several client certificates."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:207
+msgid ""
+"File containing trusted Certificate Authority (CA) certificates in PEM "
+"format.  May be repeated to load any number of files."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:212
+msgid ""
+"TLS library specific parameters for the communication session.  See the "
+"library documentation for details on valid parameters."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:214
+msgid "If repeated only the last value will have effect."
+msgstr ""
+
+#. type: Plain text
+#: tools/squidclient/squidclient.1:219
 msgid ""
 "Enable ping mode. Optional -g and -I parameters must follow immediately if "
 "used.  Repeated use resets to default ping settings."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:190
+#: tools/squidclient/squidclient.1:225
 msgid ""
-"Ping mode, perform I<count> iterations (default is to loop until "
-"interrupted)."
+"Ping mode, perform.I count iterations (default is to loop until interrupted)."
 msgstr ""
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:194
+#: tools/squidclient/squidclient.1:229
 msgid "Ping interval in seconds (default 1 second)."
 msgstr "Интервал ping в секундах (по умолчанию 1 секунда)"
 
 #. type: Plain text
-#: tools/squidclient/squidclient.1:200
+#: tools/squidclient/squidclient.1:236
 msgid ""
-"Derived from Harvest. Further developed by by numerous individuals from the "
-"internet community. Development is led by Duane Wessels of the National "
-"Laboratory for Applied Network Research and funded by the National Science "
-"Foundation."
+"Based on original code derived from Harvest and further developed by "
+"numerous individuals from the internet community."
 msgstr ""
 
+#~ msgid "local host"
+#~ msgstr "локальный хост"
+
 #~ msgid "CONFGURATION"
 #~ msgstr "КОНФИГУРИРОВАНИЕ"
 
diff --git a/errors/af.po b/errors/af.po
index ef7eb24717..d8c05d8bef 100644
--- a/errors/af.po
+++ b/errors/af.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 11:16+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: translate-discuss-af@lists.sourceforge.net\n"
@@ -351,7 +351,7 @@ msgstr "\"Content-Length\" ontbreek vir POST- of PUT-navrae."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ar.po b/errors/ar.po
index a988a2ea9e..54b3b86991 100644
--- a/errors/ar.po
+++ b/errors/ar.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 12:16+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Arabic <ar@li.org>\n"
@@ -345,7 +345,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/az.po b/errors/az.po
index 2f33a1c80b..c2cd74ed5c 100644
--- a/errors/az.po
+++ b/errors/az.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 11:36+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -357,7 +357,7 @@ msgstr "POST və PUT sorğuları üçün Content-Length göstərilməmişdir"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/bg.po b/errors/bg.po
index bb51d4dc5c..5b796c2150 100644
--- a/errors/bg.po
+++ b/errors/bg.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 12:25+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -360,7 +360,7 @@ msgstr "Липсващо поле Content-Length за заявка от тип P
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ca.po b/errors/ca.po
index 88f00df8c5..bfbe88dd74 100644
--- a/errors/ca.po
+++ b/errors/ca.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 12:21+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -356,7 +356,7 @@ msgstr "Falta el camp <q>Content-Length</q>."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/cs.po b/errors/cs.po
index 5e0cafa639..031c9dc3aa 100644
--- a/errors/cs.po
+++ b/errors/cs.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-11-02 11:01+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -355,7 +355,7 @@ msgstr "Chybí 'Content-Lenght' požadavku POST nebo PUT."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/da.po b/errors/da.po
index 134a6f254b..8709239871 100644
--- a/errors/da.po
+++ b/errors/da.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:08+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -353,7 +353,7 @@ msgstr "Content-Length mangler til POST eller PUT foresp&oslash;rgsler"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/de.po b/errors/de.po
index d6c0ce4d5b..c1f9caa136 100644
--- a/errors/de.po
+++ b/errors/de.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2012-06-12 13:28+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -361,7 +361,7 @@ msgstr "Content-Length fehlt für POST oder PUT Anfragen."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/el.po b/errors/el.po
index c176e45371..2fc105b13d 100644
--- a/errors/el.po
+++ b/errors/el.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:08+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -356,7 +356,7 @@ msgstr "Έλειπες Περιεχόμενο- Μήκος για τις αιτή
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/en.po b/errors/en.po
index 9afef07249..d5665af48c 100644
--- a/errors/en.po
+++ b/errors/en.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2012-02-24 15:36+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -360,7 +360,7 @@ msgstr "Content-Length missing for POST or PUT requests."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
@@ -1008,9 +1008,8 @@ msgid "The server responded with:"
 msgstr "The server responded with:"
 
 #: templates/ERR_SECURE_CONNECT_FAIL+html.body.div.div.p:28
-#, fuzzy
 msgid "The system returned:"
-msgstr "The system returned: <i>%E</i>"
+msgstr "The system returned:"
 
 #: templates/ERR_CONNECT_FAIL+html.body.div.p:27
 #: templates/ERR_ICAP_FAILURE+html.body.div.p:27
@@ -1235,9 +1234,8 @@ msgid "Unsupported HTTP version"
 msgstr "Unsupported HTTP version"
 
 #: templates/ERR_PROTOCOL_UNKNOWN+html.body.div.blockquote.p:24
-#, fuzzy
 msgid "Unsupported Protocol"
-msgstr "Unsupported HTTP version"
+msgstr "Unsupported Protocol"
 
 #: templates/ERR_UNSUP_REQ+html.body.div.blockquote.p:24
 msgid "Unsupported Request Method and Protocol"
diff --git a/errors/errpages.pot b/errors/errpages.pot
index 5cdb5ad5e2..e6c80ac2f1 100644
--- a/errors/errpages.pot
+++ b/errors/errpages.pot
@@ -1,16 +1,16 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: Squid-3\n"
+"Project-Id-Version: Squid-5\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
+"Language-Team: Squid Developers <squid-dev@lists.squid-cache.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Translate Toolkit 1.13.0\n"
+"X-Generator: Translate Toolkit 2.0.0\n"
 
 #: templates/ERR_SECURE_CONNECT_FAIL+html.body.div.div.blockquote.p:31
 msgid "%D"
@@ -335,7 +335,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/es.po b/errors/es.po
index d097ebe2e9..89041252e5 100644
--- a/errors/es.po
+++ b/errors/es.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-08-17 06:57+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Spanish <es@li.org>\n"
@@ -363,7 +363,7 @@ msgstr "Falta Content-Length en las peticiones POST o PUT"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/et.po b/errors/et.po
index 02bb28e9b4..53ebf0fda2 100644
--- a/errors/et.po
+++ b/errors/et.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:08+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -356,7 +356,7 @@ msgstr "POST v&otilde;i PUT p&auml;ringutel puudub Content-Length"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/fa.po b/errors/fa.po
index 577d8fb8ed..b78829a4e4 100644
--- a/errors/fa.po
+++ b/errors/fa.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 14:45+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -353,7 +353,7 @@ msgstr "طول محتویات درخواست برای PUT  یا POST کم است
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/fi.po b/errors/fi.po
index 7783d1e0d9..e236cc3642 100644
--- a/errors/fi.po
+++ b/errors/fi.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:25+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -349,7 +349,7 @@ msgstr "<q>Content-Length</q> puuttuu POST- tai PUT-hakupyynnostä"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/fr.po b/errors/fr.po
index a3d6f089af..a62e858cb1 100644
--- a/errors/fr.po
+++ b/errors/fr.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:24+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -362,7 +362,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/he.po b/errors/he.po
index 16685370c1..68fa1ca4c5 100644
--- a/errors/he.po
+++ b/errors/he.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-09-14 14:07+0200\n"
 "Last-Translator: Administrator <>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -350,7 +350,7 @@ msgstr "חסר Content-Length בשביל בקשות POST או PUT"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/hu.po b/errors/hu.po
index f0b4b5c619..78201b0174 100644
--- a/errors/hu.po
+++ b/errors/hu.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2012-02-28 20:29+0200\n"
 "Last-Translator: Gergely <mail.gery@gmail.com>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -354,7 +354,7 @@ msgstr "Hiányzó „Content-Length” fejléc a POST vagy PUT kérésben"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/hy.po b/errors/hy.po
index c451ef3a84..a3f75d7207 100644
--- a/errors/hy.po
+++ b/errors/hy.po
@@ -3,7 +3,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 11:58+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Arthur Tumanyan\n"
@@ -356,7 +356,7 @@ msgstr "POST կամ PUT հարցումների համար Content-Length չի ն
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/id.po b/errors/id.po
index db357280af..cd787d98ad 100644
--- a/errors/id.po
+++ b/errors/id.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:12+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Indonesian <id@li.org>\n"
@@ -364,7 +364,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/it.po b/errors/it.po
index 121ca4f300..9047b267b2 100644
--- a/errors/it.po
+++ b/errors/it.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-11-10 22:27+0200\n"
 "Last-Translator: Francesco <gkinkie@gmail.com>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -369,7 +369,7 @@ msgstr "La richiesta di tipo POST o PUT non contiene il campo Content-Length."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ja.po b/errors/ja.po
index d12c2af368..b8ac5ed027 100644
--- a/errors/ja.po
+++ b/errors/ja.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:08+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -358,7 +358,7 @@ msgstr "Content-Lengthヘッダが、POSTまたはPUTの要求に含まれてい
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ka.po b/errors/ka.po
index 6d1c2cbec2..4b4b897559 100644
--- a/errors/ka.po
+++ b/errors/ka.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:16+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -336,7 +336,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ko.po b/errors/ko.po
index 2ef2b46f3a..9594011122 100644
--- a/errors/ko.po
+++ b/errors/ko.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:09+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -351,7 +351,7 @@ msgstr "POST나 PUT 요청일 경우 Content-Length가 빠져 있다."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/lt.po b/errors/lt.po
index 67749a81dc..7ba3edc0c5 100644
--- a/errors/lt.po
+++ b/errors/lt.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:09+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -352,7 +352,7 @@ msgstr "Trūksta Content-Length parametro POST arba PUT užklausoje"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/lv.po b/errors/lv.po
index 128fc2c09b..c1a1170054 100644
--- a/errors/lv.po
+++ b/errors/lv.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2009-10-28 12:47+0000\n"
 "Last-Translator: Mārtiņš Bruņenieks <Unknown>\n"
 "Language-Team: Latvian <lv@li.org>\n"
@@ -362,7 +362,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ms.po b/errors/ms.po
index c7601e8a2d..b8f6fcc810 100644
--- a/errors/ms.po
+++ b/errors/ms.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:40+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Malay <ms@li.org>\n"
@@ -353,7 +353,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/nl.po b/errors/nl.po
index 32ea1feff5..bcbe2e2ed1 100644
--- a/errors/nl.po
+++ b/errors/nl.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:29+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Dutch <nl@li.org>\n"
@@ -362,7 +362,7 @@ msgstr "De Content-Length ontbreekt voor het POST of PUT verzoek."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/oc.po b/errors/oc.po
index 9c1cbd1097..0156274071 100644
--- a/errors/oc.po
+++ b/errors/oc.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -337,7 +337,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/pl.po b/errors/pl.po
index 5bb873b300..c999b463bc 100644
--- a/errors/pl.po
+++ b/errors/pl.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:10+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -354,7 +354,7 @@ msgstr "Brak pola Content-Length  dla metod POST lub PUT"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/pt-br.po b/errors/pt-br.po
index 72496810d9..d66730619c 100644
--- a/errors/pt-br.po
+++ b/errors/pt-br.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2012-03-30 20:25+0200\n"
 "Last-Translator: Aecio F. <aecioneto@gmail.com>\n"
 "Language-Team: Brazilian Portuguese <pt_BR@li.org>\n"
@@ -364,7 +364,7 @@ msgstr "Content-Length faltando para requisições POST ou PUT."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/pt.po b/errors/pt.po
index abc2d1c004..90ff024204 100644
--- a/errors/pt.po
+++ b/errors/pt.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 14:34+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -361,7 +361,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ro.po b/errors/ro.po
index 522e17423c..1bb5e5585d 100644
--- a/errors/ro.po
+++ b/errors/ro.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-03-20 14:31+0200\n"
 "Last-Translator: Arthur <arthur@psw.ro>\n"
 "Language-Team: Romanian <ro@li.org>\n"
@@ -364,7 +364,7 @@ msgstr "Content-Length lipseşte pentru cererile POST sau PUT."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/ru.po b/errors/ru.po
index 0956f3b98d..0835cfd89c 100644
--- a/errors/ru.po
+++ b/errors/ru.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-08-17 06:54+0200\n"
 "Last-Translator: Amos <squid3@treenet.co.nz>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -350,7 +350,7 @@ msgstr "В запросе POST или PUT отсутствует заголов
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/sk.po b/errors/sk.po
index 9892988191..12844412ee 100644
--- a/errors/sk.po
+++ b/errors/sk.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-03-20 16:06+0200\n"
 "Last-Translator: helix84 <helix84@centrum.sk>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -356,7 +356,7 @@ msgstr "Chýbajúca položka Content-Length pre požiadavky POST alebo PUT."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/sl.po b/errors/sl.po
index 3c17e70333..f3e10fb04c 100644
--- a/errors/sl.po
+++ b/errors/sl.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-05-24 08:57+0200\n"
 "Last-Translator: Aleksa <susulic@gmail.com>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -353,7 +353,7 @@ msgstr "Manjka podatek Content-Length za zahteve POST ali PUT."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/sr-cyrl.po b/errors/sr-cyrl.po
index d008b69bb2..2c43e4cb22 100644
--- a/errors/sr-cyrl.po
+++ b/errors/sr-cyrl.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -337,7 +337,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/sr-latn.po b/errors/sr-latn.po
index 9c77da2f94..804bfc762a 100644
--- a/errors/sr-latn.po
+++ b/errors/sr-latn.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:15+0200\n"
 "Last-Translator: Francesco <kinkie@squid-cache.org>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -358,7 +358,7 @@ msgstr "Nedostaje dužina sadržaja za POST ili PUT zahtev."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/sv.po b/errors/sv.po
index b4721c326e..7ddc0c44e1 100644
--- a/errors/sv.po
+++ b/errors/sv.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:15+0200\n"
 "Last-Translator: Francesco <kinkie@squid-cache.org>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -361,7 +361,7 @@ msgstr "Content-Length saknas i POST eller PUT beg&auml;ran."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/th.po b/errors/th.po
index 4303a978d3..ca1508cfb5 100644
--- a/errors/th.po
+++ b/errors/th.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2009-06-11 06:25+0000\n"
 "Last-Translator: Anon Sricharoenchai <Unknown>\n"
 "Language-Team: Thai <th@li.org>\n"
@@ -346,7 +346,7 @@ msgstr "ไม่ได้ระบุ Content-Length ในการสั่
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/tr.po b/errors/tr.po
index 2a5f1f7144..746524142a 100644
--- a/errors/tr.po
+++ b/errors/tr.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 13:11+0200\n"
 "Last-Translator: Francesco <kinkie@squid-cache.org>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -356,7 +356,7 @@ msgstr "Content-Length, POST veya PUT istekleri için eksik."
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/uk.po b/errors/uk.po
index d7373f564f..73c4dc7938 100644
--- a/errors/uk.po
+++ b/errors/uk.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2013-10-31 12:26+0200\n"
 "Last-Translator: Francesco <kinkie@squid-cache.org>\n"
 "Language-Team: Ukrainian <uk@li.org>\n"
@@ -361,7 +361,7 @@ msgstr "Заголовок Content-Length відсутній для запиті
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/uz.po b/errors/uz.po
index 9fab2c7985..4ae46ca326 100644
--- a/errors/uz.po
+++ b/errors/uz.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: squid\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2009-03-14 16:45+0000\n"
 "Last-Translator: Akmal Xushvaqov <akmalxster@gmail.com>\n"
 "Language-Team: Uzbek <uz@li.org>\n"
@@ -356,7 +356,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/vi.po b/errors/vi.po
index 32316b3609..4488d9a157 100644
--- a/errors/vi.po
+++ b/errors/vi.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2010-04-28 16:17+0200\n"
 "Last-Translator:  <clytie@riverland.net.au>\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -347,7 +347,7 @@ msgstr ""
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/zh-hans.po b/errors/zh-hans.po
index b92ee17136..ad33658cef 100644
--- a/errors/zh-hans.po
+++ b/errors/zh-hans.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:10+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -346,7 +346,7 @@ msgstr "POST 或 PUT 请求中丢失内容长度(Content-Length)。"
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/errors/zh-hant.po b/errors/zh-hant.po
index 0c4f6a6db9..4151d3f535 100644
--- a/errors/zh-hant.po
+++ b/errors/zh-hant.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Squid-3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-08-17 18:15+1300\n"
+"POT-Creation-Date: 2017-05-29 22:56+1300\n"
 "PO-Revision-Date: 2011-07-15 08:10+0200\n"
 "Last-Translator: Anonymous Pootle User\n"
 "Language-Team: Squid Developers <squid-dev@squid-cache.org>\n"
@@ -348,7 +348,7 @@ msgstr "Content-Length: 缺少 POST 或 PUT 要求 "
 #: templates/ERR_URN_RESOLVE+html.head.meta:-1
 #: templates/ERR_WRITE_ERROR+html.head.meta:-1
 #: templates/ERR_ZERO_SIZE_OBJECT+html.head.meta:-1
-msgid "Copyright (C) 1996-2016 The Squid Software Foundation and contributors"
+msgid "Copyright (C) 1996-2017 The Squid Software Foundation and contributors"
 msgstr ""
 
 #: templates/error-details.txt+X509_V_ERR_DIFFERENT_CRL_SCOPE.descr:181
diff --git a/po4a.conf b/po4a.conf
index b11d5533cd..6f93f2cbca 100644
--- a/po4a.conf
+++ b/po4a.conf
@@ -2,46 +2,50 @@
 
 [po4a_paths] doc/manuals/manuals.pot $lang:doc/manuals/$lang.po
 
-[type: man] helpers/basic_auth/getpwnam/basic_getpwnam_auth.8 $lang:doc/manuals/$lang/basic_getpwnam_auth.8
+[type: man] src/acl/external/AD_group/ext_ad_group_acl.8 $lang:doc/manuals/$lang/ext_ad_group_acl.8
 
-[type: man] helpers/basic_auth/LDAP/basic_ldap_auth.8 $lang:doc/manuals/$lang/basic_ldap_auth.8
+[type: man] src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.8 $lang:doc/manuals/$lang/ext_edirectory_userip_acl.8
 
-[type: man] helpers/basic_auth/NCSA/basic_ncsa_auth.8 $lang:doc/manuals/$lang/basic_ncsa_auth.8
+[type: man] src/acl/external/file_userip/ext_file_userip_acl.8 $lang:doc/manuals/$lang/ext_file_userip_acl.8
 
-[type: man] helpers/basic_auth/PAM/basic_pam_auth.8 $lang:doc/manuals/$lang/basic_pam_auth.8
+[type: man] src/acl/external/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 $lang:doc/manuals/$lang/ext_kerberos_ldap_group_acl.8
 
-[type: man] helpers/basic_auth/RADIUS/basic_radius_auth.8 $lang:doc/manuals/$lang/basic_radius_auth.8
+[type: man] src/acl/external/LDAP_group/ext_ldap_group_acl.8 $lang:doc/manuals/$lang/ext_ldap_group_acl.8
 
-[type: man] helpers/basic_auth/SASL/basic_sasl_auth.8 $lang:doc/manuals/$lang/basic_sasl_auth.8
+[type: man] src/acl/external/LM_group/ext_lm_group_acl.8 $lang:doc/manuals/$lang/ext_lm_group_acl.8
 
-[type: man] helpers/basic_auth/SSPI/basic_sspi_auth.8 $lang:doc/manuals/$lang/basic_sspi_auth.8
+[type: man] src/acl/external/session/ext_session_acl.8 $lang:doc/manuals/$lang/ext_session_acl.8
 
-[type: man] helpers/digest_auth/file/digest_file_auth.8 $lang:doc/manuals/$lang/digest_file_auth.8
+[type: man] src/acl/external/time_quota/ext_time_quota_acl.8 $lang:doc/manuals/$lang/ext_time_quota_acl.8
 
-[type: man] helpers/external_acl/AD_group/ext_ad_group_acl.8 $lang:doc/manuals/$lang/ext_ad_group_acl.8
+[type: man] src/acl/external/unix_group/ext_unix_group_acl.8 $lang:doc/manuals/$lang/ext_unix_group_acl.8
 
-[type: man] helpers/external_acl/eDirectory_userip/ext_edirectory_userip_acl.8 $lang:doc/manuals/$lang/ext_edirectory_userip_acl.8
+[type: man] src/auth/basic/getpwnam/basic_getpwnam_auth.8 $lang:doc/manuals/$lang/basic_getpwnam_auth.8
 
-[type: man] helpers/external_acl/file_userip/ext_file_userip_acl.8 $lang:doc/manuals/$lang/ext_file_userip_acl.8
+[type: man] src/auth/basic/LDAP/basic_ldap_auth.8 $lang:doc/manuals/$lang/basic_ldap_auth.8
 
-[type: man] helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 $lang:doc/manuals/$lang/ext_kerberos_ldap_group_acl.8
+[type: man] src/auth/basic/NCSA/basic_ncsa_auth.8 $lang:doc/manuals/$lang/basic_ncsa_auth.8
 
-[type: man] helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 $lang:doc/manuals/$lang/ext_ldap_group_acl.8
+[type: man] src/auth/basic/PAM/basic_pam_auth.8 $lang:doc/manuals/$lang/basic_pam_auth.8
 
-[type: man] helpers/external_acl/LM_group/ext_lm_group_acl.8 $lang:doc/manuals/$lang/ext_lm_group_acl.8
+[type: man] src/auth/basic/RADIUS/basic_radius_auth.8 $lang:doc/manuals/$lang/basic_radius_auth.8
 
-[type: man] helpers/external_acl/session/ext_session_acl.8 $lang:doc/manuals/$lang/ext_session_acl.8
+[type: man] src/auth/basic/SASL/basic_sasl_auth.8 $lang:doc/manuals/$lang/basic_sasl_auth.8
 
-[type: man] helpers/external_acl/time_quota/ext_time_quota_acl.8 $lang:doc/manuals/$lang/ext_time_quota_acl.8
+[type: man] src/auth/basic/SSPI/basic_sspi_auth.8 $lang:doc/manuals/$lang/basic_sspi_auth.8
 
-[type: man] helpers/external_acl/unix_group/ext_unix_group_acl.8 $lang:doc/manuals/$lang/ext_unix_group_acl.8
+[type: man] src/auth/digest/file/digest_file_auth.8 $lang:doc/manuals/$lang/digest_file_auth.8
 
-[type: man] helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 $lang:doc/manuals/$lang/negotiate_kerberos_auth.8
+[type: man] src/auth/negotiate/kerberos/negotiate_kerberos_auth.8 $lang:doc/manuals/$lang/negotiate_kerberos_auth.8
 
-[type: man] helpers/ntlm_auth/SSPI/ntlm_sspi_auth.8 $lang:doc/manuals/$lang/ntlm_sspi_auth.8
+[type: man] src/auth/ntlm/SSPI/ntlm_sspi_auth.8 $lang:doc/manuals/$lang/ntlm_sspi_auth.8
+
+[type: man] src/security/cert_generators/file/security_file_certgen.8.in $lang:doc/manuals/$lang/security_file_certgen.8.in
 
 [type: man] src/squid.8.in $lang:doc/manuals/$lang/squid.8.in
 
 [type: man] tools/cachemgr.cgi.8.in $lang:doc/manuals/$lang/cachemgr.cgi.8.in
 
+[type: man] tools/purge/purge.1 $lang:doc/manuals/$lang/purge.1
+
 [type: man] tools/squidclient/squidclient.1 $lang:doc/manuals/$lang/squidclient.1
diff --git a/scripts/update-pot.sh b/scripts/update-pot.sh
index c18d0181f6..6aa3fbc016 100755
--- a/scripts/update-pot.sh
+++ b/scripts/update-pot.sh
@@ -42,9 +42,9 @@ done
 # merge and sort the per-page .pot into a single master
 msgcat ./pot/*.pot -s -o errpages.pot.new &&
 	(
-	cat errpages.pot.new | 
-	sed s/PACKAGE\ VERSION/Squid-3/ |
-	sed s/LANGUAGE\ \<LL\@li\.org\>/Squid\ Developers\ \<squid-dev\@squid-cache\.org\>/
+	cat errpages.pot.new |
+	sed s/PACKAGE\ VERSION/Squid-5/ |
+	sed s/LANGUAGE\ \<LL\@li\.org\>/Squid\ Developers\ \<squid-dev\@lists.squid-cache\.org\>/
 	) >errpages.pot
 
 ## Update all existing dictionaries with the new content ...
@@ -55,6 +55,7 @@ for f in `ls -1 ./*.po` ; do
 	mv ${f}.new ${f}
 done
 
+exit 1
 # cleanup.
 rm -rf pot
 rm -f errpages.pot.new
@@ -66,7 +67,18 @@ cd ..
 
 # Build the po4a.conf
 cat doc/po4a.cnf >po4a.conf
-for f in `ls -1 helpers/*/*/*.8 src/*.8.in tools/*/*.1 tools/*.8.in` ; do
+for f in `ls -1 \
+	src/*.8.in \
+	src/auth/*/*/*.8 \
+	src/acl/external/*/*.8 \
+	src/http/url_rewriters/*/*.8 \
+	src/log/*/*.8 \
+	src/security/*/*/*.8 \
+	src/security/*/*/*.8.in \
+	src/src/store/id_rewriters/*/*.8 \
+	tools/*/*.1 \
+	tools/*.8.in \
+` ; do
 	echo "" >>po4a.conf
 	manp=`basename ${f}`
 	echo "[type: man] ${f} \$lang:doc/manuals/\$lang/${manp}" >>po4a.conf
@@ -76,9 +88,9 @@ done
 po4a --no-translations -o groff_code=verbatim --verbose po4a.conf
 
 (
-	cat doc/manuals/manuals.pot | 
-	sed s/PACKAGE\ VERSION/Squid-3/ |
-	sed s/LANGUAGE\ \<LL\@li\.org\>/Squid\ Developers\ \<squid-dev\@squid-cache\.org\>/
+	cat doc/manuals/manuals.pot |
+	sed s/PACKAGE\ VERSION/Squid-5/ |
+	sed s/LANGUAGE\ \<LL\@li\.org\>/Squid\ Developers\ \<squid-dev\@lists.squid-cache\.org\>/
 ) >doc/manuals/manuals.pot.tmp
 mv doc/manuals/manuals.pot.tmp doc/manuals/manuals.pot
 
diff --git a/tools/purge/purge.1 b/tools/purge/purge.1
index 72d54eb33c..5cfbea3630 100644
--- a/tools/purge/purge.1
+++ b/tools/purge/purge.1
@@ -258,7 +258,7 @@ This program and manual was written by
 .PP
 Based on original squidpurge README.
 .
-..SH COPYRIGHT
+.SH COPYRIGHT
 .PP
  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
  *