#=====================================================================
#  Licensed to the Apache Software Foundation (ASF) under one or more
#  contributor license agreements.  See the NOTICE file distributed with
#  this work for additional information regarding copyright ownership.
#  The ASF licenses this file to You under the Apache License, Version 2.0
#  (the "License"); you may not use this file except in compliance with
#  the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#=====================================================================
#
# $Rev$ $Date$
#
# SQL realm has special edit logic; don't bother with full list
module.sql.name=Database (SQL) Realm
module.sql.class=org.apache.geronimo.security.realm.providers.SQLLoginModule
# Properties File
module.props.name=Properties File Realm
module.props.class=org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
module.props.field.usersURI.displayOrder=1
module.props.field.usersURI.displayName=Users File URI
module.props.field.usersURI.description=The location of a properties file (relative to the Geronimo home dir) holding user/password information.  The format of each line should be <tt>username=password</tt>.
module.props.field.usersURI.length=50
module.props.field.groupsURI.displayOrder=2
module.props.field.groupsURI.displayName=Groups File URI
module.props.field.groupsURI.description=The location of a properties file (relative to the Geronimo home dir) holding group information.  The format of each line should be <tt>group=user,user,...</tt>.
module.props.field.groupsURI.length=50
module.props.field.digest.displayOrder=3
module.props.field.digest.displayName=Digest Algorithm
module.props.field.digest.description=Message Digest algorithm (e.g. MD5, SHA1, etc.) used on the passwords.  Leave this field empty if no digest algorithm is used.
module.props.field.digest.length=10
module.props.field.digest.blankAllowed=true
module.props.field.encoding.displayOrder=4
module.props.field.encoding.displayName=Digest Encoding
module.props.field.encoding.description=Encoding to use for digests (e.g. hex, base64).  This is used only if a Message Digest algorithm is specified.  If no encoding is specified, hex will be used.
module.props.field.encoding.length=10
module.props.field.encoding.blankAllowed=true
# LDAP
module.ldap.name=LDAP Realm
module.ldap.class=org.apache.geronimo.security.realm.providers.LDAPLoginModule
module.ldap.field.initialContextFactory.displayOrder=1
module.ldap.field.initialContextFactory.displayName=Initial Context Factory
module.ldap.field.initialContextFactory.description=The fully-qualified class name of the initial context factory.  If you don't know what to use here, you should use <tt>com.sun.jndi.ldap.LdapCtxFactory</tt>.
module.ldap.field.initialContextFactory.length=60
module.ldap.field.connectionURL.displayOrder=2
module.ldap.field.connectionURL.displayName=Connection URL
module.ldap.field.connectionURL.description=A URL the describes how to connect to the LDAP server.  Normally this would be <tt>ldap://ldap-server-hostname:389</tt> (or for the Apache directory server included with Geronimo, <tt>ldap://localhost:1389</tt>).
module.ldap.field.connectionURL.length=50
module.ldap.field.connectionUsername.displayOrder=3
module.ldap.field.connectionUsername.displayName=Connect Username
module.ldap.field.connectionUsername.description=The user name used to connect to the LDAP server.  Should be an administrator or Directory manager that has access to examine other users' passwords.
module.ldap.field.connectionUsername.length=20
module.ldap.field.connectionPassword.displayOrder=4
module.ldap.field.connectionPassword.displayName=Connect Password
module.ldap.field.connectionPassword.password=true
module.ldap.field.connectionPassword.description=The password used to connect to the LDAP server.
module.ldap.field.connectionPassword.length=20
module.ldap.field.connectionProtocol.displayOrder=5
module.ldap.field.connectionProtocol.displayName=Connect Protocol
module.ldap.field.connectionProtocol.description=The connection protocol used to communicate with the LDAP server.  Normally left blank, though it can be set to <tt>ssl</tt> if the server supports it.
module.ldap.field.connectionProtocol.length=10
module.ldap.field.connectionProtocol.blankAllowed=true
module.ldap.field.authentication.displayOrder=6
module.ldap.field.authentication.displayName=Authentication
module.ldap.field.authentication.description=The security level to use, which can be <tt>none</tt>, <tt>simple</tt>, or <tt>strong</tt> (the usual value is <tt>simple</tt>.  If this property is unspecified, the behavior is determined by the service provider.
module.ldap.field.authentication.length=10
module.ldap.field.authentication.blankAllowed=true
module.ldap.field.userBase.displayOrder=7
module.ldap.field.userBase.displayName=User Base
module.ldap.field.userBase.description=The base LDAP context (location) to search for users.  The search may look in this location only, or there and all subcontexts, depending on the settings for "User Search Subtree" below.
module.ldap.field.userBase.length=40
module.ldap.field.userSearchMatching.displayOrder=8
module.ldap.field.userSearchMatching.displayName=User Search Matching
module.ldap.field.userSearchMatching.description=The LDAP attribute search string used to find the user.  RFC 2254 filters are allowed, and normally the parameter <tt>{0}</tt> is used to identify the username.  A typical value would be <tt>(uid={0})</tt> or <tt>(cn={0})</tt>.
module.ldap.field.userSearchMatching.length=20
module.ldap.field.userSearchSubtree.displayOrder=9
module.ldap.field.userSearchSubtree.displayName=User Search Subtree
module.ldap.field.userSearchSubtree.description=If set to <tt>true</tt>, then subtrees under the "User Base" will be searched for users too.  If set to <tt>false</tt>, then only the "User Base" location itself will be searched.
module.ldap.field.userSearchSubtree.length=10
module.ldap.field.roleBase.displayOrder=10
module.ldap.field.roleBase.displayName=Role Base
module.ldap.field.roleBase.description=The base LDAP context (location) to search for roles.  The search may look in this location only, or there and all subcontexts, depending on the settings for "Role Search Subtree" below.
module.ldap.field.roleBase.length=40
module.ldap.field.roleName.displayOrder=11
module.ldap.field.roleName.displayName=Role Name
module.ldap.field.roleName.description=The LDAP attribute type that corresponds to the the role name.  Often set to <tt>cn</tt>.
module.ldap.field.roleName.length=20
module.ldap.field.roleSearchMatching.displayOrder=12
module.ldap.field.roleSearchMatching.displayName=Role User Search String
module.ldap.field.roleSearchMatching.description=The LDAP attribute search string used on a role to find the users who are members of the role.  This is used when the role has many attributes with the same name, but with different values (one per user).  Normally the parameter <tt>{0}</tt> is used to identify the username.  A typical value would be <tt>(member={0})</tt> or <tt>(memberUID={0})</tt>.
module.ldap.field.roleSearchMatching.length=20
module.ldap.field.roleSearchSubtree.displayOrder=13
module.ldap.field.roleSearchSubtree.displayName=Role Search Subtree
module.ldap.field.roleSearchSubtree.description=If set to <tt>true</tt>, then subtrees under the "Role Base" will be searched for roles too.  If set to <tt>false</tt>, then only the "Role Base" location itself will be searched.
module.ldap.field.roleSearchSubtree.length=10
module.ldap.field.userRoleName.displayOrder=14
module.ldap.field.userRoleName.displayName=User Role Search String
module.ldap.field.userRoleName.description=If the role entry does not have an attribute for users, but instead the user entry has an attribute for roles, this should be used instead of the "Role User Search String".  It names the attribute on a user that lists a role that user is in.  A typical value would be <tt>(memberOf={0})</tt>.
module.ldap.field.userRoleName.length=20
module.ldap.field.userRoleName.blankAllowed=true
# Certificate Properties File
module.certprops.name=Certificate Properties File Realm
module.certprops.class=org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule
module.certprops.field.usersURI.displayOrder=1
module.certprops.field.usersURI.displayName=Users File URI
module.certprops.field.usersURI.description=The location of a properties file (relative to the Geronimo home dir) holding certificate to user mapping information.  The format of each line should be <tt>username=certificatename</tt> where certificate name is <tt>X509Certificate.getSubjectX500Principal().getName()</tt>
module.certprops.field.usersURI.length=50
module.certprops.field.groupsURI.displayOrder=2
module.certprops.field.groupsURI.displayName=Groups File URI
module.certprops.field.groupsURI.description=The location of a properties file (relative to the Geronimo home dir) holding group information.  The format of each line should be <tt>group=user,user,...</tt>.
module.certprops.field.groupsURI.length=50
# TODO: Sun Kerberos Login Module & Properties
# Other realm has special edit logic; don't bother with much at all
module.other.name=Other