summaryrefslogtreecommitdiffstats
path: root/src/man/po/ja.po
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:31:45 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:31:45 +0000
commit74aa0bc6779af38018a03fd2cf4419fe85917904 (patch)
tree9cb0681aac9a94a49c153d5823e7a55d1513d91f /src/man/po/ja.po
parentInitial commit. (diff)
downloadsssd-74aa0bc6779af38018a03fd2cf4419fe85917904.tar.xz
sssd-74aa0bc6779af38018a03fd2cf4419fe85917904.zip
Adding upstream version 2.9.4.upstream/2.9.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/man/po/ja.po')
-rw-r--r--src/man/po/ja.po19900
1 files changed, 19900 insertions, 0 deletions
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
new file mode 100644
index 0000000..5ae596c
--- /dev/null
+++ b/src/man/po/ja.po
@@ -0,0 +1,19900 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Red Hat
+# This file is distributed under the same license as the sssd-docs package.
+#
+# Translators:
+# Tadashi Jokagi <elf@poyo.jp>, 2012
+# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
+# carrotsoft <www.carrotsoft@gmail.com>, 2012
+# Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd-docs 2.3.0\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2024-01-12 13:00+0100\n"
+"PO-Revision-Date: 2021-07-20 07:04+0000\n"
+"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
+"Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
+"sssd-manpage-master/ja/>\n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Weblate 4.7.1\n"
+
+#. type: Content of: <reference><title>
+#: sssd.conf.5.xml:8 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5
+#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5
+#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sssd-krb5.5.xml:5
+#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
+#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
+#: sssd-files.5.xml:5 sssd-session-recording.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-systemtap.5.xml:5 sssd-ldap-attributes.5.xml:5
+#: sssd_krb5_localauth_plugin.8.xml:5
+msgid "SSSD Manual pages"
+msgstr "SSSD マニュアル ページ"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:13 sssd.conf.5.xml:19
+msgid "sssd.conf"
+msgstr "sssd.conf"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:14 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
+#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
+#: sssd-files.5.xml:11 sssd-session-recording.5.xml:11 sssd-systemtap.5.xml:11
+#: sssd-ldap-attributes.5.xml:11
+msgid "5"
+msgstr "5"
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:15 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
+#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
+#: sssd-files.5.xml:12 sssd-session-recording.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-systemtap.5.xml:12 sssd-ldap-attributes.5.xml:12
+msgid "File Formats and Conventions"
+msgstr "ファイル形式および変換"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:20
+msgid "the configuration file for SSSD"
+msgstr "SSSD の設定ファイル"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:24
+msgid "FILE FORMAT"
+msgstr "ファイルフォーマット"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:32
+#, no-wrap
+msgid ""
+"<replaceable>[section]</replaceable>\n"
+"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:27
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues "
+"until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セ"
+"クションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続き"
+"ます。 1 つセクションと複数の値を持つパラメーターの例: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:39
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+"使用されるデータ形式は、文字列(引用符は不要)、整数および論理値"
+"(<quote>TRUE/FALSE</quote> の値)です。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:44
+msgid ""
+"A comment line starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>). Inline comments are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:50
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+"すべてのセクションはオプションの <replaceable>description</replaceable> パラ"
+"メーターを持てます。その機能はセクションのラベルとしてのみです。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:56
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+"<filename>sssd.conf</filename> は、root により所有され、root のみが読み書きで"
+"きる、通常のファイルである必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:62
+msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:65
+msgid ""
+"The configuration file <filename>sssd.conf</filename> will include "
+"configuration snippets using the include directory <filename>conf.d</"
+"filename>. This feature is available if SSSD was compiled with libini "
+"version 1.3.0 or later."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:72
+msgid ""
+"Any file placed in <filename>conf.d</filename> that ends in "
+"<quote><filename>.conf</filename></quote> and does not begin with a dot "
+"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
+"to configure SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:80
+msgid ""
+"The configuration snippets from <filename>conf.d</filename> have higher "
+"priority than <filename>sssd.conf</filename> and will override "
+"<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
+"present in <filename>conf.d</filename>, then they are included in "
+"alphabetical order (based on locale). Files included later have higher "
+"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
+"<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
+"(higher number means higher priority)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:94
+msgid ""
+"The snippet files require the same owner and permissions as <filename>sssd."
+"conf</filename>. Which are by default root:root and 0600."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:101
+msgid "GENERAL OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:103
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:107
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:111
+msgid "debug_level (integer)"
+msgstr "debug_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:115
+msgid "debug (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:118
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:128
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:131
+msgid ""
+"Add a timestamp to the debug messages. If journald is enabled for SSSD "
+"debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358
+#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952
+#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752
+#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366
+#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358
+msgid "Default: true"
+msgstr "初期値: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:141
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:144
+msgid ""
+"Add microseconds to the timestamp in debug messages. If journald is enabled "
+"for SSSD debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949
+#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193
+#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841
+#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106
+#: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432
+#: include/krb5_options.xml:163
+msgid "Default: false"
+msgstr "初期値: false"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:154
+#, fuzzy
+#| msgid "debug_microseconds (bool)"
+msgid "debug_backtrace_enabled (bool)"
+msgstr "debug_microseconds (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:157
+msgid "Enable debug backtrace."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:160
+msgid ""
+"In case SSSD is run with debug_level less than 9, everything is logged to a "
+"ring buffer in memory and flushed to a log file on any error up to and "
+"including `min(0x0040, debug_level)` (i.e. if debug_level is explicitly set "
+"to 0 or 1 then only those error levels will trigger backtrace, otherwise up "
+"to 2)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:169
+msgid ""
+"Feature is only supported for `logger == files` (i.e. setting doesn't have "
+"effect for other logger types)."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658
+#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82
+#: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274
+#: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40
+#: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801
+#: sssd-ldap-attributes.5.xml:890 sssd-ldap-attributes.5.xml:987
+#: sssd-ldap-attributes.5.xml:1045 sssd-ldap-attributes.5.xml:1203
+#: sssd-ldap-attributes.5.xml:1248 include/autofs_attributes.xml:1
+#: include/krb5_options.xml:1
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:182
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:186
+msgid "timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:189
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests. Note "
+"that after three missed heartbeats the process will terminate itself."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270
+msgid "Default: 10"
+msgstr "初期値: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:206
+msgid "SPECIAL SECTIONS"
+msgstr "特別セクション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:209
+msgid "The [sssd] section"
+msgstr "[sssd] セクション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><title>
+#: sssd.conf.5.xml:218
+msgid "Section parameters"
+msgstr "セクションのパラメーター"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:220
+msgid "config_file_version (integer)"
+msgstr "config_file_version (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+"設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバー"
+"ジョン 2 を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:229
+msgid "services"
+msgstr "services"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:232
+msgid ""
+"Comma separated list of services that are started when sssd itself starts. "
+"<phrase condition=\"have_systemd\"> The services' list is optional on "
+"platforms where systemd is supported, as they will either be socket or D-Bus "
+"activated when needed. </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:241
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase> <phrase "
+"condition=\"with_pac_responder\">, pac</phrase> <phrase "
+"condition=\"with_ifp\">, ifp</phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:249
+msgid ""
+"<phrase condition=\"have_systemd\"> By default, all services are disabled "
+"and the administrator must enable the ones allowed to be used by executing: "
+"\"systemctl enable sssd-@service@.socket\". </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:258 sssd.conf.5.xml:784
+msgid "reconnection_retries (integer)"
+msgstr "reconnection_retries (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:261 sssd.conf.5.xml:787
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+"データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきら"
+"める前に試行する回数です。"
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716
+#: include/failover.xml:100
+msgid "Default: 3"
+msgstr "初期値: 3"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:271
+msgid "domains"
+msgstr "domains"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:274
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter describes the list of domains in the order you want "
+"them to be queried. A domain name is recommended to contain only "
+"alphanumeric ASCII characters, dashes, dots and underscores. '/' character "
+"is forbidden."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548
+msgid "re_expression (string)"
+msgstr "re_expression (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
+"Default regular expression that describes how to parse the string containing "
+"user name and domain into these components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:295
+msgid ""
+"Each domain can have an individual regular expression configured. For some "
+"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
+"for more info on these regular expressions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605
+msgid "full_name_format (string)"
+msgstr "full_name_format (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry>-compatible format that describes how to compose a "
+"fully qualified name from user name and domain name components."
+msgstr ""
+"ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す "
+"<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> 互換形式。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619
+msgid "%1$s"
+msgstr "%1$s"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620
+msgid "user name"
+msgstr "ユーザー名"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623
+msgid "%2$s"
+msgstr "%2$s"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626
+msgid "domain name as specified in the SSSD config file."
+msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632
+msgid "%3$s"
+msgstr "%3$s"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635
+msgid ""
+"domain flat name. Mostly usable for Active Directory domains, both directly "
+"configured or discovered via IPA trusts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616
+msgid ""
+"The following expansions are supported: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:344
+msgid ""
+"Each domain can have an individual format string configured. See DOMAIN "
+"SECTIONS for more info on this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:350
+msgid "monitor_resolv_conf (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:353
+msgid ""
+"Controls if SSSD should monitor the state of resolv.conf to identify when it "
+"needs to update its internal DNS resolver."
+msgstr ""
+"内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv."
+"conf の状態を監視するかどうかを制御します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:363
+msgid "try_inotify (boolean)"
+msgstr "try_inotify (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:366
+msgid ""
+"By default, SSSD will attempt to use inotify to monitor configuration files "
+"changes and will fall back to polling every five seconds if inotify cannot "
+"be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:372
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+"inotify を使用することをスキップすることが望ましい、いくつかの制限された状況"
+"があります。これらの珍しい場合では、このオプションが 'false' に設定されるべき"
+"です"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:378
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+"初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラッ"
+"トフォームにおいては偽です。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:382
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+"注: このオプションは inotify が利用不可能なプラットフォームにおいて効果があり"
+"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:389
+msgid "krb5_rcache_dir (string)"
+msgstr "krb5_rcache_dir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
+"クトリーです。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:396
+msgid ""
+"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
+"SSSD to let libkrb5 decide the appropriate location for the replay cache."
+msgstr ""
+"このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められる"
+"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Default: Distribution-specific and specified at build-time. "
+"(__LIBKRB5_DEFAULTS__ if not configured)"
+msgstr ""
+"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな"
+"ければ __LIBKRB5_DEFAULTS__ です)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:409
+msgid "user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:412
+msgid ""
+"The user to drop the privileges to where appropriate to avoid running as the "
+"root user. Currently the only supported value is '&sssd_user_name;'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:419
+msgid ""
+"This option does not work when running socket-activated services, as the "
+"user set up to run the processes is set up during compilation time. The way "
+"to override the systemd unit files is by creating the appropriate files in /"
+"etc/systemd/system/. Keep in mind that any change in the socket user, group "
+"or permissions may result in a non-usable SSSD. The same may occur in case "
+"of changes of the user running the NSS responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:433
+msgid "Default: not set, process will run as root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:438
+msgid "default_domain_suffix (string)"
+msgstr "default_domain_suffix (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid ""
+"This string will be used as a default domain name for all names without a "
+"domain name component. The main use case is environments where the primary "
+"domain is intended for managing host policies and all users are located in a "
+"trusted domain. The option allows those users to log in just with their "
+"user name without giving a domain name as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:451
+msgid ""
+"Please note that if this option is set all users from the primary domain "
+"have to use their fully qualified name, e.g. user@domain.name, to log in. "
+"Setting this option changes default of use_fully_qualified_names to True. It "
+"is not allowed to use this option together with use_fully_qualified_names "
+"set to False. <phrase condition=\"with_files_provider\"> One exception from "
+"this rule are domains with <quote>id_provider=files</quote> that always try "
+"to match the behaviour of nss_files and therefore their output is not "
+"qualified even when the default_domain_suffix option is used. </phrase>"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468
+#: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976
+#: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222
+#: include/krb5_options.xml:148
+msgid "Default: not set"
+msgstr "初期値: 設定されません"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:473
+msgid "override_space (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:476
+msgid ""
+"This parameter will replace spaces (space bar) with the given character for "
+"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
+"&quot;john_doe&quot; This feature was added to help compatibility with shell "
+"scripts that have difficulty handling spaces, due to the default field "
+"separator in the shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:485
+msgid ""
+"Please note it is a configuration error to use a replacement character that "
+"might be used in user or group names. If a name contains the replacement "
+"character SSSD tries to return the unmodified name but in general the result "
+"of a lookup is undefined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:493
+msgid "Default: not set (spaces will not be replaced)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:498
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:506
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:508
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:516
+msgid "soft_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:518
+msgid ""
+"If a connection cannot be established to an OCSP responder the OCSP check is "
+"skipped. This option should be used to allow authentication when the system "
+"is offline and the OCSP responder cannot be reached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:528
+msgid "ocsp_dgst"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:530
+msgid ""
+"Digest (hash) function used to create the certificate ID for the OCSP "
+"request. Allowed values are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:534
+msgid "sha1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:535
+msgid "sha256"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:536
+msgid "sha384"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:537
+msgid "sha512"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:540
+msgid "Default: sha1 (to allow compatibility with RFC5019-compliant responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:546
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:548
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:554
+msgid "partial_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:556
+msgid ""
+"Allow verification to succeed even if a <replaceable>complete</replaceable> "
+"chain cannot be built to a self-signed trust-anchor, provided it is possible "
+"to construct a chain to a trusted certificate that might not be self-signed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:565
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:567
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:577
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:579
+msgid ""
+"This option is currently ignored. All needed certificates must be available "
+"in the PEM file given by pam_cert_db_path."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:587
+msgid "crl_file=/PATH/TO/CRL/FILE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:589
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"Use the Certificate Revocation List (CRL) from the given file during the "
+"verification of the certificate. The CRL must be given in PEM format, see "
+"<citerefentry> <refentrytitle>crl</refentrytitle> <manvolnum>1ssl</"
+"manvolnum> </citerefentry> for details."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:602
+msgid "soft_crl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:605
+msgid ""
+"If a Certificate Revocation List (CRL) is expired ignore the CRL checks for "
+"the related certificates. This option should be used to allow authentication "
+"when the system is offline and the CRL cannot be renewed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:501
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:616
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:619
+msgid "Default: not set, i.e. do not restrict certificate verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:625
+msgid "disable_netlink (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:628
+msgid ""
+"SSSD hooks into the netlink interface to monitor changes to routes, "
+"addresses, links and trigger certain actions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:633
+msgid ""
+"The SSSD state changes caused by netlink events may be undesirable and can "
+"be disabled by setting this option to 'true'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:638
+msgid "Default: false (netlink changes are detected)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:643
+msgid "enable_files_domain (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:646
+msgid ""
+"When this option is enabled, SSSD prepends an implicit domain with "
+"<quote>id_provider=files</quote> before any explicitly configured domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:657
+msgid "domain_resolution_order"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
+msgid ""
+"Comma separated list of domains and subdomains representing the lookup order "
+"that will be followed. The list doesn't have to include all possible "
+"domains as the missing domains will be looked up based on the order they're "
+"presented in the <quote>domains</quote> configuration option. The "
+"subdomains which are not listed as part of <quote>lookup_order</quote> will "
+"be looked up in a random order for each parent domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:672
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input <phrase "
+"condition=\"with_files_provider\"> , for all users but the ones managed by "
+"the files provider </phrase>. In case the administrator wants the output "
+"not fully-qualified, the full_name_format option can be used as shown below: "
+"<quote>full_name_format=%1$s</quote> However, keep in mind that during "
+"login, login applications often canonicalize the username by calling "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> which, if a shortname is returned for a qualified "
+"input (while trying to reach a user which exists in multiple domains) might "
+"re-route the login attempt into the domain which uses shortnames, making "
+"this workaround totally not recommended in cases where usernames may overlap "
+"between domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259
+#: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:705
+#, fuzzy
+#| msgid "ipa_server_mode (boolean)"
+msgid "implicit_pac_responder (boolean)"
+msgstr "ipa_server_mode (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:708
+msgid ""
+"The PAC responder is enabled automatically for the IPA and AD provider to "
+"evaluate and check the PAC. If it has to be disabled set this option to "
+"'false'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:719
+#, fuzzy
+#| msgid "dyndns_update (boolean)"
+msgid "core_dumpable (boolean)"
+msgstr "dyndns_update (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:722
+msgid ""
+"This option can be used for general system hardening: setting it to 'false' "
+"forbids core dumps for all SSSD processes to avoid leaking plain text "
+"passwords. See man page prctl:PR_SET_DUMPABLE for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:734
+#, fuzzy
+#| msgid "ipa_automount_location (string)"
+msgid "passkey_verification (string)"
+msgstr "ipa_automount_location (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:742
+#, fuzzy
+#| msgid "ipa_automount_location (string)"
+msgid "user_verification (boolean)"
+msgstr "ipa_automount_location (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:744
+msgid ""
+"Enable or disable the user verification (i.e. PIN, fingerprint) during "
+"authentication. If enabled, the PIN will always be requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:750
+msgid ""
+"The default is that the key settings decide what to do. In the IPA or "
+"kerberos pre-authentication case, this value will be overwritten by the "
+"server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:737
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder "
+#| "type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"With this parameter the passkey verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:211
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスに"
+"より提供されます。特別なサービスにより管理されるサービスはよく<quote>モニター"
+"</quote>と呼ばれます。<quote>[sssd]</quote> セクションは、モニターだけでな"
+"く、識別ドメインのような他の重要なオプションを設定するために使用されます。 "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:769
+msgid "SERVICES SECTIONS"
+msgstr "サービスセクション"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:771
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be <quote>[nss]</"
+"quote>"
+msgstr ""
+"異なるサービスを設定するために使用される設定がこのセクションに記述されます。"
+"それらは [<replaceable>$NAME</replaceable>] セクションに置かれます。たとえ"
+"ば、NSS サービスは <quote>[nss]</quote> セクションです"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:778
+msgid "General service configuration options"
+msgstr "サービス設定の全体オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:780
+msgid "These options can be used to configure any service."
+msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:797
+msgid "fd_limit"
+msgstr "fd_limit"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:800
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:809
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:814
+msgid "client_idle_timeout"
+msgstr "client_idle_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:817
+msgid ""
+"This option specifies the number of seconds that a client of an SSSD process "
+"can hold onto a file descriptor without communicating on it. This value is "
+"limited in order to avoid resource exhaustion on the system. The timeout "
+"can't be shorter than 10 seconds. If a lower value is configured, it will be "
+"adjusted to 10 seconds."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:826
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 60, KCM: 300"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:831
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:834
+msgid ""
+"When SSSD switches to offline mode the amount of time before it tries to go "
+"back online will increase based upon the time spent disconnected. By "
+"default SSSD uses incremental behaviour to calculate delay in between "
+"retries. So, the wait time for a given retry will be longer than the wait "
+"time for the previous ones. After each unsuccessful attempt to go online, "
+"the new interval is recalculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:845 sssd.conf.5.xml:901
+msgid ""
+"new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..."
+"offline_timeout_random_offset]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:848
+msgid ""
+"The offline_timeout default value is 60. The offline_timeout_max default "
+"value is 3600. The offline_timeout_random_offset default value is 30. The "
+"end result is amount of seconds before next retry."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:854
+msgid ""
+"Note that the maximum length of each interval is defined by "
+"offline_timeout_max (apart of random part)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495
+msgid "Default: 60"
+msgstr "初期値: 60"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:863
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "offline_timeout_max (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:866
+msgid ""
+"Controls by how much the time between attempts to go online can be "
+"incremented following unsuccessful attempts to go online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:871
+msgid "A value of 0 disables the incrementing behaviour."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:874
+msgid ""
+"The value of this parameter should be set in correlation to offline_timeout "
+"parameter value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:878
+msgid ""
+"With offline_timeout set to 60 (default value) there is no point in setting "
+"offlinet_timeout_max to less than 120 as it will saturate instantly. General "
+"rule here should be to set offline_timeout_max to at least 4 times "
+"offline_timeout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:884
+msgid ""
+"Although a value between 0 and offline_timeout may be specified, it has the "
+"effect of overriding the offline_timeout value so is of little use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:889
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 3600"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:894
+#, fuzzy
+#| msgid "offline_failed_login_attempts (integer)"
+msgid "offline_timeout_random_offset (integer)"
+msgstr "offline_failed_login_attempts (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:897
+msgid ""
+"When SSSD is in offline mode it keeps probing backend servers in specified "
+"time intervals:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:904
+msgid ""
+"This parameter controls the value of the random offset used for the above "
+"equation. Final random_offset value will be random number in range:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:909
+msgid "[0 - offline_timeout_random_offset]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:912
+msgid "A value of 0 disables the random offset addition."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:915
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:920
+msgid "responder_idle_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:923
+msgid ""
+"This option specifies the number of seconds that an SSSD responder process "
+"can be up without being used. This value is limited in order to avoid "
+"resource exhaustion on the system. The minimum acceptable value for this "
+"option is 60 seconds. Setting this option to 0 (zero) means that no timeout "
+"will be set up to the responder. This option only has effect when SSSD is "
+"built with systemd support and when services are either socket or D-Bus "
+"activated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322
+#: sssd-ldap.5.xml:332
+msgid "Default: 300"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:942
+msgid "cache_first"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:945
+msgid ""
+"This option specifies whether the responder should query all caches before "
+"querying the Data Providers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:960
+msgid "NSS configuration options"
+msgstr "NSS 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:962
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) service."
+msgstr ""
+"これらのオプションは Name Service Switch (NSS) サービスを設定するために使用で"
+"きます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:967
+msgid "enum_cache_timeout (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:970
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+"nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する"
+"要求)。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:974
+msgid "Default: 120"
+msgstr "初期値: 120"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:979
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr "entry_cache_nowait_percentage (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:982
+msgid ""
+"The entry cache can be set to automatically update entries in the background "
+"if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+"エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求"
+"された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できま"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:988
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+"たとえば、ドメインの entry_cache_timeout が 30s に設定され、"
+"entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 "
+"秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身に"
+"キャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つこ"
+"とをブロックする必要がありません。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:998
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
+"disables this feature)"
+msgstr ""
+"このオプションに対して有効な値は 0-99 です。各ドメインに対する "
+"entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセ"
+"ンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。"
+"(0 はこの機能を無効にします)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122
+msgid "Default: 50"
+msgstr "初期値: 50"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1011
+msgid "entry_negative_timeout (integer)"
+msgstr "entry_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1014
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま"
+"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ"
+"せ)をキャッシュする秒数を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146
+msgid "Default: 15"
+msgstr "初期値: 15"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1025
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1028
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again. Setting "
+"the option to 0 disables this feature."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1034
+msgid "Default: 14400 (4 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1039
+msgid "filter_users, filter_groups (string)"
+msgstr "filter_users, filter_groups (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1042
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain or by a user principal name (UPN)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1050
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1058
+msgid "Default: root"
+msgstr "初期値: root"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1063
+msgid "filter_users_in_groups (bool)"
+msgstr "filter_users_in_groups (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1066
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+"フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプ"
+"ションを偽に設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1077
+msgid "fallback_homedir (string)"
+msgstr "fallback_homedir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+"ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーの"
+"ホームディレクトリーの標準テンプレートを設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1085
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+"このオプションに対して利用可能なオプションは override_homedir に対するものと"
+"同じです。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1091
+#, no-wrap
+msgid ""
+"fallback_homedir = /home/%u\n"
+" "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+" "
+
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66
+msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1101
+msgid "override_shell (string)"
+msgstr "override_shell (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1104
+msgid ""
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1110
+msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
+msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1116
+msgid "allowed_shells (string)"
+msgstr "allowed_shells (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1119
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+"ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりで"
+"す:"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1122
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1126
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+"2. シェルが allowed_shells 一覧にあるが、<quote>/etc/shells</quote> になけれ"
+"ば、shell_fallback パラメーターの値を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1131
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+"3. シェルが allowed_shells 一覧になく、<quote>/etc/shells</quote> にもなけれ"
+"ば、nologin シェルが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1136
+msgid "The wildcard (*) can be used to allow any shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1139
+msgid ""
+"The (*) is useful if you want to use shell_fallback in case that user's "
+"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
+"allowed shells in allowed_shells would be to much overhead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1146
+msgid "An empty string for shell is passed as-is to libc."
+msgstr "シェルの空文字列は libc にそのまま渡されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1149
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+"<quote>/etc/shells</quote> は SSSD が開始されるときにのみ読み込まれます。これ"
+"は新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1153
+msgid "Default: Not set. The user shell is automatically used."
+msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1158
+msgid "vetoed_shells (string)"
+msgstr "vetoed_shells (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1161
+msgid "Replace any instance of these shells with the shell_fallback"
+msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1166
+msgid "shell_fallback (string)"
+msgstr "shell_fallback (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1169
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+"許可されたシェルがマシンにインストールされていない場合に使用する標準シェルで"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1173
+msgid "Default: /bin/sh"
+msgstr "初期値: /bin/sh"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1178
+msgid "default_shell"
+msgstr "default_shell"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1181
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option can be specified globally in the [nss] section or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1187
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577
+msgid "get_domains_timeout (int)"
+msgstr "get_domains_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1206
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "memcache_timeout (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid ""
+"Specifies time in seconds for which records in the in-memory cache will be "
+"valid. Setting this option to zero will disable the in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1217
+msgid ""
+"WARNING: Disabling the in-memory cache will have significant negative impact "
+"on SSSD's performance and should only be used for testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273
+#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1231
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "memcache_size_passwd (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1234
+msgid ""
+"Size (in megabytes) of the data table allocated inside fast in-memory cache "
+"for passwd requests. Setting the size to 0 will disable the passwd in-"
+"memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549
+msgid "Default: 8"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293
+#: sssd.conf.5.xml:1320
+msgid ""
+"WARNING: Disabled or too small in-memory cache can have significant negative "
+"impact on SSSD's performance."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1256
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "memcache_size_group (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1259
+msgid ""
+"Size (in megabytes) of the data table allocated inside fast in-memory cache "
+"for group requests. Setting the size to 0 will disable the group in-memory "
+"cache."
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737
+#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116
+#: include/krb5_options.xml:11
+msgid "Default: 6"
+msgstr "初期値: 6"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1281
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "memcache_size_initgroups (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1284
+msgid ""
+"Size (in megabytes) of the data table allocated inside fast in-memory cache "
+"for initgroups requests. Setting the size to 0 will disable the initgroups "
+"in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1306
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "memcache_size_sid (integer)"
+msgstr "enum_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1309
+msgid ""
+"Size (in megabytes) of the data table allocated inside fast in-memory cache "
+"for SID related requests. Only SID-by-ID and ID-by-SID requests are "
+"currently cached in fast in-memory cache. Setting the size to 0 will "
+"disable the SID in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1336
+msgid ""
+"Some of the additional NSS responder requests can return more attributes "
+"than just the POSIX ones defined by the NSS interface. The list of "
+"attributes is controlled by this option. It is handled the same way as the "
+"<quote>user_attributes</quote> option of the InfoPipe responder (see "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for details) but with no default values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1349
+msgid ""
+"To make configuration more easy the NSS responder will check the InfoPipe "
+"option if it is not set for the NSS responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1354
+msgid "Default: not set, fallback to InfoPipe option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1359
+msgid "pwfield (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1362
+msgid ""
+"The value that NSS operations that return users or groups will return for "
+"the <quote>password</quote> field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1367
+#, fuzzy
+#| msgid "Default: <quote>permit</quote>"
+msgid "Default: <quote>*</quote>"
+msgstr "初期値: <quote>permit</quote>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1370
+#, fuzzy
+#| msgid "This option can also be set per-domain."
+msgid ""
+"Note: This option can also be set per-domain which overwrites the value in "
+"[nss] section."
+msgstr "このオプションはドメインごとに設定できます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1374
+msgid ""
+"Default: <quote>not set</quote> (remote domains), <phrase "
+"condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </"
+"phrase> <quote>x</quote> (proxy domain with nss_files and sssd-shadowutils "
+"target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1386
+msgid "PAM configuration options"
+msgstr "PAM 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1388
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+"これらのオプションは Pluggable Authentication Module (PAM) サービスを設定する"
+"ために使用できます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1393
+msgid "offline_credentials_expiration (integer)"
+msgstr "offline_credentials_expiration (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1396
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+"認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オン"
+"ラインログインの最終成功からの日数)です。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414
+msgid "Default: 0 (No limit)"
+msgstr "初期値: 0 (無制限)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "offline_failed_login_attempts (integer)"
+msgstr "offline_failed_login_attempts (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1420
+msgid "offline_failed_login_delay (integer)"
+msgstr "offline_failed_login_delay (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1423
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+"新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に"
+"渡される分単位の時間です。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1428
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable offline authentication again."
+msgstr ""
+"0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーが"
+"オフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有"
+"効にできます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544
+msgid "Default: 5"
+msgstr "初期値: 5"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1440
+msgid "pam_verbosity (integer)"
+msgstr "pam_verbosity (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1443
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+"認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大"
+"きいほどメッセージが表示されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1448
+msgid "Currently sssd supports the following values:"
+msgstr "現在 sssd は以下の値をサポートします:"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1451
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1454
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1458
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1461
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1465 sssd.8.xml:63
+msgid "Default: 1"
+msgstr "初期値: 1"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1471
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "pam_response_filter (string)"
+msgstr "ldap_access_filter (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1474
+msgid ""
+"A comma separated list of strings which allows to remove (filter) data sent "
+"by the PAM responder to pam_sss PAM module. There are different kind of "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
+"variables which should be set by pam_sss."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1482
+msgid ""
+"While messages already can be controlled with the help of the pam_verbosity "
+"option this option allows to filter out other kind of responses as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1489
+msgid "ENV"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1490
+msgid "Do not send any environment variables to any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1493
+msgid "ENV:var_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1494
+msgid "Do not send environment variable var_name to any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1498
+msgid "ENV:var_name:service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1499
+msgid "Do not send environment variable var_name to service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1487
+msgid ""
+"Currently the following filters are supported: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1506
+msgid ""
+"The list of strings can either be the list of filters which would set this "
+"list of filters and overwrite the defaults. Or each element of the list can "
+"be prefixed by a '+' or '-' character which would add the filter to the "
+"existing default or remove it from the defaults, respectively. Please note "
+"that either all list elements must have a '+' or '-' prefix or none. It is "
+"considered as an error to mix both styles."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1517
+msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1520
+msgid ""
+"Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1527
+msgid "pam_id_timeout (integer)"
+msgstr "pam_id_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1530
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+"SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証"
+"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1536
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+"完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM "
+"要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンド"
+"トリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアント"
+"アプリケーションごとに)制御します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1550
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995
+msgid "Display a warning N days before the password expires."
+msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1556
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
+"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1567
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1589
+msgid "pam_trusted_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1592
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1602
+msgid "Default: All users are considered trusted by default"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1606
+msgid ""
+"Please note that UID 0 is always allowed to access the PAM responder even in "
+"case it is not in the pam_trusted_users list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613
+msgid "pam_public_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616
+msgid ""
+"Specifies the comma-separated list of domain names that are accessible even "
+"to untrusted users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1620
+msgid "Two special values for pam_public_domains option are defined:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1624
+msgid ""
+"all (Untrusted users are allowed to access all domains in PAM responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1628
+msgid ""
+"none (Untrusted users are not allowed to access any domains PAM in "
+"responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913
+#: sssd-ldap.5.xml:1209
+msgid "Default: none"
+msgstr "初期値: none"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1637
+msgid "pam_account_expired_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1640
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbosity is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1653
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1662
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1665
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1672
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1681
+#, fuzzy
+#| msgid "ldap_chpass_update_last_change (bool)"
+msgid "pam_passkey_auth (bool)"
+msgstr "ldap_chpass_update_last_change (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1684
+msgid "Enable passkey device based authentication."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712
+#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789
+#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126
+#: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250
+msgid "Default: False"
+msgstr "初期値: 偽"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1692
+msgid "passkey_debug_libfido2 (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1695
+msgid "Enable libfido2 library debug messages."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1703
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1706
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1717
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1720
+msgid "The path to the certificate database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373
+msgid "Default:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250
+msgid ""
+"/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA "
+"certificates in PEM format)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1735
+#, fuzzy
+#| msgid "ipa_automount_location (string)"
+msgid "pam_cert_verification (string)"
+msgstr "ipa_automount_location (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1738
+msgid ""
+"With this parameter the PAM certificate verification can be tuned with a "
+"comma separated list of options that override the "
+"<quote>certificate_verification</quote> value in <quote>[sssd]</quote> "
+"section. Supported options are the same of <quote>certificate_verification</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1749
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| " "
+msgid ""
+"pam_cert_verification = partial_chain\n"
+" "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1753
+msgid ""
+"Default: not set, i.e. use default <quote>certificate_verification</quote> "
+"option defined in <quote>[sssd]</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1760
+msgid "p11_child_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1763
+msgid "How many seconds will pam_sss wait for p11_child to finish."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1772
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "passkey_child_timeout (integer)"
+msgstr "pam_id_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1775
+msgid ""
+"How many seconds will the PAM responder wait for passkey_child to finish."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1784
+msgid "pam_app_services (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1787
+msgid ""
+"Which PAM services are permitted to contact domains of type "
+"<quote>application</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1796
+msgid "pam_p11_allowed_services (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1799
+msgid ""
+"A comma-separated list of PAM service names for which it will be allowed to "
+"use Smartcards."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1814
+#, no-wrap
+msgid ""
+"pam_p11_allowed_services = +my_pam_service, -login\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1803
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in order "
+"to replace a default PAM service name for authentication with Smartcards (e."
+"g. <quote>login</quote>) with a custom PAM service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811
+#: sssd-ad.5.xml:869 sssd-ad.5.xml:947
+msgid "Default: the default set of PAM service names includes:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648
+msgid "login"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653
+msgid "su"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658
+msgid "su-l"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673
+msgid "gdm-smartcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668
+msgid "gdm-password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678
+msgid "kdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956
+msgid "sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961
+msgid "sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1863
+msgid "gnome-screensaver"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1871
+msgid "p11_wait_for_card_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1874
+msgid ""
+"If Smartcard authentication is required how many extra seconds in addition "
+"to p11_child_timeout should the PAM responder wait until a Smartcard is "
+"inserted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1885
+msgid "p11_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1888
+msgid ""
+"PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the "
+"selection of devices used for Smartcard authentication. By default SSSD's "
+"p11_child will search for a PKCS#11 slot (reader) where the 'removable' "
+"flags is set and read the certificates from the inserted token from the "
+"first slot found. If multiple readers are connected p11_uri can be used to "
+"tell p11_child to use a specific reader."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1901
+#, no-wrap
+msgid ""
+"p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1905
+#, no-wrap
+msgid ""
+"p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1899
+msgid ""
+"Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder "
+"type=\"programlisting\" id=\"1\"/> To find suitable URI please check the "
+"debug output of p11_child. As an alternative the GnuTLS utility 'p11tool' "
+"with e.g. the '--list-all' will show PKCS#11 URIs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1918
+msgid "pam_initgroups_scheme"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1926
+msgid "always"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1927
+msgid ""
+"Always do an online lookup, please note that pam_id_timeout still applies"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1931
+msgid "no_session"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1932
+msgid ""
+"Only do an online lookup if there is no active session of the user, i.e. if "
+"the user is currently not logged in"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1937
+msgid "never"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1938
+msgid ""
+"Never force an online lookup, use the data from the cache as long as they "
+"are not expired"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1921
+msgid ""
+"The PAM responder can force an online lookup to get the current group "
+"memberships of the user trying to log in. This option controls when this "
+"should be done and the following values are allowed: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1945
+msgid "Default: no_session"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312
+msgid "pam_gssapi_services"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1953
+#, fuzzy
+#| msgid "Comma separated list of users who are allowed to log in."
+msgid ""
+"Comma separated list of PAM services that are allowed to try GSSAPI "
+"authentication using pam_sss_gss.so module."
+msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1958
+msgid ""
+"To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031
+msgid ""
+"Note: This option can also be set per-domain which overwrites the value in "
+"[pam] section. It can also be set for trusted domain which overwrites the "
+"value in the domain section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1970
+#, fuzzy, no-wrap
+#| msgid ""
+#| "fallback_homedir = /home/%u\n"
+#| " "
+msgid ""
+"pam_gssapi_services = sudo, sudo-i\n"
+" "
+msgstr ""
+"fallback_homedir = /home/%u\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1974
+msgid "Default: - (GSSAPI authentication is disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313
+msgid "pam_gssapi_check_upn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1982
+msgid ""
+"If True, SSSD will require that the Kerberos user principal that "
+"successfully authenticated through GSSAPI can be associated with the user "
+"who is being authenticated. Authentication will fail if the check fails."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1989
+msgid ""
+"If False, every user that is able to obtained required service ticket will "
+"be authenticated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76
+#: sssd-files.5.xml:145
+msgid "Default: True"
+msgstr "初期値: True"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2004
+msgid "pam_gssapi_indicators_map"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2007
+msgid ""
+"Comma separated list of authentication indicators required to be present in "
+"a Kerberos ticket to access a PAM service that is allowed to try GSSAPI "
+"authentication using pam_sss_gss.so module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2013
+msgid ""
+"Each element of the list can be either an authentication indicator name or a "
+"pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM "
+"service name will be required to access any PAM service configured to be "
+"used with <option>pam_gssapi_services</option>. A resulting list of "
+"indicators per PAM service is then checked against indicators in the "
+"Kerberos ticket during authentication by pam_sss_gss.so. Any indicator from "
+"the ticket that matches the resulting list of indicators for the PAM service "
+"would grant access. If none of the indicators in the list match, access will "
+"be denied. If the resulting list of indicators for the PAM service is empty, "
+"the check will not prevent the access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2026
+msgid ""
+"To disable GSSAPI authentication indicator check, set this option to <quote>-"
+"</quote> (dash). To disable the check for a specific PAM service, add "
+"<quote>service:-</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2037
+msgid ""
+"Following authentication indicators are supported by IPA Kerberos "
+"deployments:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2040
+msgid ""
+"pkinit -- pre-authentication using X.509 certificates -- whether stored in "
+"files or on smart cards."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2043
+msgid ""
+"hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a "
+"FAST channel."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2046
+msgid "radius -- pre-authentication with the help of a RADIUS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2049
+msgid ""
+"otp -- pre-authentication using integrated two-factor authentication (2FA or "
+"one-time password, OTP) in IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2052
+msgid "idp -- pre-authentication using external identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2062
+#, no-wrap
+msgid ""
+"pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2057
+msgid ""
+"Example: to require access to SUDO services only for users which obtained "
+"their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), "
+"set <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2066
+#, fuzzy
+#| msgid "Default: not set (no substitution for unset home directories)"
+msgid "Default: not set (use of authentication indicators is not required)"
+msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2074
+msgid "SUDO configuration options"
+msgstr "SUDO 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2076
+msgid ""
+"These options can be used to configure the sudo service. The detailed "
+"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
+"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2093
+msgid "sudo_timed (bool)"
+msgstr "sudo_timed (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2096
+msgid ""
+"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
+"that implement time-dependent sudoers entries."
+msgstr ""
+"時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性"
+"を評価するかしないかです。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2108
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2111
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2130
+msgid "AUTOFS configuration options"
+msgstr "Autofs 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2132
+msgid "These options can be used to configure the autofs service."
+msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2136
+msgid "autofs_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2139
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+"autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無"
+"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に"
+"ヒットする秒数を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2155
+msgid "SSH configuration options"
+msgstr "SSH 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2157
+msgid "These options can be used to configure the SSH service."
+msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2161
+msgid "ssh_hash_known_hosts (bool)"
+msgstr "ssh_hash_known_hosts (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2164
+msgid ""
+"Whether or not to hash host names and addresses in the managed known_hosts "
+"file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2173
+msgid "ssh_known_hosts_timeout (integer)"
+msgstr "ssh_known_hosts_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2176
+msgid ""
+"How many seconds to keep a host in the managed known_hosts file after its "
+"host keys were requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2180
+msgid "Default: 180"
+msgstr "初期値: 180"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2185
+msgid "ssh_use_certificate_keys (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2188
+msgid ""
+"If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh "
+"keys derived from the public key of X.509 certificates stored in the user "
+"entry as well. See <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2203
+msgid "ssh_use_certificate_matching_rules (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2206
+msgid ""
+"By default the ssh responder will use all available certificate matching "
+"rules to filter the certificates so that ssh keys are only derived from the "
+"matching ones. With this option the used rules can be restricted with a "
+"comma separated list of mapping and matching rule names. All other rules "
+"will be ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2215
+msgid ""
+"There are two special key words 'all_rules' and 'no_rules' which will enable "
+"all or no rules, respectively. The latter means that no certificates will be "
+"filtered out and ssh keys will be generated from all valid certificates."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2222
+msgid ""
+"If no rules are configured using 'all_rules' will enable a default rule "
+"which enables all certificates suitable for client authentication. This is "
+"the same behavior as for the PAM responder if certificate authentication is "
+"enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2229
+msgid ""
+"A non-existing rule name is considered an error. If as a result no rule is "
+"selected all certificates will be ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2234
+msgid ""
+"Default: not set, equivalent to 'all_rules', all found rules or the default "
+"rule are used"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2240
+msgid "ca_db (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2243
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2263
+msgid "PAC responder configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2265
+msgid ""
+"The PAC responder works together with the authorization data plugin for MIT "
+"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
+"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
+"provider collects domain SID and ID ranges of the domain the client is "
+"joined to and of remote trusted domains from the local domain controller. If "
+"the PAC is decoded and evaluated some of the following operations are done:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2274
+msgid ""
+"If the remote user does not exist in the cache, it is created. The UID is "
+"determined with the help of the SID, trusted domains will have UPGs and the "
+"GID will have the same value as the UID. The home directory is set based on "
+"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
+"the system defaults are used, but can be overwritten with the default_shell "
+"parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2282
+msgid ""
+"If there are SIDs of groups from domains sssd knows about, the user will be "
+"added to those groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2288
+msgid "These options can be used to configure the PAC responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66
+msgid "allowed_uids (string)"
+msgstr "allowed_uids (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2295
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the PAC responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2301
+msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2305
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the PAC responder, which would be the typical case, you have to add 0 "
+"to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2314
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2317
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2327
+#, fuzzy
+#| msgid "ldap_schema (string)"
+msgid "pac_check (string)"
+msgstr "ldap_schema (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2330
+msgid ""
+"Apply additional checks on the PAC of the Kerberos ticket which is available "
+"in Active Directory and FreeIPA domains, if configured. Please note that "
+"Kerberos ticket validation must be enabled to be able to check the PAC, i.e. "
+"the krb5_validate option must be set to 'True' which is the default for the "
+"IPA and AD provider. If krb5_validate is set to 'False' the PAC checks will "
+"be skipped."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2344
+msgid "no_check"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2346
+msgid ""
+"The PAC must not be present and even if it is present no additional checks "
+"will be done."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
+msgid "pac_present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2354
+msgid ""
+"The PAC must be present in the service ticket which SSSD will request with "
+"the help of the user's TGT. If the PAC is not available the authentication "
+"will fail."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2362
+msgid "check_upn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2364
+msgid ""
+"If the PAC is present check if the user principal name (UPN) information is "
+"consistent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2370
+msgid "check_upn_allow_missing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2372
+msgid ""
+"This option should be used together with 'check_upn' and handles the case "
+"where a UPN is set on the server-side but is not read by SSSD. The typical "
+"example is a FreeIPA domain where 'ldap_user_principal' is set to a not "
+"existing attribute name. This was typically done to work-around issues in "
+"the handling of enterprise principals. But this is fixed since quite some "
+"time and FreeIPA can handle enterprise principals just fine and there is no "
+"need anymore to set 'ldap_user_principal'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2384
+msgid ""
+"Currently this option is set by default to avoid regressions in such "
+"environments. A log message will be added to the system log and SSSD's debug "
+"log in case a UPN is found in the PAC but not in SSSD's cache. To avoid this "
+"log message it would be best to evaluate if the 'ldap_user_principal' option "
+"can be removed. If this is not possible, removing 'check_upn' will skip the "
+"test and avoid the log message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2398
+msgid "upn_dns_info_present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2400
+msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2405
+msgid "check_upn_dns_info_ex"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2407
+msgid ""
+"If the PAC is present and the extension to the UPN-DNS-INFO buffer is "
+"available check if the information in the extension is consistent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2414
+msgid "upn_dns_info_ex_present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2416
+msgid ""
+"The PAC must contain the extension of the UPN-DNS-INFO buffer, implies "
+"'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2340
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder "
+#| "type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"The following options can be used alone or in a comma-separated list: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2426
+msgid ""
+"Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, "
+"check_upn_dns_info_ex')"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2435
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2437
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2450
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS が"
+"返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更など"
+"の可能性がある場合には、その後になります。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリス"
+"トです。NSS が返すグループ名にマッチします。つまり、スペースの置換、大文字小"
+"文字の変更などの可能性がある場合には、その後になります。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129
+#: sssd-session-recording.5.xml:161
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141
+#, fuzzy
+#| msgid "simple_deny_users (string)"
+msgid "exclude_users (string)"
+msgstr "simple_deny_users (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144
+msgid ""
+"A comma-separated list of users to be excluded from recording, only "
+"applicable with 'scope=all'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. No users excluded."
+msgstr "初期値: 空、つまり ldap_uri が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153
+#, fuzzy
+#| msgid "simple_deny_groups (string)"
+msgid "exclude_groups (string)"
+msgstr "simple_deny_groups (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156
+msgid ""
+"A comma-separated list of groups, members of which should be excluded from "
+"recording. Only applicable with 'scope=all'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168
+#, fuzzy
+#| msgid "Default: empty, i.e. ldap_uri is used."
+msgid "Default: Empty. No groups excluded."
+msgstr "初期値: 空、つまり ldap_uri が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:2568
+msgid "DOMAIN SECTIONS"
+msgstr "ドメインセクション"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2575
+msgid "enabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2578
+msgid ""
+"Explicitly enable or disable the domain. If <quote>true</quote>, the domain "
+"is always <quote>enabled</quote>. If <quote>false</quote>, the domain is "
+"always <quote>disabled</quote>. If this option is not set, the domain is "
+"enabled only if it is listed in the domains option in the <quote>[sssd]</"
+"quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2590
+msgid "domain_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2593
+msgid ""
+"Specifies whether the domain is meant to be used by POSIX-aware clients such "
+"as the Name Service Switch or by applications that do not need POSIX data to "
+"be present or generated. Only objects from POSIX domains are available to "
+"the operating system interfaces and utilities."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2601
+msgid ""
+"Allowed values for this option are <quote>posix</quote> and "
+"<quote>application</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2605
+msgid ""
+"POSIX domains are reachable by all services. Application domains are only "
+"reachable from the InfoPipe responder (see <citerefentry> "
+"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>) and the PAM responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2613
+msgid ""
+"NOTE: The application domains are currently well tested with "
+"<quote>id_provider=ldap</quote> only."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2617
+msgid ""
+"For an easy way to configure a non-POSIX domains, please see the "
+"<quote>Application domains</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2621
+msgid "Default: posix"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2627
+msgid "min_id,max_id (integer)"
+msgstr "min_id,max_id (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2630
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+"ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエン"
+"トリーを含む場合、それは無視されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2635
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned "
+"to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+"ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライ"
+"マリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメン"
+"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2642
+msgid ""
+"These ID limits affect even saving entries to cache, not only returning them "
+"by name or ID."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2646
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2652
+msgid "enumerate (bool)"
+msgstr "enumerate (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2655
+msgid ""
+"Determines if a domain can be enumerated, that is, whether the domain can "
+"list all the users and group it contains. Note that it is not required to "
+"enable enumeration in order for secondary groups to be displayed. This "
+"parameter can have one of the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2663
+msgid "TRUE = Users and groups are enumerated"
+msgstr "TRUE = ユーザーとグループが列挙されます"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2666
+msgid "FALSE = No enumerations for this domain"
+msgstr "FALSE = このドメインに対して列挙しません"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127
+msgid "Default: FALSE"
+msgstr "初期値: FALSE"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2672
+msgid ""
+"Enumerating a domain requires SSSD to download and store ALL user and group "
+"entries from the remote server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2677
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup "
+"to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing. Saving a large number of entries to cache "
+"after the enumeration completes might also be CPU intensive as the "
+"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
+"quote> process becoming unresponsive or even restarted by the internal "
+"watchdog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2692
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+"最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、そ"
+"れが完了するまで結果を返しません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2697
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer "
+"to the man pages for the specific id_provider in use."
+msgstr ""
+"さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長く"
+"する必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性"
+"があります。詳細は使用している具体的な id_provider のマニュアルページを参照し"
+"てください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2705
+msgid ""
+"For the reasons cited above, enabling enumeration is not recommended, "
+"especially in large environments."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2713
+msgid "subdomain_enumerate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2720
+msgid "all"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2721
+msgid "All discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2724
+msgid "none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2725
+msgid "No discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2716
+msgid ""
+"Whether any of autodetected trusted domains should be enumerated. The "
+"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
+"Optionally, a list of one or more domain names can enable enumeration just "
+"for these trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2739
+msgid "entry_cache_timeout (integer)"
+msgstr "entry_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2742
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒"
+"数です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2746
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2759
+msgid "Default: 5400"
+msgstr "初期値: 5400"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2765
+msgid "entry_cache_user_timeout (integer)"
+msgstr "entry_cache_user_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2768
+msgid ""
+"How many seconds should nss_sss consider user entries valid before asking "
+"the backend again"
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると"
+"考える秒数です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879
+msgid "Default: entry_cache_timeout"
+msgstr "初期値: entry_cache_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2778
+msgid "entry_cache_group_timeout (integer)"
+msgstr "entry_cache_group_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2781
+msgid ""
+"How many seconds should nss_sss consider group entries valid before asking "
+"the backend again"
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると"
+"考える秒数です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2791
+msgid "entry_cache_netgroup_timeout (integer)"
+msgstr "entry_cache_netgroup_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2794
+msgid ""
+"How many seconds should nss_sss consider netgroup entries valid before "
+"asking the backend again"
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを"
+"有効であると考える秒数です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2804
+msgid "entry_cache_service_timeout (integer)"
+msgstr "entry_cache_service_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2807
+msgid ""
+"How many seconds should nss_sss consider service entries valid before asking "
+"the backend again"
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると"
+"考える秒数です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2817
+msgid "entry_cache_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2820
+msgid ""
+"How many seconds should nss_sss consider hosts and networks entries valid "
+"before asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2831
+msgid "entry_cache_sudo_timeout (integer)"
+msgstr "entry_cache_sudo_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2834
+msgid ""
+"How many seconds should sudo consider rules valid before asking the backend "
+"again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2844
+msgid "entry_cache_autofs_timeout (integer)"
+msgstr "entry_cache_autofs_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2847
+msgid ""
+"How many seconds should the autofs service consider automounter maps valid "
+"before asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2858
+msgid "entry_cache_ssh_host_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2861
+msgid ""
+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
+"the host key for."
+msgstr ""
+"リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何"
+"秒キャッシュするか。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2872
+msgid "entry_cache_computer_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2875
+msgid ""
+"How many seconds to keep the local computer entry before asking the backend "
+"again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2885
+msgid "refresh_expired_interval (integer)"
+msgstr "refresh_expired_interval (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2888
+msgid ""
+"Specifies how many seconds SSSD has to wait before triggering a background "
+"refresh task which will refresh all expired or nearly expired records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2893
+msgid ""
+"The background refresh will process users, groups and netgroups in the "
+"cache. For users who have performed the initgroups (get group membership for "
+"user, typically ran at login) operation in the past, both the user entry "
+"and the group membership are updated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2901
+msgid "This option is automatically inherited for all trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2905
+msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2909
+msgid ""
+"Cache entry will be refreshed by background task when 2/3 of cache timeout "
+"has already passed. If there are existing cached entries, the background "
+"task will refer to their original cache timeout values instead of current "
+"configuration value. This may lead to a situation in which background "
+"refresh task appears to not be working. This is done by design to improve "
+"offline mode operation and reuse of existing valid cache entries. To make "
+"this change instant the user may want to manually invalidate existing cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738
+#: sssd-ipa.5.xml:270
+msgid "Default: 0 (disabled)"
+msgstr "初期値: 0 (無効)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2928
+msgid "cache_credentials (bool)"
+msgstr "cache_credentials (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2931
+msgid ""
+"Determines if user credentials are also cached in the local LDB cache. The "
+"cached credentials refer to passwords, which includes the first (long term) "
+"factor of two-factor authentication, not other authentication mechanisms. "
+"Passkey and Smartcard authentications are expected to work offline as long "
+"as a successful online authentication is recorded in the cache without "
+"additional configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2942
+msgid ""
+"Take a note that while credentials are stored as a salted SHA512 hash, this "
+"still potentially poses some security risk in case an attacker manages to "
+"get access to a cache file (normally requires privileged access) and to "
+"break a password using brute force attack."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2956
+msgid "cache_credentials_minimal_first_factor_length (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2959
+msgid ""
+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
+"this value determines the minimal length the first authentication factor "
+"(long term password) must have to be saved as SHA512 hash into the cache."
+msgstr ""
+"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、"
+"この値は、最初の認証要素 (長期パスワード) を SHA512 ハッシュとしてキャッシュ"
+"に保存する必要がある最小の長さを決定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2966
+msgid ""
+"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
+"the cache which would make them easy targets for brute-force attacks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2977
+msgid "account_cache_expiration (integer)"
+msgstr "account_cache_expiration (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2980
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+"正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日"
+"数です。 0 は永久に保持することを意味します。このパラメーターの値は "
+"offline_credentials_expiration と同等以上でなければいけません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2987
+msgid "Default: 0 (unlimited)"
+msgstr "初期値: 0 (無制限)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2992
+msgid "pwd_expiration_warning (integer)"
+msgstr "pwd_expiration_warning (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3003
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3010
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3016
+msgid "id_provider (string)"
+msgstr "id_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3019
+msgid ""
+"The identification provider used for the domain. Supported ID providers are:"
+msgstr ""
+"ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイ"
+"ダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3023
+msgid "<quote>proxy</quote>: Support a legacy NSS provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3026
+msgid ""
+"<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-"
+"files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on how to mirror local users and groups into SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3034
+msgid ""
+"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204
+#: sssd.conf.5.xml:3267
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
+#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> for more information on "
+#| "configuring FreeIPA."
+msgid ""
+"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring FreeIPA."
+msgstr ""
+"<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ"
+"ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-"
+"ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してくださ"
+"い。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213
+#: sssd.conf.5.xml:3276
+msgid ""
+"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Active Directory."
+msgstr ""
+"<quote>ad</quote>: Active Directory プロバイダー。Active Directory の設定に関"
+"する詳細は <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3062
+msgid "use_fully_qualified_names (bool)"
+msgstr "use_fully_qualified_names (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3065
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+"NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全"
+"名形式により整形されたように) を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3070
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+"TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必"
+"要があります。たとえば、 \"test\" ユーザーを含む LOCAL ドメインにおいて使用さ"
+"れていると、<command>getent passwd test</command> はユーザーを見つけられませ"
+"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3078
+msgid ""
+"NOTE: This option has no effect on netgroup lookups due to their tendency to "
+"include nested netgroups without qualified names. For netgroups, all domains "
+"will be searched when an unqualified name is requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3085
+msgid ""
+"Default: FALSE (TRUE for trusted domain/sub-domains or if "
+"default_domain_suffix is used)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3092
+msgid "ignore_group_members (bool)"
+msgstr "ignore_group_members (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3095
+msgid "Do not return group members for group lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3098
+msgid ""
+"If set to TRUE, the group membership attribute is not requested from the "
+"ldap server, and group members are not returned when processing group lookup "
+"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
+"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
+"return the requested group as if it was empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3116
+msgid ""
+"Enabling this option can also make access provider checks for group "
+"membership significantly faster, especially for groups containing many "
+"members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469
+#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
+msgid ""
+"This option can be also set per subdomain or inherited via "
+"<emphasis>subdomain_inherit</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3132
+msgid "auth_provider (string)"
+msgstr "auth_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3135
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+"ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイ"
+"ダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote> は本来の LDAP 認証向けです。LDAP の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3146
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3170
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3173
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr "<quote>none</quote> は明示的に認証を無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3176
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+"初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる"
+"ならば、それが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3182
+msgid "access_provider (string)"
+msgstr "access_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3185
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+"ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセ"
+"スプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加"
+"えます)。内部の特別プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3191
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
+"<quote>permit</quote> は常にアクセスを許可します。ローカルドメインに対するプ"
+"ロバイダーのみアクセスが許可されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3194
+msgid "<quote>deny</quote> always deny access."
+msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3221
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for more information on configuring the simple "
+"access module."
+msgstr ""
+"<quote>simple</quote> アクセス制御はアクセスまたは拒否の一覧に基づきます。"
+"simple アクセスモジュールの設定に関する詳細は <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3228
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3235
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3238
+msgid "Default: <quote>permit</quote>"
+msgstr "初期値: <quote>permit</quote>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3243
+msgid "chpass_provider (string)"
+msgstr "chpass_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3246
+msgid ""
+"The provider which should handle change password operations for the domain. "
+"Supported change password providers are:"
+msgstr ""
+"ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされる"
+"パスワード変更プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3251
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3259
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> は Kerberos のパスワードを変更します。 Kerberos の設定に"
+"関する詳細は <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3284
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継"
+"します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3288
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3291
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+"初期値: <quote>auth_provider</quote> が設定され、パスワードの変更要求を取り扱"
+"うことができるならば、それが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3298
+msgid "sudo_provider (string)"
+msgstr "sudo_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3301
+msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
+msgstr ""
+"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
+"は次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3305
+msgid ""
+"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote> は LDAP に保存されているルールのためです。LDAP の設定に関"
+"する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3313
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3317
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3321
+msgid "<quote>none</quote> disables SUDO explicitly."
+msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480
+#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541
+msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
+msgstr ""
+"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3328
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
+"options that can be used to adjust the behavior. Please refer to "
+"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3343
+msgid ""
+"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
+"background unless the sudo provider is explicitly disabled. Set "
+"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
+"activity in SSSD if you do not want to use sudo with SSSD at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3353
+msgid "selinux_provider (string)"
+msgstr "selinux_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3356
+msgid ""
+"The provider which should handle loading of selinux settings. Note that this "
+"provider will be called right after access provider ends. Supported selinux "
+"providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3362
+msgid ""
+"<quote>ipa</quote> to load selinux settings from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3370
+msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3373
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"selinux loading requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3379
+msgid "subdomains_provider (string)"
+msgstr "subdomains_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3382
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3388
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3397
+msgid ""
+"<quote>ad</quote> to load a list of subdomains from an Active Directory "
+"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3406
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3416
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3419
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA. Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3426
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3430
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3434
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3438
+msgid ""
+"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
+"SSSD must be running as \"root\" and not as the unprivileged user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3446
+msgid "autofs_provider (string)"
+msgstr "autofs_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3449
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs "
+"プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3453
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote> は LDAP に保存されているマップを読み込みます。LDAP の設定"
+"に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3460
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA "
+"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3468
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3477
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3487
+msgid "hostid_provider (string)"
+msgstr "hostid_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3490
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる "
+"hostid プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3494
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーに保存されているホスト識別子を読み込みま"
+"す。IPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3502
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3512
+msgid "resolver_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3515
+msgid ""
+"The provider which should handle hosts and networks lookups. Supported "
+"resolver providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3519
+msgid ""
+"<quote>proxy</quote> to forward lookups to another NSS library. See "
+"<quote>proxy_resolver_lib_name</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3523
+msgid ""
+"<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3530
+msgid ""
+"<quote>ad</quote> to fetch hosts and networks stored in AD. See "
+"<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring the AD "
+"provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3538
+msgid "<quote>none</quote> disallows fetching hosts and networks explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3551
+msgid ""
+"Regular expression for this domain that describes how to parse the string "
+"containing user name and domain into these components. The \"domain\" can "
+"match either the SSSD configuration domain name, or, in the case of IPA "
+"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
+"the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3560
+msgid ""
+"Default: <quote>^((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]*)|(?P&lt;name&gt;"
+"[^@]+))$</quote> which allows two different styles for user names:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579
+msgid "username"
+msgstr "username"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582
+msgid "username@domain.name"
+msgstr "username@domain.name"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3573
+msgid ""
+"Default for the AD and IPA provider: <quote>^(((?P&lt;domain&gt;[^\\\\]+)\\"
+"\\(?P&lt;name&gt;.+))|((?P&lt;name&gt;.+)@(?P&lt;domain&gt;[^@]+))|((?P&lt;"
+"name&gt;[^@\\\\]+)))$</quote> which allows three different styles for user "
+"names:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:3585
+msgid "domain\\username"
+msgstr "domain\\username"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3588
+msgid ""
+"While the first two correspond to the general default the third one is "
+"introduced to allow easy integration of users from Windows domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3593
+msgid ""
+"The default re_expression uses the <quote>@</quote> character as a separator "
+"between the name and the domain. As a result of this setting the default "
+"does not accept the <quote>@</quote> character in short names (as it is "
+"allowed in Windows group names). If a user wishes to use short names with "
+"<quote>@</quote> they must create their own re_expression."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3645
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr "初期値: <quote>%1$s@%2$s</quote>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3651
+msgid "lookup_family_order (string)"
+msgstr "lookup_family_order (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3654
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+"DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供"
+"します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3658
+msgid "Supported values:"
+msgstr "サポートする値:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3661
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3664
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3667
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3670
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3673
+msgid "Default: ipv4_first"
+msgstr "初期値: ipv4_first"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3679
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_server_timeout (integer)"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3682
+msgid ""
+"Defines the amount of time (in milliseconds) SSSD would try to talk to DNS "
+"server before trying next DNS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3687
+msgid ""
+"The AD provider will use this option for the CLDAP ping timeouts as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84
+msgid "Default: 1000"
+msgstr "初期値: 1000"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3702
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_op_timeout (integer)"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3705
+msgid ""
+"Defines the amount of time (in seconds) to wait to resolve single DNS query "
+"(e.g. resolution of a hostname or an SRV record) before trying the next "
+"hostname or DNS discovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3722
+msgid "dns_resolver_timeout (integer)"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3725
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3743
+#, fuzzy
+#| msgid "dns_resolver_timeout (integer)"
+msgid "dns_resolver_use_search_list (bool)"
+msgstr "dns_resolver_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3746
+msgid ""
+"Normally, the DNS resolver searches the domain list defined in the "
+"\"search\" directive from the resolv.conf file. This can lead to delays in "
+"environments with improperly configured DNS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3752
+msgid ""
+"If fully qualified domain names (or _srv_) are used in the SSSD "
+"configuration, setting this option to FALSE can prevent unnecessary DNS "
+"lookups in such environments."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3758
+msgid "Default: TRUE"
+msgstr "初期値: TRUE"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3764
+msgid "dns_discovery_domain (string)"
+msgstr "dns_discovery_domain (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3767
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+"サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメ"
+"イン部分を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3771
+msgid "Default: Use the domain part of machine's hostname"
+msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3777
+msgid "override_gid (integer)"
+msgstr "override_gid (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3780
+msgid "Override the primary GID value with the one specified."
+msgstr "プライマリー GID の値を指定されたもので上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3786
+msgid "case_sensitive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3793
+msgid "True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3796
+msgid "Case sensitive. This value is invalid for AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3802
+msgid "False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3804
+msgid "Case insensitive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3808
+msgid "Preserving"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3811
+msgid ""
+"Same as False (case insensitive), but does not lowercase names in the result "
+"of NSS operations. Note that name aliases (and in case of services also "
+"protocol names) are still lowercased in the output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3819
+msgid ""
+"If you want to set this value for trusted domain with IPA provider, you need "
+"to set it on both the client and SSSD on the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3789
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder "
+#| "type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"Treat user and group names as case sensitive. Possible option values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3834
+msgid "Default: True (False for AD provider)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3840
+msgid "subdomain_inherit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3843
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3849
+#, fuzzy
+#| msgid "ldap_search_timeout (integer)"
+msgid "ldap_search_timeout"
+msgstr "ldap_search_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3852
+#, fuzzy
+#| msgid "ldap_network_timeout (integer)"
+msgid "ldap_network_timeout"
+msgstr "ldap_network_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3855
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_opt_timeout"
+msgstr "ldap_opt_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3858
+#, fuzzy
+#| msgid "ldap_connection_expire_timeout (integer)"
+msgid "ldap_offline_timeout"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3861
+#, fuzzy
+#| msgid "ldap_enumeration_refresh_timeout (integer)"
+msgid "ldap_enumeration_refresh_timeout"
+msgstr "ldap_enumeration_refresh_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3864
+#, fuzzy
+#| msgid "ldap_enumeration_refresh_timeout (integer)"
+msgid "ldap_enumeration_refresh_offset"
+msgstr "ldap_enumeration_refresh_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3867
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3870
+#, fuzzy
+#| msgid "ldap_purge_cache_timeout (integer)"
+msgid "ldap_purge_cache_offset"
+msgstr "ldap_purge_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3873
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3877
+#, fuzzy
+#| msgid "ldap_krb5_ticket_lifetime (integer)"
+msgid "ldap_krb5_ticket_lifetime"
+msgstr "ldap_krb5_ticket_lifetime (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3880
+#, fuzzy
+#| msgid "ldap_enumeration_search_timeout (integer)"
+msgid "ldap_enumeration_search_timeout"
+msgstr "ldap_enumeration_search_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3883
+#, fuzzy
+#| msgid "ldap_connection_expire_timeout (integer)"
+msgid "ldap_connection_expire_timeout"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3886
+#, fuzzy
+#| msgid "ldap_connection_expire_timeout (integer)"
+msgid "ldap_connection_expire_offset"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3889
+#, fuzzy
+#| msgid "ldap_connection_expire_timeout (integer)"
+msgid "ldap_connection_idle_timeout"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3895
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3898
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3901
+msgid "auto_private_groups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3904
+msgid "case_sensitive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:3909
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3916
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3923
+msgid "subdomain_homedir (string)"
+msgstr "subdomain_homedir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3934
+msgid "%F"
+msgstr "%F"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3935
+msgid "flat (NetBIOS) name of a subdomain."
+msgstr "サブドメインのフラット (NetBIOS) 名。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3926
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3940
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3944
+msgid "Default: <filename>/home/%d/%u</filename>"
+msgstr "初期値: <filename>/home/%d/%u</filename>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3949
+msgid "realmd_tags (string)"
+msgstr "realmd_tags (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3952
+msgid ""
+"Various tags stored by the realmd configuration service for this domain."
+msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3958
+msgid "cached_auth_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3961
+msgid ""
+"Specifies time in seconds since last successful online authentication for "
+"which user will be authenticated using cached credentials while SSSD is in "
+"the online mode. If the credentials are incorrect, SSSD falls back to online "
+"authentication."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3969
+msgid ""
+"This option's value is inherited by all trusted domains. At the moment it is "
+"not possible to set a different value per trusted domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3974
+msgid "Special value 0 implies that this feature is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3978
+msgid ""
+"Please note that if <quote>cached_auth_timeout</quote> is longer than "
+"<quote>pam_id_timeout</quote> then the back end could be called to handle "
+"<quote>initgroups.</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:3989
+#, fuzzy
+#| msgid "ldap_pwd_policy (string)"
+msgid "local_auth_policy (string)"
+msgstr "ldap_pwd_policy (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:3992
+msgid ""
+"Local authentication methods policy. Some backends (i.e. LDAP, proxy "
+"provider) only support a password based authentication, while others can "
+"handle PKINIT based Smartcard authentication (AD, IPA), two-factor "
+"authentication (IPA), or other methods against a central instance. By "
+"default in such cases authentication is only performed with the methods "
+"supported by the backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4002
+msgid ""
+"There are three possible values for this option: match, only, enable. "
+"<quote>match</quote> is used to match offline and online states for Kerberos "
+"methods. <quote>only</quote> ignores the online methods and only offer the "
+"local ones. enable allows explicitly defining the methods for local "
+"authentication. As an example, <quote>enable:passkey</quote>, only enables "
+"passkey for local authentication. Multiple enable values should be comma-"
+"separated, such as <quote>enable:passkey, enable:smartcard</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4014
+msgid ""
+"Please note that if local Smartcard authentication is enabled and a "
+"Smartcard is present, Smartcard authentication will be preferred over the "
+"authentication methods supported by the backend. I.e. there will be a PIN "
+"prompt instead of e.g. a password prompt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:4026
+#, no-wrap
+msgid ""
+"[domain/shadowutils]\n"
+"id_provider = proxy\n"
+"proxy_lib_name = files\n"
+"auth_provider = none\n"
+"local_auth_policy = only\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4022
+msgid ""
+"The following configuration example allows local users to authenticate "
+"locally using any enabled method (i.e. smartcard, passkey). <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4034
+msgid ""
+"It is expected that the <quote>files</quote> provider ignores the "
+"local_auth_policy option and supports Smartcard authentication by default."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4039
+#, fuzzy
+#| msgid "Default: cn"
+msgid "Default: match"
+msgstr "初期値: cn"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4044
+msgid "auto_private_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4050
+msgid "true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4053
+msgid ""
+"Create user's private group unconditionally from user's UID number. The GID "
+"number is ignored in this case."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4057
+msgid ""
+"NOTE: Because the GID number and the user private group are inferred from "
+"the UID number, it is not supported to have multiple entries with the same "
+"UID or GID number with this option. In other words, enabling this option "
+"enforces uniqueness across the ID space."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4066
+msgid "false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4069
+msgid ""
+"Always use the user's primary GID number. The GID number must refer to a "
+"group object in the LDAP database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4075
+msgid "hybrid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4078
+msgid ""
+"A primary group is autogenerated for user entries whose UID and GID numbers "
+"have the same value and at the same time the GID number does not correspond "
+"to a real group object in LDAP. If the values are the same, but the primary "
+"GID in the user entry is also used by a group object, the primary GID of the "
+"user resolves to that group object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4091
+msgid ""
+"If the UID and GID of a user are different, then the GID must correspond to "
+"a group entry, otherwise the GID is simply not resolvable."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4098
+msgid ""
+"This feature is useful for environments that wish to stop maintaining a "
+"separate group objects for the user private groups, but also wish to retain "
+"the existing user private groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4047
+msgid ""
+"This option takes any of three available values: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4110
+msgid ""
+"For subdomains, the default value is False for subdomains that use assigned "
+"POSIX IDs and True for subdomains that use automatic ID-mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:4118
+#, no-wrap
+msgid ""
+"[domain/forest.domain/sub.domain]\n"
+"auto_private_groups = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:4124
+#, no-wrap
+msgid ""
+"[domain/forest.domain]\n"
+"subdomain_inherit = auto_private_groups\n"
+"auto_private_groups = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4115
+msgid ""
+"The value of auto_private_groups can either be set per subdomains in a "
+"subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or "
+"globally for all subdomains in the main domain section using the "
+"subdomain_inherit option: <placeholder type=\"programlisting\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2570
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
+"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"これらの設定オプションはドメイン設定のセクション、つまり <quote>[domain/"
+"<replaceable>NAME</replaceable>]</quote> に存在します <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4139
+msgid "proxy_pam_target (string)"
+msgstr "proxy_pam_target (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4142
+msgid "The proxy target PAM proxies to."
+msgstr "中継するプロキシターゲット PAM です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4145
+#, fuzzy
+#| msgid ""
+#| "Default: not set by default, you have to take an existing pam "
+#| "configuration or create a new one and add the service name here."
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here. As an alternative you can "
+"enable local authentication with the local_auth_policy option."
+msgstr ""
+"初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名"
+"をここに追加する必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4155
+msgid "proxy_lib_name (string)"
+msgstr "proxy_lib_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4158
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+"プロキシドメインにおいて使用する NSS ライブラリーの名前です。ライブラリーにお"
+"いて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば "
+"_nss_files_getpwent です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4168
+msgid "proxy_resolver_lib_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4171
+msgid ""
+"The name of the NSS library to use for hosts and networks lookups in proxy "
+"domains. The NSS functions searched for in the library are in the form of "
+"_nss_$(libName)_$(function), for example _nss_dns_gethostbyname2_r."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4182
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4185
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4199
+msgid "proxy_max_children (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4202
+msgid ""
+"This option specifies the number of pre-forked proxy children. It is useful "
+"for high-load SSSD environments where sssd may run out of available child "
+"slots, which would cause some issues due to the requests being queued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4135
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"プロキシドメインに対して有効なオプションです。 <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:4218
+msgid "Application domains"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:4220
+msgid ""
+"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
+"applications as a gateway to an LDAP directory where users and groups are "
+"stored. However, contrary to the traditional SSSD deployment where all users "
+"and groups either have POSIX attributes or those attributes can be inferred "
+"from the Windows SIDs, in many cases the users and groups in the application "
+"support scenario have no POSIX attributes. Instead of setting a "
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
+"administrator can set up an <quote>[application/<replaceable>NAME</"
+"replaceable>]</quote> section that internally represents a domain with type "
+"<quote>application</quote> optionally inherits settings from a tradition "
+"SSSD domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:4240
+msgid ""
+"Please note that the application domain must still be explicitly enabled in "
+"the <quote>domains</quote> parameter so that the lookup order between the "
+"application domain and its POSIX sibling domain is set correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:4246
+msgid "Application domain parameters"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4248
+msgid "inherit_from (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4251
+msgid ""
+"The SSSD POSIX-type domain the application domain inherits all settings "
+"from. The application domain can moreover add its own settings to the "
+"application settings that augment or override the <quote>sibling</quote> "
+"domain settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:4265
+msgid ""
+"The following example illustrates the use of an application domain. In this "
+"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
+#: sssd.conf.5.xml:4273
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = appdom, posixdom\n"
+"\n"
+"[ifp]\n"
+"user_attributes = +phone\n"
+"\n"
+"[domain/posixdom]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"[application/appdom]\n"
+"inherit_from = posixdom\n"
+"ldap_user_extra_attrs = phone:telephoneNumber\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:4293
+msgid "TRUSTED DOMAIN SECTION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4295
+msgid ""
+"Some options used in the domain section can also be used in the trusted "
+"domain section, that is, in a section called <quote>[domain/"
+"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
+"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation. Currently supported "
+"options in the trusted domain section are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4302
+msgid "ldap_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4303
+msgid "ldap_user_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4304
+msgid "ldap_group_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4305
+msgid "ldap_netgroup_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4306
+msgid "ldap_service_search_base,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4307
+msgid "ldap_sasl_mech,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4308
+msgid "ad_server,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4309
+msgid "ad_backup_server,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4310
+msgid "ad_site,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884
+msgid "use_fully_qualified_names"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4315
+msgid ""
+"For more details about these options see their individual description in the "
+"manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:4321
+msgid "CERTIFICATE MAPPING SECTION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4323
+msgid ""
+"To allow authentication with Smartcards and certificates SSSD must be able "
+"to map certificates to users. This can be done by adding the full "
+"certificate to the LDAP object of the user or to a local override. While "
+"using the full certificate is required to use the Smartcard authentication "
+"feature of SSH (see <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> for details) it "
+"might be cumbersome or not even possible to do this for the general case "
+"where local services use PAM for authentication."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4337
+msgid ""
+"To make the mapping more flexible mapping and matching rules were added to "
+"SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4346
+msgid ""
+"A mapping and matching rule can be added to the SSSD configuration in a "
+"section on its own with a name like <quote>[certmap/"
+"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>RULE_NAME</"
+"replaceable>]</quote>. In this section the following options are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4353
+msgid "matchrule (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4356
+msgid ""
+"Only certificates from the Smartcard which matches this rule will be "
+"processed, all others are ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4360
+msgid ""
+"Default: KRB5:&lt;EKU&gt;clientAuth, i.e. only certificates which have the "
+"Extended Key Usage <quote>clientAuth</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4367
+msgid "maprule (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4370
+msgid "Defines how the user is found for a given certificate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4376
+msgid ""
+"LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like "
+"<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4382
+msgid ""
+"The RULE_NAME for the <quote>files</quote> provider which tries to find a "
+"user with the same name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4391
+msgid "domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4394
+msgid ""
+"Comma separated list of domain names the rule should be applied. By default "
+"a rule is only valid in the domain configured in sssd.conf. If the provider "
+"supports subdomains this option can be used to add the rule to subdomains as "
+"well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4401
+msgid "Default: the configured domain in sssd.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4406
+msgid "priority (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4409
+msgid ""
+"Unsigned integer value defining the priority of the rule. The higher the "
+"number the lower the priority. <quote>0</quote> stands for the highest "
+"priority while <quote>4294967295</quote> is the lowest."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4415
+msgid "Default: the lowest priority"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4421
+msgid ""
+"To make the configuration simple and reduce the amount of configuration "
+"options the <quote>files</quote> provider has some special properties:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4427
+msgid ""
+"if maprule is not set the RULE_NAME name is assumed to be the name of the "
+"matching user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4433
+msgid ""
+"if a maprule is used both a single user name or a template like "
+"<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. "
+"<quote>(username)</quote> or <quote>({subject_rfc822_name.short_name})</"
+"quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4442
+msgid "the <quote>domains</quote> option is ignored"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:4450
+msgid "PROMPTING CONFIGURATION SECTION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4452
+msgid ""
+"If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</"
+"filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out "
+"which authentication methods are available for the user trying to log in. "
+"Based on the results pam_sss will prompt the user for appropriate "
+"credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4460
+msgid ""
+"With the growing number of authentication methods and the possibility that "
+"there are multiple ones for a single user the heuristic used by pam_sss to "
+"select the prompting might not be suitable for all use cases. The following "
+"options should provide a better flexibility here."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4472
+msgid "[prompting/password]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4475
+msgid "password_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4476
+msgid "to change the string of the password prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4474
+msgid ""
+"to configure password prompting, allowed options are: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4484
+msgid "[prompting/2fa]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4488
+msgid "first_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4489
+msgid "to change the string of the prompt for the first factor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4492
+msgid "second_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4493
+msgid "to change the string of the prompt for the second factor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4496
+msgid "single_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4497
+msgid ""
+"boolean value, if True there will be only a single prompt using the value of "
+"first_prompt where it is expected that both factors are entered as a single "
+"string. Please note that both factors have to be entered here, even if the "
+"second factor is optional."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4486
+msgid ""
+"to configure two-factor authentication prompting, allowed options are: "
+"<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is "
+"optional and it should be possible to log in either only with the password "
+"or with both factors two-step prompting has to be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4514
+msgid "[prompting/passkey]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021
+msgid "interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4522
+msgid ""
+"boolean value, if True prompt a message and wait before testing the presence "
+"of a passkey device. Recommended if your device doesn’t have a tactile "
+"trigger."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4530
+msgid "interactive_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4532
+msgid "to change the message of the interactive prompt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4537
+msgid "touch"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4539
+msgid ""
+"boolean value, if True prompt a message to remind the user to touch the "
+"device."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:4545
+msgid "touch_prompt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4547
+msgid "to change the message of the touch prompt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:4516
+#, fuzzy
+#| msgid ""
+#| "The following expansions are supported: <placeholder "
+#| "type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"to configure passkey authentication prompting, allowed options are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4467
+msgid ""
+"Each supported authentication method has its own configuration subsection "
+"under <quote>[prompting/...]</quote>. Currently there are: <placeholder "
+"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/"
+"> <placeholder type=\"variablelist\" id=\"2\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4558
+msgid ""
+"It is possible to add a subsection for specific PAM services, e.g. "
+"<quote>[prompting/password/sshd]</quote> to individual change the prompting "
+"for this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43
+msgid "EXAMPLES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:4571
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4567
+msgid ""
+"1. The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:4604
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4598
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure. Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:4615
+#, no-wrap
+msgid ""
+"[certmap/my.domain/rule_name]\n"
+"matchrule = &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$\n"
+"maprule = (userCertificate;binary={cert!bin})\n"
+"domains = my.domain, your.domain\n"
+"priority = 10\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:4609
+msgid ""
+"3. The following example shows the configuration of a certificate mapping "
+"rule. It is valid for the configured domain <quote>my.domain</quote> and "
+"additionally for the subdomains <quote>your.domain</quote> and uses the full "
+"certificate in the search filter. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr "sssd-ldap"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:21 pam_sss.8.xml:63 pam_sss_gss.8.xml:30
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21
+#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29
+#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sssd-krb5.5.xml:21
+#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
+#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
+#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
+#: sssd-files.5.xml:21 sssd-session-recording.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-systemtap.5.xml:21 sssd-ldap-attributes.5.xml:21
+#: sssd_krb5_localauth_plugin.8.xml:20
+msgid "DESCRIPTION"
+msgstr "概要"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for detailed syntax information."
+msgstr ""
+"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して"
+"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
+"<quote>ファイル形式</quote> セクションを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+#, fuzzy
+#| msgid ""
+#| "LDAP back end supports id, auth, access and chpass providers. If you want "
+#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is "
+#| "required. <command>sssd</command> <emphasis>does not</emphasis> support "
+#| "authentication over an unencrypted channel. If the LDAP server is used "
+#| "only as an identity provider, an encrypted channel is not needed. Please "
+#| "refer to <quote>ldap_access_filter</quote> config option for more "
+#| "information about using LDAP as an access provider."
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to "
+"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
+"over an unencrypted channel. Even if the LDAP server is used only as an "
+"identity provider, an encrypted channel is strongly recommended. Please "
+"refer to <quote>ldap_access_filter</quote> config option for more "
+"information about using LDAP as an access provider."
+msgstr ""
+"LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま"
+"す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが"
+"必要になります。 <command>sssd</command> は暗号化されないチャネルにおける認証"
+"はサポート<emphasis>されません</emphasis>。 LDAP サーバーが識別プロバイダーと"
+"してのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイ"
+"ダーとして LDAP を使用することの詳細は <quote>ldap_access_filter</quote> 設定"
+"オプションを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77
+#: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202
+msgid "CONFIGURATION OPTIONS"
+msgstr "設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:67
+msgid "ldap_uri, ldap_backup_uri (string)"
+msgstr "ldap_uri, ldap_backup_uri (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:70
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference. Refer to the <quote>FAILOVER</"
+"quote> section for more information on failover and server redundancy. If "
+"neither option is specified, service discovery is enabled. For more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:77
+msgid "The format of the URI must match the format defined in RFC 2732:"
+msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:80
+msgid "ldap[s]://&lt;host&gt;[:port]"
+msgstr "ldap[s]://&lt;host&gt;[:port]"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:83
+msgid ""
+"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
+msgstr ""
+"IPv6 アドレスを明示するために、&lt;host&gt; を角括弧 [] でくくる必要がありま"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:86
+msgid "example: ldap://[fc00::126:25]:389"
+msgstr "例: ldap://[fc00::126:25]:389"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:92
+msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
+msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:95
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference to change the password of a user. "
+"Refer to the <quote>FAILOVER</quote> section for more information on "
+"failover and server redundancy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:102
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+"サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必"
+"要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:106
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr "初期値: 空、つまり ldap_uri が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:112
+msgid "ldap_search_base (string)"
+msgstr "ldap_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:115
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:119
+msgid ""
+"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
+"syntax:"
+msgstr ""
+"SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:123
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
+msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:126
+msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
+msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。"
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18
+msgid ""
+"The filter must be a valid LDAP search filter as specified by http://www."
+"ietf.org/rfc/rfc2254.txt"
+msgstr ""
+"フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効"
+"な LDAP 検索フィルターである必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143
+#: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453
+msgid "Examples:"
+msgstr "例:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:136
+msgid ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to) "
+"ldap_search_base = dc=example,dc=com?subtree?"
+msgstr ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to) "
+"ldap_search_base = dc=example,dc=com?subtree?"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:141
+msgid ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
+msgstr ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:144
+msgid ""
+"Note: It is unsupported to have multiple search bases which reference "
+"identically-named objects (for example, groups with the same name in two "
+"different search bases). This will lead to unpredictable behavior on client "
+"machines."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:151
+msgid ""
+"Default: If not set, the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exist or has an empty value namingContexts is "
+"used. The namingContexts attribute must have a single value with the DN of "
+"the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:165
+msgid "ldap_schema (string)"
+msgstr "ldap_schema (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:168
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:175
+msgid "Four schema types are currently supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:179
+msgid "rfc2307"
+msgstr "rfc2307"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:184
+msgid "rfc2307bis"
+msgstr "rfc2307bis"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:189
+msgid "IPA"
+msgstr "IPA"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:194
+msgid "AD"
+msgstr "AD"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:200
+msgid ""
+"The main difference between these schema types is how group memberships are "
+"recorded in the server. With rfc2307, group members are listed by name in "
+"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
+"group members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:210
+msgid "Default: rfc2307"
+msgstr "初期値: rfc2307"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:216
+msgid "ldap_pwmodify_mode (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:219
+msgid "Specify the operation that is used to modify user password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:223
+msgid "Two modes are currently supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:227
+msgid "exop - Password Modify Extended Operation (RFC 3062)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:233
+msgid "ldap_modify - Direct modification of userPassword (not recommended)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:240
+msgid ""
+"Note: First, a new connection is established to verify current password by "
+"binding as the user that requested password change. If successful, this "
+"connection is used to change the password therefore the user must have write "
+"access to userPassword attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:248
+msgid "Default: exop"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:254
+msgid "ldap_default_bind_dn (string)"
+msgstr "ldap_default_bind_dn (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:257
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:264
+msgid "ldap_default_authtok_type (string)"
+msgstr "ldap_default_authtok_type (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:267
+msgid "The type of the authentication token of the default bind DN."
+msgstr "初期バインド DN の認証トークンの形式です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:271
+msgid "The two mechanisms currently supported are:"
+msgstr "現在 2 つのメカニズムがサポートされます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:274
+msgid "password"
+msgstr "password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:277
+msgid "obfuscated_password"
+msgstr "obfuscated_password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:280
+msgid "Default: password"
+msgstr "初期値: password"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:283
+msgid ""
+"See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> manual page for more information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:294
+msgid "ldap_default_authtok (string)"
+msgstr "ldap_default_authtok (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:297
+msgid "The authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:303
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr "ldap_force_upper_case_realm (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:306
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to "
+"fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+"いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルム"
+"を転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい"
+"場合、このオプションを 0 以外に設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:319
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr "ldap_enumeration_refresh_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:322
+msgid ""
+"Specifies how many seconds SSSD has to wait before refreshing its cache of "
+"enumerated records."
+msgstr ""
+"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:338
+msgid "ldap_purge_cache_timeout (integer)"
+msgstr "ldap_purge_cache_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:341
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+"使用していないエントリー(メンバーのいないグループやログインしたことがない"
+"ユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを"
+"削除する間隔を決めます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:347
+msgid ""
+"Setting this option to zero will disable the cache cleanup operation. Please "
+"note that if enumeration is enabled, the cleanup task is required in order "
+"to detect entries removed from the server and can't be disabled. By default, "
+"the cleanup task will run every 3 hours with enumeration enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:367
+msgid "ldap_group_nesting_level (integer)"
+msgstr "ldap_group_nesting_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:370
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+"ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設"
+"定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。こ"
+"のオプションは RFC2307 スキーマにおいて効果がありません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:377
+msgid ""
+"Note: This option specifies the guaranteed level of nested groups to be "
+"processed for any lookup. However, nested groups beyond this limit "
+"<emphasis>may be</emphasis> returned if previous lookups already resolved "
+"the deeper nesting levels. Also, subsequent lookups for other groups may "
+"enlarge the result set for original lookup if re-queried."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:386
+msgid ""
+"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:395
+msgid "Default: 2"
+msgstr "初期値: 2"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:404
+msgid ""
+"This options enables or disables use of Token-Groups attribute when "
+"performing initgroup for users from Active Directory Server 2008 and later."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:414
+msgid "Default: True for AD and IPA otherwise False."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:420
+msgid "ldap_host_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:423
+msgid "Optional. Use the given string as search base for host objects."
+msgstr ""
+"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
+msgid ""
+"See <quote>ldap_search_base</quote> for information about configuring "
+"multiple search bases."
+msgstr ""
+"複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照"
+"してください。"
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:439
+msgid "ldap_service_search_base (string)"
+msgstr "ldap_service_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:444
+msgid "ldap_iphost_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:449
+msgid "ldap_ipnetwork_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:454
+msgid "ldap_search_timeout (integer)"
+msgstr "ldap_search_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:457
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:463
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+"注: このオプションは SSSD の将来のバージョンにおいて変更される可能性がありま"
+"す。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられる"
+"かもしれません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:480
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr "ldap_enumeration_search_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:483
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results "
+"are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:501
+msgid "ldap_network_timeout (integer)"
+msgstr "ldap_network_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
+"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> returns in case of no activity."
+msgstr ""
+"<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</"
+"refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> "
+"<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:532
+msgid "ldap_opt_timeout (integer)"
+msgstr "ldap_opt_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:535
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
+"operation, password change extended operation and the StartTLS operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:555
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:558
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:566
+msgid ""
+"If the connection is idle (not actively running an operation) within "
+"<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be "
+"closed early to ensure that a new query cannot require the connection to "
+"remain open past its expiration. This implies that connections will always "
+"be closed immediately and will never be reused if "
+"<emphasis>ldap_connection_expire_timeout &lt;= ldap_opt_timout</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:578
+msgid ""
+"This timeout can be extended of a random value specified by "
+"<emphasis>ldap_connection_expire_offset</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713
+msgid "Default: 900 (15 minutes)"
+msgstr "初期値: 900 (15 分)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:594
+msgid "ldap_connection_expire_offset (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:597
+msgid ""
+"Random offset between 0 and configured value is added to "
+"<emphasis>ldap_connection_expire_timeout</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:613
+#, fuzzy
+#| msgid "ldap_connection_expire_timeout (integer)"
+msgid "ldap_connection_idle_timeout (integer)"
+msgstr "ldap_connection_expire_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:616
+msgid ""
+"Specifies a timeout (in seconds) that an idle connection to an LDAP server "
+"will be maintained. If the connection is idle for more than this time then "
+"the connection will be closed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:622
+msgid "You can disable this timeout by setting the value to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:637
+msgid "ldap_page_size (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:640
+msgid ""
+"Specify the number of records to retrieve from LDAP in a single request. "
+"Some LDAP servers enforce a maximum limit per-request."
+msgstr ""
+"1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サー"
+"バーは 1 要求あたりの最大数の制限を強制します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:651
+msgid "ldap_disable_paging (boolean)"
+msgstr "ldap_disable_paging (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:654
+msgid ""
+"Disable the LDAP paging control. This option should be used if the LDAP "
+"server reports that it supports the LDAP paging control in its RootDSE but "
+"it is not enabled or does not behave properly."
+msgstr ""
+"LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP "
+"ページング制御をサポートするが、有効化されていない、もしくは正しく動作しない"
+"ことを報告する場合に、このオプションが使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:660
+msgid ""
+"Example: OpenLDAP servers with the paging control module installed on the "
+"server but not enabled will report it in the RootDSE but be unable to use it."
+msgstr ""
+"例: サーバーにページング制御モジュールがインストールされているが、RootDSE に"
+"おいて有効化されていないと報告され、それを使用できない OpenLDAP サーバーで"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:666
+msgid ""
+"Example: 389 DS has a bug where it can only support a one paging control at "
+"a time on a single connection. On busy clients, this can result in some "
+"requests being denied."
+msgstr ""
+"例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。"
+"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性"
+"があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:678
+msgid "ldap_disable_range_retrieval (boolean)"
+msgstr "ldap_disable_range_retrieval (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:681
+msgid "Disable Active Directory range retrieval."
+msgstr "Active Directory の範囲の取得を無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:684
+msgid ""
+"Active Directory limits the number of members to be retrieved in a single "
+"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
+"group contains more members, the reply would include an AD-specific range "
+"extension. This option disables parsing of the range extension, therefore "
+"large groups will appear as having no members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:699
+msgid "ldap_sasl_minssf (integer)"
+msgstr "ldap_sasl_minssf (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:702
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:715
+msgid "ldap_sasl_maxssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:718
+msgid ""
+"When communicating with an LDAP server using SASL, specify the maximal "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:731
+msgid "ldap_deref_threshold (integer)"
+msgstr "ldap_deref_threshold (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:734
+msgid ""
+"Specify the number of group members that must be missing from the internal "
+"cache in order to trigger a dereference lookup. If less members are missing, "
+"they are looked up individually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:740
+msgid ""
+"You can turn off dereference lookups completely by setting the value to 0. "
+"Please note that there are some codepaths in SSSD, like the IPA HBAC "
+"provider, that are only implemented using the dereference call, so even with "
+"dereference explicitly disabled, those parts will still use dereference if "
+"the server supports it and advertises the dereference control in the rootDSE "
+"object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:751
+msgid ""
+"A dereference lookup is a means of fetching all group members in a single "
+"LDAP call. Different LDAP servers may implement different dereference "
+"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
+"Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:759
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:772
+msgid "ldap_ignore_unreadable_references (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:775
+msgid ""
+"Ignore unreadable LDAP entries referenced in group's member attribute. If "
+"this parameter is set to false an error will be returned and the operation "
+"will fail instead of just ignoring the unreadable entry."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:782
+msgid ""
+"This parameter may be useful when using the AD provider and the computer "
+"account that sssd uses to connect to AD does not have access to a particular "
+"entry or LDAP sub-tree for security reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:795
+msgid "ldap_tls_reqcert (string)"
+msgstr "ldap_tls_reqcert (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:798
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if "
+"any. It can be specified as one of the following values:"
+msgstr ""
+"もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェッ"
+"クするものを指定します。以下の値のうち 1 つを指定できます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:804
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server "
+"certificate."
+msgstr ""
+"<emphasis>never</emphasis> = クライアントがすべてのサーバー証明書を要求または"
+"確認しません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:808
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+"<emphasis>allow</emphasis> = サーバー証明書が要求されます。証明書が提供されな"
+"ければ、セッションが通常通り進められます。不正な証明書が提供されると、それは"
+"無視され、セッションが通常通り進められます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:815
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, the session is immediately terminated."
+msgstr ""
+"<emphasis>try</emphasis> = サーバー証明書が要求されます。証明書が提供されなけ"
+"れば、セッションが通常通り進められます。不正な証明書が提供されると、セッショ"
+"ンが直ちに終了します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:821
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+"<emphasis>demand</emphasis> = サーバー証明書が要求されます。証明書が提供され"
+"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:827
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:831
+msgid "Default: hard"
+msgstr "初期値: hard"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:837
+msgid "ldap_tls_cacert (string)"
+msgstr "ldap_tls_cacert (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:840
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> が認識するすべての認証局に対する証明"
+"書を含むファイルを指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904
+msgid ""
+"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
+"conf</filename>"
+msgstr ""
+"初期値: OpenLDAP の初期値の使用、一般的に <filename>/etc/openldap/ldap.conf</"
+"filename> にあります"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:852
+msgid "ldap_tls_cacertdir (string)"
+msgstr "ldap_tls_cacertdir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+"個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的に"
+"ファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能なら"
+"ば、<command>cacertdir_rehash</command> は正しい名前を作成するために使用でき"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:870
+msgid "ldap_tls_cert (string)"
+msgstr "ldap_tls_cert (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:873
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:883
+msgid "ldap_tls_key (string)"
+msgstr "ldap_tls_key (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:886
+msgid "Specifies the file that contains the client's key."
+msgstr "クライアントのキーを含むファイルを指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:895
+msgid "ldap_tls_cipher_suite (string)"
+msgstr "ldap_tls_cipher_suite (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:898
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon separated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:911
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr "ldap_id_use_start_tls (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+#, fuzzy
+#| msgid ""
+#| "Specifies that the id_provider connection must also use <systemitem "
+#| "class=\"protocol\">tls</systemitem> to protect the channel."
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem "
+"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</"
+"emphasis> is strongly recommended for security reasons."
+msgstr ""
+"チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使"
+"用する必要がある id_provider 接続を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:925
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_id_mapping (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:928
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:934
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:944
+msgid "ldap_min_id, ldap_max_id (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:947
+msgid ""
+"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
+"set to true the allowed ID range for ldap_user_uid_number and "
+"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
+"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
+"can be set to restrict the allowed range for the IDs which are read directly "
+"from the server. Sub-domains can then pick other ranges to map IDs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:959
+msgid "Default: not set (both options are set to 0)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:965
+msgid "ldap_sasl_mech (string)"
+msgstr "ldap_sasl_mech (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:968
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
+"tested and supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:972
+msgid ""
+"If the backend supports sub-domains the value of ldap_sasl_mech is "
+"automatically inherited to the sub-domains. If a different value is needed "
+"for a sub-domain it can be overwritten by setting ldap_sasl_mech for this "
+"sub-domain explicitly. Please see TRUSTED DOMAIN SECTION in "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:988
+msgid "ldap_sasl_authid (string)"
+msgstr "ldap_sasl_authid (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ldap.5.xml:1000
+#, no-wrap
+msgid ""
+"hostname@REALM\n"
+"netbiosname$@REALM\n"
+"host/hostname@REALM\n"
+"*$@REALM\n"
+"host/*@REALM\n"
+"host/*\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:991
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
+"this represents the Kerberos principal used for authentication to the "
+"directory. This option can either contain the full principal (for example "
+"host/myhost@EXAMPLE.COM) or just the principal name (for example host/"
+"myhost). By default, the value is not set and the following principals are "
+"used: <placeholder type=\"programlisting\" id=\"0\"/> If none of them are "
+"found, the first principal in keytab is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1011
+msgid "Default: host/hostname@REALM"
+msgstr "初期値: host/hostname@REALM"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1017
+msgid "ldap_sasl_realm (string)"
+msgstr "ldap_sasl_realm (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"Specify the SASL realm to use. When not specified, this option defaults to "
+"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
+"well, this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1026
+msgid "Default: the value of krb5_realm."
+msgstr "初期値: krb5_realm の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1032
+msgid "ldap_sasl_canonicalize (boolean)"
+msgstr "ldap_sasl_canonicalize (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1035
+msgid ""
+"If set to true, the LDAP library would perform a reverse lookup to "
+"canonicalize the host name during a SASL bind."
+msgstr ""
+"真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化"
+"するために逆引きを実行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1040
+msgid "Default: false;"
+msgstr "初期値: false;"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1046
+msgid "ldap_krb5_keytab (string)"
+msgstr "ldap_krb5_keytab (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1049
+msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1064
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr "ldap_krb5_init_creds (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1067
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This "
+"action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI or GSS-SPNEGO."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1079
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr "ldap_krb5_ticket_lifetime (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1082
+msgid ""
+"Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252
+msgid "Default: 86400 (24 hours)"
+msgstr "初期値: 86400 (24 時間)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74
+msgid "krb5_server, krb5_backup_server (string)"
+msgstr "krb5_server, krb5_backup_server (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1100
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled - for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches "
+"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
+"none are found."
+msgstr ""
+"KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプ"
+"ロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなけれ"
+"ば _tcp にフォールバックします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
+"While the legacy name is recognized for the time being, users are advised to "
+"migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+"このオプションは以前の SSSD において <quote>krb5_kdcip</quote> という名前でし"
+"た。古い名前がしばらく認められる間、ユーザーは代わりに <quote>krb5_server</"
+"quote> を使用するよう設定ファイルを移行することが推奨されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr "krb5_realm (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1129
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154
+msgid "krb5_canonicalize (boolean)"
+msgstr "krb5_canonicalize (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"Specifies if the host principal should be canonicalized when connecting to "
+"LDAP server. This feature is available with MIT Kerberos >= 1.7"
+msgstr ""
+"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定"
+"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336
+msgid "krb5_use_kdcinfo (boolean)"
+msgstr "krb5_use_kdcinfo (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339
+msgid ""
+"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
+"which KDCs to use. This option is on by default, if you disable it, you need "
+"to configure the Kerberos library using the <citerefentry> "
+"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> configuration file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350
+msgid ""
+"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
+"information on the locator plugin."
+msgstr ""
+"位置情報プラグインの詳細は <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> マニュアルページを参照ください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1182
+msgid "ldap_pwd_policy (string)"
+msgstr "ldap_pwd_policy (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1185
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+"クライアント側においてパスワード期限切れを評価するためのポリシーを選択しま"
+"す。以下の値が許容されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1190
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+"<emphasis>none</emphasis> - クライアント側において評価しません。このオプショ"
+"ンはサーバー側のパスワードポリシーを無効にできません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+#, fuzzy
+#| msgid ""
+#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
+#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes "
+#| "to evaluate if the password has expired."
+msgid ""
+"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
+"evaluate if the password has expired. Please see option "
+"\"ldap_chpass_update_last_change\" as well."
+msgstr ""
+"<emphasis>shadow</emphasis> - パスワードが失効したかを評価するために "
+"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> 形式の属性を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1203
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update "
+"these attributes when the password is changed."
+msgstr ""
+"<emphasis>mit_kerberos</emphasis> - パスワードが期限切れしているかを決定する"
+"ために MIT Kerberos により使用される属性を使用します。パスワードが変更される"
+"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1212
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1220
+msgid "ldap_referrals (boolean)"
+msgstr "ldap_referrals (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1223
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr "自動参照追跡が有効化されるかを指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1227
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 "
+"sssd のみが参照追跡をサポートすることに注意してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1232
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement. Setting this option to "
+"false is therefore recommended in case the SSSD LDAP provider is used "
+"together with Microsoft Active Directory as a backend. Even if SSSD would be "
+"able to follow the referral to a different AD DC no additional data would be "
+"available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1251
+msgid "ldap_dns_service_name (string)"
+msgstr "ldap_dns_service_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1254
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1258
+msgid "Default: ldap"
+msgstr "初期値: ldap"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1264
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr "ldap_chpass_dns_service_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1267
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+"サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバー"
+"を検索するために使用するサービスの名前を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1272
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1278
+msgid "ldap_chpass_update_last_change (bool)"
+msgstr "ldap_chpass_update_last_change (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1281
+msgid ""
+"Specifies whether to update the ldap_user_shadow_last_change attribute with "
+"days since the Epoch after a password change operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1287
+msgid ""
+"It is recommend to set this option explicitly if \"ldap_pwd_policy = "
+"shadow\" is used to let SSSD know if the LDAP server will update "
+"shadowLastChange LDAP attribute automatically after a password change or if "
+"SSSD has to update it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1301
+msgid "ldap_access_filter (string)"
+msgstr "ldap_access_filter (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1304
+msgid ""
+"If using access_provider = ldap and ldap_access_order = filter (default), "
+"this option is mandatory. It specifies an LDAP search filter criteria that "
+"must be met for the user to be granted access on this host. If "
+"access_provider = ldap, ldap_access_order = filter and this option is not "
+"set, it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only and thus filtering based on nested "
+"groups may not work (e.g. memberOf attribute on AD entries points only to "
+"direct parents). If filtering based on nested groups is required, please see "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1324
+msgid "Example:"
+msgstr "例:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1327
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = (employeeType=admin)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1331
+msgid ""
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1336
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted "
+"access during their last login, they will continue to be granted access "
+"while offline and vice versa."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400
+msgid "Default: Empty"
+msgstr "初期値: 空白"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
+msgid "ldap_account_expire_policy (string)"
+msgstr "ldap_account_expire_policy (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1353
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+"このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になり"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1357
+msgid ""
+"Please note that it is always recommended to use server side access control, "
+"i.e. the LDAP server should deny the bind request with a suitable error code "
+"even if the password is correct."
+msgstr ""
+"必ずサーバー側のアクセス制御を使用することが推奨されることに注意してくださ"
+"い。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒"
+"否します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1364
+msgid "The following values are allowed:"
+msgstr "以下の値が許可されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1367
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+"<emphasis>shadow</emphasis>: アカウントが失効しているかを決めるために "
+"ldap_user_shadow_expire の値を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1372
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time "
+"of the account is checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1379
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: use the value of ldap_ns_account_lock to check if access is "
+"allowed or not."
+msgstr ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: アクセスが許可されるかされないかを確認するために "
+"ldap_ns_account_lock の値を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1385
+msgid ""
+"<emphasis>nds</emphasis>: the values of "
+"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
+"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
+"If both attributes are missing access is granted."
+msgstr ""
+"<emphasis>nds</emphasis>: アクセスが許可されるかを確認するために the values "
+"of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および "
+"ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、ア"
+"クセスが許可されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1393
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>expire</quote> in order for the "
+"ldap_account_expire_policy option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1406
+msgid "ldap_access_order (string)"
+msgstr "ldap_access_order (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1413
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1416
+msgid ""
+"<emphasis>lockout</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1426
+msgid ""
+"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
+"quote> option and might be removed in a future release. </emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1433
+msgid ""
+"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z' or represents any time in the past. The "
+"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
+"denotes the UTC time zone. Other time zones are not currently supported and "
+"will result in \"access-denied\" when users attempt to log in. Please see "
+"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
+"must be set for this feature to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1450
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364
+msgid ""
+"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
+"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
+"interested in being warned that password is about to expire and "
+"authentication is based on using a different method than passwords - for "
+"example SSH keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374
+msgid ""
+"The difference between these options is the action taken if user password is "
+"expired:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379
+msgid "pwd_expire_policy_reject - user is denied to log in,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385
+msgid "pwd_expire_policy_warn - user is still able to log in,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391
+msgid ""
+"pwd_expire_policy_renew - user is prompted to change their password "
+"immediately."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1489
+msgid ""
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1494
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
+"to determine access"
+msgstr ""
+"<emphasis>authorized_service</emphasis>: アクセス権を決定するために "
+"authorizedService 属性を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1499
+msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgstr ""
+"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1503
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1507
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1512
+msgid "Default: filter"
+msgstr "初期値: filter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1515
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr "値が複数使用されていると設定エラーになることに注意してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1522
+msgid "ldap_pwdlockout_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1525
+msgid ""
+"This option specifies the DN of password policy entry on LDAP server. Please "
+"note that absence of this option in sssd.conf in case of enabled account "
+"lockout checking will yield access denied as ppolicy attributes on LDAP "
+"server cannot be checked properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1533
+msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1536
+msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1542
+msgid "ldap_deref (string)"
+msgstr "ldap_deref (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1545
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+"検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプ"
+"ションが許容されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1550
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1554
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+"<emphasis>searching</emphasis>: エイリアスはベースオブジェクトの下位に参照解"
+"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1559
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+"<emphasis>finding</emphasis>: エイリアスは検索のベースオブジェクトの位置を探"
+"すときのみ参照解決されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1564
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+"<emphasis>always</emphasis>: エイリアスは検索のベースオブジェクトを検索すると"
+"きも位置を検索するときも参照解決されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1569
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+"初期値: 空白(LDAP クライアントライブラリにより <emphasis>never</emphasis> と"
+"して取り扱われます)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1577
+msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1580
+msgid ""
+"Allows to retain local users as members of an LDAP group for servers that "
+"use the RFC2307 schema."
+msgstr ""
+"RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカル"
+"ユーザーを保持することができます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1584
+msgid ""
+"In some environments where the RFC2307 schema is used, local users are made "
+"members of LDAP groups by adding their names to the memberUid attribute. "
+"The self-consistency of the domain is compromised when this is done, so SSSD "
+"would normally remove the \"missing\" users from the cached group "
+"memberships as soon as nsswitch tries to fetch information about the user "
+"via getpw*() or initgroups() calls."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1595
+msgid ""
+"This option falls back to checking if local users are referenced, and caches "
+"them so that later initgroups() calls will augment the local users with the "
+"additional LDAP groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152
+msgid "wildcard_limit (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1610
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1614
+msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1618
+msgid "Default: 1000 (often the size of one page)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1624
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "ldap_library_debug_level (integer)"
+msgstr "debug_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1627
+msgid ""
+"Switches on libldap debugging with the given level. The libldap debug "
+"messages will be written independent of the general debug_level."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1632
+msgid ""
+"OpenLDAP uses a bitmap to enable debugging for specific components, -1 will "
+"enable full debug output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1637
+#, fuzzy
+#| msgid "Default: 0 (disabled)"
+msgid "Default: 0 (libldap debugging disabled)"
+msgstr "初期値: 0 (無効)"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:52
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for full details. Note that SSSD "
+"LDAP mapping attributes are described in the <citerefentry> "
+"<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1647
+msgid "SUDO OPTIONS"
+msgstr "SUDO オプション"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1649
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1660
+msgid "ldap_sudo_full_refresh_interval (integer)"
+msgstr "ldap_sudo_full_refresh_interval (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1663
+msgid ""
+"How many seconds SSSD will wait between executing a full refresh of sudo "
+"rules (which downloads all rules that are stored on the server)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1668
+msgid ""
+"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
+"emphasis>"
+msgstr ""
+"値は <emphasis>ldap_sudo_smart_refresh_interval</emphasis> より大きい必要があ"
+"ります"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1673
+msgid ""
+"You can disable full refresh by setting this option to 0. However, either "
+"smart or full refresh must be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1678
+msgid "Default: 21600 (6 hours)"
+msgstr "初期値: 21600 (6 時間)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1684
+msgid "ldap_sudo_smart_refresh_interval (integer)"
+msgstr "ldap_sudo_smart_refresh_interval (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1687
+msgid ""
+"How many seconds SSSD has to wait before executing a smart refresh of sudo "
+"rules (which downloads all rules that have USN higher than the highest "
+"server USN value that is currently known by SSSD)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1693
+msgid ""
+"If USN attributes are not supported by the server, the modifyTimestamp "
+"attribute is used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1697
+msgid ""
+"<emphasis>Note:</emphasis> the highest USN value can be updated by three "
+"tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
+"enumeration of users and groups (if enabled and updated users or groups are "
+"found) and 3) by reconnecting to the server (by default every 15 minutes, "
+"see <emphasis>ldap_connection_expire_timeout</emphasis>)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1708
+msgid ""
+"You can disable smart refresh by setting this option to 0. However, either "
+"smart or full refresh must be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1719
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_sudo_random_offset (integer)"
+msgstr "ldap_idmap_range_size (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1722
+msgid ""
+"Random offset between 0 and configured value is added to smart and full "
+"refresh periods each time the periodic task is scheduled. The value is in "
+"seconds."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1728
+msgid ""
+"Note that this random offset is also applied on the first SSSD start which "
+"delays the first sudo rules refresh. This prolongs the time when the sudo "
+"rules are not available for use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1734
+msgid "You can disable this offset by setting the value to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1744
+msgid "ldap_sudo_use_host_filter (boolean)"
+msgstr "ldap_sudo_use_host_filter (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1747
+msgid ""
+"If true, SSSD will download only rules that are applicable to this machine "
+"(using the IPv4 or IPv6 host/network addresses and hostnames)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1758
+msgid "ldap_sudo_hostnames (string)"
+msgstr "ldap_sudo_hostnames (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1761
+msgid ""
+"Space separated list of hostnames or fully qualified domain names that "
+"should be used to filter the rules."
+msgstr ""
+"ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白"
+"区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1766
+msgid ""
+"If this option is empty, SSSD will try to discover the hostname and the "
+"fully qualified domain name automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
+msgid ""
+"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
+"emphasis> then this option has no effect."
+msgstr ""
+"<emphasis>ldap_sudo_use_host_filter</emphasis> が <emphasis>false</emphasis> "
+"ならば、このオプションは効果を持ちません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799
+msgid "Default: not specified"
+msgstr "初期値: 指定なし"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1782
+msgid "ldap_sudo_ip (string)"
+msgstr "ldap_sudo_ip (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1785
+msgid ""
+"Space separated list of IPv4 or IPv6 host/network addresses that should be "
+"used to filter the rules."
+msgstr ""
+"ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワーク"
+"アドレスの空白区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1790
+msgid ""
+"If this option is empty, SSSD will try to discover the addresses "
+"automatically."
+msgstr ""
+"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1805
+msgid "ldap_sudo_include_netgroups (boolean)"
+msgstr "ldap_sudo_include_netgroups (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1808
+msgid ""
+"If true then SSSD will download every rule that contains a netgroup in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1823
+msgid "ldap_sudo_include_regexp (boolean)"
+msgstr "ldap_sudo_include_regexp (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1826
+msgid ""
+"If true then SSSD will download every rule that contains a wildcard in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
+#: sssd-ldap.5.xml:1836
+msgid ""
+"Using wildcard is an operation that is very costly to evaluate on the LDAP "
+"server side!"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1848
+msgid ""
+"This manual page only describes attribute name mapping. For detailed "
+"explanation of sudo related attribute semantics, see <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+"このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性"
+"セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1858
+msgid "AUTOFS OPTIONS"
+msgstr "AUTOFS オプション"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1860
+msgid ""
+"Some of the defaults for the parameters below are dependent on the LDAP "
+"schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1866
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1869
+msgid "The name of the automount master map in LDAP."
+msgstr "LDAP のオートマウントマスターマップの名前。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1872
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1883
+msgid "ADVANCED OPTIONS"
+msgstr "高度なオプション"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1890
+msgid "ldap_netgroup_search_base (string)"
+msgstr "ldap_netgroup_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1895
+msgid "ldap_user_search_base (string)"
+msgstr "ldap_user_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1900
+msgid "ldap_group_search_base (string)"
+msgstr "ldap_group_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
+#: sssd-ldap.5.xml:1905
+msgid "<note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
+#: sssd-ldap.5.xml:1907
+msgid ""
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
+"against Active Directory will not be restricted and return all groups "
+"memberships, even with no GID mapping. It is recommended to disable this "
+"feature, if group names are not being displayed correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist>
+#: sssd-ldap.5.xml:1914
+msgid "</note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1916
+msgid "ldap_sudo_search_base (string)"
+msgstr "ldap_sudo_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1921
+msgid "ldap_autofs_search_base (string)"
+msgstr "ldap_autofs_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1885
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you "
+"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
+"type=\"variablelist\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930
+#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:155 sssd-session-recording.5.xml:176
+msgid "EXAMPLE"
+msgstr "例"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1938
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+"以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</"
+"replaceable> セクションにあるドメインのどれかに設定されていると仮定していま"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1944
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492
+#: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182
+#: include/ldap_id_mapping.xml:105
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1955
+msgid "LDAP ACCESS FILTER EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1957
+msgid ""
+"The following example assumes that SSSD is correctly configured and to use "
+"the ldap_access_order=lockout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1962
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
+#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163
+msgid "NOTES"
+msgstr "注記"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1979
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+"このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディ"
+"ストリビューションから <citerefentry> <refentrytitle>ldap.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページに基"
+"づいています。"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:11 pam_sss.8.xml:16
+msgid "pam_sss"
+msgstr "pam_sss"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: pam_sss.8.xml:12 pam_sss_gss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
+#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
+#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
+#: sssd_krb5_localauth_plugin.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:17
+msgid "PAM module for SSSD"
+msgstr "SSSD の PAM モジュール"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:22
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>prompt_always</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>try_cert_auth</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>require_cert_auth</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:64
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+"<command>pam_sss.so</command> は System Security Services daemon (SSSD) への "
+"PAM インターフェースです。エラーと結果は <command>syslog(3)</command> を通し"
+"て LOG_AUTHPRIV ファシリティでログ記録されます。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:70 pam_sss_gss.8.xml:89 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:123
+#: sss_ssh_knownhostsproxy.1.xml:62
+msgid "OPTIONS"
+msgstr "オプション"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:74
+msgid "<option>quiet</option>"
+msgstr "<option>quiet</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:77
+msgid "Suppress log messages for unknown users."
+msgstr "不明なユーザーのログメッセージを抑制します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:82
+msgid "<option>forward_pass</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:85
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+"<option>forward_pass</option> が設定されていると、他の PAM モジュールが使用す"
+"るために、入力されたパスワードがスタックに置かれます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:92
+msgid "<option>use_first_pass</option>"
+msgstr "<option>use_first_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:95
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied access."
+msgstr ""
+"引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパス"
+"ワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではな"
+"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:103
+msgid "<option>use_authtok</option>"
+msgstr "<option>use_authtok</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:106
+msgid ""
+"When password changing enforce the module to set the new password to the one "
+"provided by a previously stacked password module."
+msgstr ""
+"パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタッ"
+"クされたパスワードモジュールに設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:113
+msgid "<option>retry=N</option>"
+msgstr "<option>retry=N</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:116
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+"指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わ"
+"せます。初期値は 0 です。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:118
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア"
+"ログを処理すると仮定して動作しません。典型的な例は "
+"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:127
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:130
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:137
+msgid "<option>ignore_authinfo_unavail</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:141
+msgid ""
+"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
+"the SSSD daemon. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:148
+msgid "<option>domains</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:152
+msgid ""
+"Allows the administrator to restrict the domains a particular PAM service is "
+"allowed to authenticate against. The format is a comma-separated list of "
+"SSSD domain names, as specified in the sssd.conf file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:158
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"NOTE: If this is used for a service not running as root user, e.g. a web-"
+"server, it must be used in conjunction with the <quote>pam_trusted_users</"
+"quote> and <quote>pam_public_domains</quote> options. Please see the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more information on these two PAM "
+"responder options."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:173
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:177
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:187
+#, no-wrap
+msgid ""
+"auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:182
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:197
+msgid "<option>prompt_always</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:201
+msgid ""
+"Always prompt the user for credentials. With this option credentials "
+"requested by other PAM modules, typically a password, will be ignored and "
+"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
+"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
+"credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:212
+msgid "<option>try_cert_auth</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:216
+msgid ""
+"Try to use certificate based authentication, i.e. authentication with a "
+"Smartcard or similar devices. If a Smartcard is available and the service is "
+"allowed for Smartcard authentication the user will be prompted for a PIN and "
+"the certificate based authentication will continue"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:224
+msgid ""
+"If no Smartcard is available or certificate based authentication is not "
+"allowed for the current service PAM_AUTHINFO_UNAVAIL is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:232
+msgid "<option>require_cert_auth</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:236
+msgid ""
+"Do certificate based authentication, i.e. authentication with a Smartcard "
+"or similar devices. If a Smartcard is not available the user will be "
+"prompted to insert one. SSSD will wait for a Smartcard until the timeout "
+"defined by p11_wait_for_card_timeout passed, please see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:246
+msgid ""
+"If no Smartcard is available after the timeout or certificate based "
+"authentication is not allowed for the current service PAM_AUTHINFO_UNAVAIL "
+"is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:256 pam_sss_gss.8.xml:103
+msgid "MODULE TYPES PROVIDED"
+msgstr "提供されるモジュール形式"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:257
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+"すべてのモジュール形式 (<option>account</option>, <option>auth</option>, "
+"<option>password</option> および <option>session</option>) が提供されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:260
+msgid ""
+"If SSSD's PAM responder is not running, e.g. if the PAM responder socket is "
+"not available, pam_sss will return PAM_USER_UNKNOWN when called as "
+"<option>account</option> module to avoid issues with users from other "
+"sources during access control."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:267 pam_sss_gss.8.xml:108
+msgid "RETURN VALUES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:270 pam_sss_gss.8.xml:111
+msgid "PAM_SUCCESS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:273 pam_sss_gss.8.xml:114
+msgid "The PAM operation finished successfully."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:278 pam_sss_gss.8.xml:119
+msgid "PAM_USER_UNKNOWN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:281
+msgid ""
+"The user is not known to the authentication service or the SSSD's PAM "
+"responder is not running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:287 pam_sss_gss.8.xml:128
+msgid "PAM_AUTH_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:290
+msgid ""
+"Authentication failure. Also, could be returned when there is a problem with "
+"getting the certificate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:296
+msgid "PAM_PERM_DENIED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:299
+msgid ""
+"Permission denied. The SSSD log files may contain additional information "
+"about the error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:305
+msgid "PAM_IGNORE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:308
+msgid ""
+"See options <option>ignore_unknown_user</option> and "
+"<option>ignore_authinfo_unavail</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:314
+msgid "PAM_AUTHTOK_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:317
+msgid ""
+"Unable to obtain the new authentication token. Also, could be returned when "
+"the user authenticates with certificates and multiple certificates are "
+"available, but the installed version of GDM does not support selection from "
+"multiple certificates."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:325 pam_sss_gss.8.xml:136
+msgid "PAM_AUTHINFO_UNAVAIL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:328 pam_sss_gss.8.xml:139
+msgid ""
+"Unable to access the authentication information. This might be due to a "
+"network or hardware failure."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:334
+msgid "PAM_BUF_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:337
+msgid ""
+"A memory error occurred. Also, could be returned when options use_first_pass "
+"or use_authtok were set, but no password was found from the previously "
+"stacked PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:344 pam_sss_gss.8.xml:145
+msgid "PAM_SYSTEM_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:347 pam_sss_gss.8.xml:148
+msgid ""
+"A system error occurred. The SSSD log files may contain additional "
+"information about the error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:353
+msgid "PAM_CRED_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:356
+msgid "Unable to set the credentials of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:361
+msgid "PAM_CRED_INSUFFICIENT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:364
+msgid ""
+"The application does not have sufficient credentials to authenticate the "
+"user. For example, missing PIN during smartcard authentication or missing "
+"factor during two-factor authentication."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:372
+msgid "PAM_SERVICE_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:375
+msgid "Error in service module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:380
+msgid "PAM_NEW_AUTHTOK_REQD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:383
+msgid "The user's authentication token has expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:388
+msgid "PAM_ACCT_EXPIRED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:391
+msgid "The user account has expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:396
+msgid "PAM_SESSION_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:399
+msgid "Unable to fetch IPA Desktop Profile rules or user info."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:404
+msgid "PAM_CRED_UNAVAIL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:407
+msgid "Unable to retrieve Kerberos user credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:412
+msgid "PAM_NO_MODULE_DATA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:415
+msgid ""
+"No authentication method was found by Kerberos. This might happen if the "
+"user has a Smartcard assigned but the pkint plugin is not available on the "
+"client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:422
+msgid "PAM_CONV_ERR"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:425
+msgid "Conversation failure."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:430
+msgid "PAM_AUTHTOK_LOCK_BUSY"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:433
+msgid "No KDC suitable for password change is available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:438
+msgid "PAM_ABORT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:441
+msgid "Unknown PAM call."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:446
+msgid "PAM_MODULE_UNKNOWN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:449
+msgid "Unsupported PAM task or command."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:454
+msgid "PAM_BAD_ITEM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:457
+msgid "The authentication module cannot handle Smartcard credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:465
+msgid "FILES"
+msgstr "ファイル"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:466
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ"
+"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ"
+"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:471
+msgid ""
+"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
+"filename> where LOC stands for a locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
+"citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
+"the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permissions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:481
+msgid ""
+"These files are searched in the directory <filename>/etc/sssd/customize/"
+"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
+"displayed."
+msgstr ""
+"これらのファイルがディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</"
+"filename> において検索されます。一致するファイルがなければ、一般的なメッセー"
+"ジが表示されます。"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss_gss.8.xml:11 pam_sss_gss.8.xml:16
+#, fuzzy
+#| msgid "pam_sss"
+msgid "pam_sss_gss"
+msgstr "pam_sss"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss_gss.8.xml:17
+#, fuzzy
+#| msgid "PAM module for SSSD"
+msgid "PAM module for SSSD GSSAPI authentication"
+msgstr "SSSD の PAM モジュール"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss_gss.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+#| "replaceable> </arg>"
+msgid ""
+"<command>pam_sss_gss.so</command> <arg choice='opt'> <replaceable>debug</"
+"replaceable> </arg>"
+msgstr ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:32
+msgid ""
+"<command>pam_sss_gss.so</command> authenticates user over GSSAPI in "
+"cooperation with SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:36
+msgid ""
+"This module will try to authenticate the user using the GSSAPI hostbased "
+"service name host@hostname which translates to host/hostname@REALM Kerberos "
+"principal. The <emphasis>REALM</emphasis> part of the Kerberos principal "
+"name is derived by Kerberos internal mechanisms and it can be set explicitly "
+"in configuration of [domain_realm] section in /etc/krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:44
+msgid ""
+"SSSD is used to provide desired service name and to validate the user's "
+"credentials using GSSAPI calls. If the service ticket is already present in "
+"the Kerberos credentials cache or if user's ticket granting ticket can be "
+"used to get the correct service ticket then the user will be authenticated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:51
+msgid ""
+"If <option>pam_gssapi_check_upn</option> is True (default) then SSSD "
+"requires that the credentials used to obtain the service tickets can be "
+"associated with the user. This means that the principal that owns the "
+"Kerberos credentials must match with the user principal name as defined in "
+"LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:58
+msgid ""
+"To enable GSSAPI authentication in SSSD, set <option>pam_gssapi_services</"
+"option> option in [pam] or domain section of sssd.conf. The service "
+"credentials need to be stored in SSSD's keytab (it is already present if you "
+"use ipa or ad provider). The keytab location can be set with "
+"<option>krb5_keytab</option> option. See <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> and "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more details on these options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:74
+msgid ""
+"Some Kerberos deployments allow to associate authentication indicators with "
+"a particular pre-authentication method used to obtain the ticket granting "
+"ticket by the user. <command>pam_sss_gss.so</command> allows to enforce "
+"presence of authentication indicators in the service tickets before a "
+"particular PAM service can be accessed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:82
+msgid ""
+"If <option>pam_gssapi_indicators_map</option> is set in the [pam] or domain "
+"section of sssd.conf, then SSSD will perform a check of the presence of any "
+"configured indicators in the service ticket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss_gss.8.xml:93
+#, fuzzy
+#| msgid "<option>quiet</option>"
+msgid "<option>debug</option>"
+msgstr "<option>quiet</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss_gss.8.xml:96
+msgid "Print debugging information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:104
+msgid "Only the <option>auth</option> module type is provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss_gss.8.xml:122
+msgid ""
+"The user is not known to the authentication service or the GSSAPI "
+"authentication is not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss_gss.8.xml:131
+msgid "Authentication failure."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:159
+msgid ""
+"The main use case is to provide password-less authentication in sudo but "
+"without the need to disable authentication completely. To achieve this, "
+"first enable GSSAPI authentication for sudo in sssd.conf:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: pam_sss_gss.8.xml:165
+#, no-wrap
+msgid ""
+"[domain/MYDOMAIN]\n"
+"pam_gssapi_services = sudo, sudo-i\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:169
+msgid ""
+"And then enable the module in desired PAM stack (e.g. /etc/pam.d/sudo and /"
+"etc/pam.d/sudo-i)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: pam_sss_gss.8.xml:173
+#, no-wrap
+msgid ""
+"...\n"
+"auth sufficient pam_sss_gss.so\n"
+"...\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss_gss.8.xml:180
+msgid "TROUBLESHOOTING"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:182
+msgid ""
+"SSSD logs, pam_sss_gss debug output and syslog may contain helpful "
+"information about the error. Here are some common issues:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:186
+msgid ""
+"1. I have KRB5CCNAME environment variable set and the authentication does "
+"not work: Depending on your sudo version, it is possible that sudo does not "
+"pass this variable to the PAM environment. Try adding KRB5CCNAME to "
+"<option>env_keep</option> in /etc/sudoers or in your LDAP sudo rules default "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:193
+msgid ""
+"2. Authentication does not work and syslog contains \"Server not found in "
+"Kerberos database\": Kerberos is probably not able to resolve correct realm "
+"for the service ticket based on the hostname. Try adding the hostname "
+"directly to <option>[domain_realm]</option> in /etc/krb5.conf like so:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:200
+msgid ""
+"3. Authentication does not work and syslog contains \"No Kerberos "
+"credentials available\": You don't have any credentials that can be used to "
+"obtain the required service ticket. Use kinit or authenticate over SSSD to "
+"acquire those credentials."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss_gss.8.xml:206
+msgid ""
+"4. Authentication does not work and SSSD sssd-pam log contains \"User with "
+"UPN [$UPN] was not found.\" or \"UPN [$UPN] does not match target user "
+"[$username].\": You are using credentials that can not be mapped to the user "
+"that is being authenticated. Try to use kswitch to select different "
+"principal, make sure you authenticated with SSSD or consider disabling "
+"<option>pam_gssapi_check_upn</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: pam_sss_gss.8.xml:214
+#, no-wrap
+msgid ""
+"[domain_realm]\n"
+".myhostname = MYREALM\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr "sssd_krb5_locator_plugin"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by libkrb5 to find KDCs for a given Kerberos realm. SSSD provides such "
+"a plugin to guide all Kerberos clients on a system to a single KDC. In "
+"general it should not matter to which KDC a client process is talking to. "
+"But there are cases, e.g. after a password change, where not all KDCs are in "
+"the same state because the new data has to be replicated first. To avoid "
+"unexpected authentication failures and maybe even account lockings it would "
+"be good to talk to a single KDC as long as possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:34
+msgid ""
+"libkrb5 will search the locator plugin in the libkrb5 sub-directory of the "
+"Kerberos plugin directory, see plugin_base_dir in <citerefentry> "
+"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for details. The plugin can only be disabled by removing the "
+"plugin file. There is no option in the Kerberos configuration to disable it. "
+"But the SSSD_KRB5_LOCATOR_DISABLE environment variable can be used to "
+"disable the plugin for individual commands. Alternatively the SSSD option "
+"krb5_use_kdcinfo=False can be used to not generate the data needed by the "
+"plugin. With this the plugin is still called but will provide no data to the "
+"caller so that libkrb5 can fall back to other methods defined in krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:50
+msgid ""
+"The plugin reads the information about the KDCs of a given realm from a file "
+"called <filename>kdcinfo.REALM</filename>. The file should contain one or "
+"more DNS names or IP addresses either in dotted-decimal IPv4 notation or the "
+"hexadecimal IPv6 notation. An optional port number can be added to the end "
+"separated with a colon, the IPv6 address has to be enclosed in squared "
+"brackets in this case as usual. Valid entries are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:58
+msgid "kdc.example.com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:59
+msgid "kdc.example.com:321"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:60
+msgid "1.2.3.4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:61
+msgid "5.6.7.8:99"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:62
+msgid "2001:db8:85a3::8a2e:370:7334"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid "[2001:db8:85a3::8a2e:370:7334]:321"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:65
+msgid ""
+"SSSD's krb5 auth-provider which is used by the IPA and AD providers as well "
+"adds the address of the current KDC or domain controller SSSD is using to "
+"this file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:70
+msgid ""
+"In environments with read-only and read-write KDCs where clients are "
+"expected to use the read-only instances for the general operations and only "
+"the read-write KDC for config changes like password changes a "
+"<filename>kpasswdinfo.REALM</filename> is used as well to identify read-"
+"write KDCs. If this file exists for the given realm the content will be used "
+"by the plugin to reply to requests for a kpasswd or kadmin server or for the "
+"MIT Kerberos specific master KDC. If the address contains a port number the "
+"default KDC port 88 will be used for the latter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:85
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 "
+"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ"
+"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:91
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
+"セージが標準エラーに送られます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:95
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
+"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
+"caller."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:100
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_IGNORE_DNS_FAILURES is set to "
+"any value plugin will try to resolve all DNS names in kdcinfo file. By "
+"default plugin returns KRB5_PLUGIN_NO_HANDLE to the caller immediately on "
+"first DNS resolving failure."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr "SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page."
+msgstr ""
+"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説"
+"明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形"
+"式</quote> セクションを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+"シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒"
+"否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します:"
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr "すべての一覧が空白ならば、アクセスが認められます"
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+"何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されま"
+"す。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更"
+"新することを意味します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+"\"allow\" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒"
+"否されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+"\"deny\" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべて"
+"のユーザーがアクセスを許可されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr "simple_allow_users (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr "simple_deny_users (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr "アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr "simple_allow_groups (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only "
+"to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+"ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中の"
+"グループのみに適用されます。ローカルグループは評価されません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr "simple_deny_groups (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+"アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメイ"
+"ンの中のグループのみに適用されます。ローカルグループは評価されません。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:83 sssd-ad.5.xml:131
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
+"<quote>ドメインセクション</quote> のセクションを参照してください。 "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Specifying no values for any of the lists is equivalent to skipping it "
+"entirely. Beware of this while generating parameters for the simple provider "
+"using automated scripts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:125
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+"simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーに"
+"なることに注意してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:133
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the simple access provider-specific options."
+msgstr ""
+"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
+"replaceable> セクションにあるドメインの 1 つであると仮定します。この例はアク"
+"セスプロバイダー固有の簡単なオプションのみを示します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:140
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:150
+msgid ""
+"The complete group membership hierarchy is resolved before the access check, "
+"thus even nested groups can be included in the access lists. Please be "
+"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
+"results and should be set to a sufficient value. (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>) option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss-certmap.5.xml:10 sss-certmap.5.xml:16
+msgid "sss-certmap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss-certmap.5.xml:17
+msgid "SSSD Certificate Matching and Mapping Rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:23
+msgid ""
+"The manual page describes the rules which can be used by SSSD and other "
+"components to match X.509 certificates and map them to accounts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:28
+msgid ""
+"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
+"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
+"quote>. All components are optional. A missing <quote>priority</quote> will "
+"add the rule with the lowest priority. The default <quote>matching rule</"
+"quote> will match certificates with the digitalSignature key usage and "
+"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
+"the certificates will be searched in the userCertificate attribute as DER "
+"encoded binary. If no domains are given only the local domain will be "
+"searched."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:39
+msgid ""
+"To allow extensions or completely different style of rule the "
+"<quote>mapping</quote> and <quote>matching rules</quote> can contain a "
+"prefix separated with a ':' from the main part of the rule. The prefix may "
+"only contain upper-case ASCII letters and numbers. If the prefix is omitted "
+"the default type will be used which is 'KRB5' for the matching rules and "
+"'LDAP' for the mapping rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss-certmap.5.xml:48
+msgid ""
+"The 'sssctl' utility provides the 'cert-eval-rule' command to check if a "
+"given certificate matches a matching rules and how the output of a mapping "
+"rule would look like."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss-certmap.5.xml:55
+msgid "RULE COMPONENTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:57
+msgid "PRIORITY"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:59
+msgid ""
+"The rules are processed by priority while the number '0' (zero) indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority. The rules processing is stopped "
+"when a matched rule is found and no further rules are checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:66
+msgid ""
+"Internally the priority is treated as unsigned 32bit integer, using a "
+"priority value larger than 4294967295 will cause an error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:70
+msgid ""
+"If multiple rules have the same priority and only one of the related "
+"matching rules applies, this rule will be chosen. If there are multiple "
+"rules with the same priority which matches, one is chosen but which one is "
+"undefined. To avoid this undefined behavior either use different priorities "
+"or make the matching rules more specific e.g. by using distinct &lt;"
+"ISSUER&gt; patterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:79
+msgid "MATCHING RULE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:81
+msgid ""
+"The matching rule is used to select a certificate to which the mapping rule "
+"should be applied. It uses a system similar to the one used by "
+"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
+"keyword enclosed by '&lt;' and '&gt;' which identified a certain part of the "
+"certificate and a pattern which should be found for the rule to match. "
+"Multiple keyword pattern pairs can be either joined with '&amp;&amp;' (and) "
+"or '&#124;&#124;' (or)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:90
+msgid ""
+"Given the similarity to MIT Kerberos the type prefix for this rule is "
+"'KRB5'. But 'KRB5' will also be the default for <quote>matching rules</"
+"quote> so that \"&lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN\" and \"KRB5:&lt;"
+"SUBJECT&gt;.*,DC=MY,DC=DOMAIN\" are equivalent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:99
+msgid "&lt;SUBJECT&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:102
+msgid ""
+"With this a part or the whole subject name of the certificate can be "
+"matched. For the matching POSIX Extended Regular Expression syntax is used, "
+"see regex(7) for details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:108
+msgid ""
+"For the matching the subject name stored in the certificate in DER encoded "
+"ASN.1 is converted into a string according to RFC 4514. This means the most "
+"specific name component comes first. Please note that not all possible "
+"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
+"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
+"be shown differently on different platform and by different tools. To avoid "
+"confusion those attribute names are best not used or covered by a suitable "
+"regular-expression."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:121
+msgid "Example: &lt;SUBJECT&gt;.*,DC=MY,DC=DOMAIN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:124
+msgid ""
+"Please note that the characters \"^.[$()|*+?{\\\" have a special meaning in "
+"regular expressions and must be escaped with the help of the '\\' character "
+"so that they are matched as ordinary characters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:130
+msgid "Example: &lt;SUBJECT&gt;^CN=.* \\(Admin\\),DC=MY,DC=DOMAIN$"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:135
+msgid "&lt;ISSUER&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:138
+msgid ""
+"With this a part or the whole issuer name of the certificate can be matched. "
+"All comments for &lt;SUBJECT&gt; apply her as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:143
+msgid "Example: &lt;ISSUER&gt;^CN=My-CA,DC=MY,DC=DOMAIN$"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:148
+msgid "&lt;KU&gt;key-usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:151
+msgid ""
+"This option can be used to specify which key usage values the certificate "
+"should have. The following values can be used in a comma separated list:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:155
+msgid "digitalSignature"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:156
+msgid "nonRepudiation"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:157
+msgid "keyEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:158
+msgid "dataEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:159
+msgid "keyAgreement"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:160
+msgid "keyCertSign"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:161
+msgid "cRLSign"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:162
+msgid "encipherOnly"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:163
+msgid "decipherOnly"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:167
+msgid ""
+"A numerical value in the range of a 32bit unsigned integer can be used as "
+"well to cover special use cases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:171
+msgid "Example: &lt;KU&gt;digitalSignature,keyEncipherment"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:176
+msgid "&lt;EKU&gt;extended-key-usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:179
+msgid ""
+"This option can be used to specify which extended key usage the certificate "
+"should have. The following value can be used in a comma separated list:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:183
+msgid "serverAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:184
+msgid "clientAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:185
+msgid "codeSigning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:186
+msgid "emailProtection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:187
+msgid "timeStamping"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:188
+msgid "OCSPSigning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:189
+msgid "KPClientAuth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:190
+msgid "pkinit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sss-certmap.5.xml:191
+msgid "msScLogin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:195
+msgid ""
+"Extended key usages which are not listed above can be specified with their "
+"OID in dotted-decimal notation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:199
+msgid "Example: &lt;EKU&gt;clientAuth,1.3.6.1.5.2.3.4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:204
+msgid "&lt;SAN&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:207
+msgid ""
+"To be compatible with the usage of MIT Kerberos this option will match the "
+"Kerberos principals in the PKINIT or AD NT Principal SAN as &lt;SAN:"
+"Principal&gt; does."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:212
+msgid "Example: &lt;SAN&gt;.*@MY\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:217
+msgid "&lt;SAN:Principal&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:220
+msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:224
+msgid "Example: &lt;SAN:Principal&gt;.*@MY\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:229
+msgid "&lt;SAN:ntPrincipalName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:232
+msgid "Match the Kerberos principals from the AD NT Principal SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:236
+msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY.AD.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:241
+msgid "&lt;SAN:pkinit&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:244
+msgid "Match the Kerberos principals from the PKINIT SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:247
+msgid "Example: &lt;SAN:ntPrincipalName&gt;.*@MY\\.PKINIT\\.REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:252
+msgid "&lt;SAN:dotted-decimal-oid&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:255
+msgid ""
+"Take the value of the otherName SAN component given by the OID in dotted-"
+"decimal notation, interpret it as string and try to match it against the "
+"regular expression."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:261
+msgid "Example: &lt;SAN:1.2.3.4&gt;test"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:266
+msgid "&lt;SAN:otherName&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:269
+msgid ""
+"Do a binary match with the base64 encoded blob against all otherName SAN "
+"components. With this option it is possible to match against custom "
+"otherName components with special encodings which could not be treated as "
+"strings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:276
+msgid "Example: &lt;SAN:otherName&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:281
+msgid "&lt;SAN:rfc822Name&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:284
+msgid "Match the value of the rfc822Name SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:287
+msgid "Example: &lt;SAN:rfc822Name&gt;.*@email\\.domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:292
+msgid "&lt;SAN:dNSName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:295
+msgid "Match the value of the dNSName SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:298
+msgid "Example: &lt;SAN:dNSName&gt;.*\\.my\\.dns\\.domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:303
+msgid "&lt;SAN:x400Address&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:306
+msgid "Binary match the value of the x400Address SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:309
+msgid "Example: &lt;SAN:x400Address&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:314
+msgid "&lt;SAN:directoryName&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:317
+msgid ""
+"Match the value of the directoryName SAN. The same comments as given for &lt;"
+"ISSUER&gt; and &lt;SUBJECT&gt; apply here as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:322
+msgid "Example: &lt;SAN:directoryName&gt;.*,DC=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:327
+msgid "&lt;SAN:ediPartyName&gt;base64-string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:330
+msgid "Binary match the value of the ediPartyName SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:333
+msgid "Example: &lt;SAN:ediPartyName&gt;MTIz"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:338
+msgid "&lt;SAN:uniformResourceIdentifier&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:341
+msgid "Match the value of the uniformResourceIdentifier SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:344
+msgid "Example: &lt;SAN:uniformResourceIdentifier&gt;URN:.*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:349
+msgid "&lt;SAN:iPAddress&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:352
+msgid "Match the value of the iPAddress SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:355
+msgid "Example: &lt;SAN:iPAddress&gt;192\\.168\\..*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:360
+msgid "&lt;SAN:registeredID&gt;regular-expression"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:363
+msgid "Match the value of the registeredID SAN as dotted-decimal string."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:367
+msgid "Example: &lt;SAN:registeredID&gt;1\\.2\\.3\\..*"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:96
+msgid ""
+"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:375
+msgid "MAPPING RULE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:377
+msgid ""
+"The mapping rule is used to associate a certificate with one or more "
+"accounts. A Smartcard with the certificate and the matching private key can "
+"then be used to authenticate as one of those accounts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:382
+msgid ""
+"Currently SSSD basically only supports LDAP to lookup user information (the "
+"exception is the proxy provider which is not of relevance here). Because of "
+"this the mapping rule is based on LDAP search filter syntax with templates "
+"to add certificate content to the filter. It is expected that the filter "
+"will only contain the specific data needed for the mapping and that the "
+"caller will embed it in another filter to do the actual search. Because of "
+"this the filter string should start and stop with '(' and ')' respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:392
+msgid ""
+"In general it is recommended to use attributes from the certificate and add "
+"them to special attributes to the LDAP user object. E.g. the "
+"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
+"for IPA can be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:398
+msgid ""
+"This should be preferred to read user specific data from the certificate "
+"like e.g. an email address and search for it in the LDAP server. The reason "
+"is that the user specific data in LDAP might change for various reasons "
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:406
+msgid ""
+"The default <quote>mapping rule</quote> type is 'LDAP' which can be added as "
+"a prefix to a rule like e.g. 'LDAP:(userCertificate;binary={cert!bin})'. "
+"There is an extension called 'LDAPU1' which offer more templates for more "
+"flexibility. To allow older versions of this library to ignore the extension "
+"the prefix 'LDAPU1' must be used when using the new templates in a "
+"<quote>mapping rule</quote> otherwise the old version of this library will "
+"fail with a parsing error. The new templates are described in section <xref "
+"linkend=\"map_ldapu1\"/>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:424
+msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:427
+msgid ""
+"This template will add the full issuer DN converted to a string according to "
+"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
+"the '_x500' prefix should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:433 sss-certmap.5.xml:459
+msgid ""
+"The conversion options starting with 'ad_' will use attribute names as used "
+"by AD, e.g. 'S' instead of 'ST'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:437 sss-certmap.5.xml:463
+msgid ""
+"The conversion options starting with 'nss_' will use attribute names as used "
+"by NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:441 sss-certmap.5.xml:467
+msgid ""
+"The default conversion option is 'nss', i.e. attribute names according to "
+"NSS and LDAP/RFC 4514 ordering."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:445
+msgid ""
+"Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!ad}&lt;S&gt;{subject_dn!"
+"ad})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:450
+msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:453
+msgid ""
+"This template will add the full subject DN converted to string according to "
+"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
+"the '_x500' prefix should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:471
+msgid ""
+"Example: (ipacertmapdata=X509:&lt;I&gt;{issuer_dn!nss_x500}&lt;S&gt;"
+"{subject_dn!nss_x500})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:476
+msgid "{cert[!(bin|base64)]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:479
+msgid ""
+"This template will add the whole DER encoded certificate as a string to the "
+"search filter. Depending on the conversion option the binary certificate is "
+"either converted to an escaped hex sequence '\\xx' or base64. The escaped "
+"hex sequence is the default and can e.g. be used with the LDAP attribute "
+"'userCertificate;binary'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:487
+msgid "Example: (userCertificate;binary={cert!bin})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:492
+msgid "{subject_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:495
+msgid ""
+"This template will add the Kerberos principal which is taken either from the "
+"SAN used by pkinit or the one used by AD. The 'short_name' component "
+"represents the first part of the principal before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:501
+msgid ""
+"Example: (|(userPrincipal={subject_principal})"
+"(samAccountName={subject_principal.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:506
+msgid "{subject_pkinit_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:509
+msgid ""
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
+"principal before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:515
+msgid ""
+"Example: (|(userPrincipal={subject_pkinit_principal})"
+"(uid={subject_pkinit_principal.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:520
+msgid "{subject_nt_principal[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:523
+msgid ""
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:529
+msgid ""
+"Example: (|(userPrincipalName={subject_nt_principal})"
+"(samAccountName={subject_nt_principal.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:534
+msgid "{subject_rfc822_name[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:537
+msgid ""
+"This template will add the string which is stored in the rfc822Name "
+"component of the SAN, typically an email address. The 'short_name' component "
+"represents the first part of the address before the '@' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:543
+msgid ""
+"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
+"short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:548
+msgid "{subject_dns_name[.short_name]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:551
+msgid ""
+"This template will add the string which is stored in the dNSName component "
+"of the SAN, typically a fully-qualified host name. The 'short_name' "
+"component represents the first part of the name before the first '.' sign."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:557
+msgid ""
+"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:562
+msgid "{subject_uri}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:565
+msgid ""
+"This template will add the string which is stored in the "
+"uniformResourceIdentifier component of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:569
+msgid "Example: (uri={subject_uri})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:574
+msgid "{subject_ip_address}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:577
+msgid ""
+"This template will add the string which is stored in the iPAddress component "
+"of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:581
+msgid "Example: (ip={subject_ip_address})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:586
+msgid "{subject_x400_address}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:589
+msgid ""
+"This template will add the value which is stored in the x400Address "
+"component of the SAN as escaped hex sequence."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:594
+msgid "Example: (attr:binary={subject_x400_address})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:599
+msgid ""
+"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:602
+msgid ""
+"This template will add the DN string of the value which is stored in the "
+"directoryName component of the SAN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:606
+msgid "Example: (orig_dn={subject_directory_name})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:611
+msgid "{subject_ediparty_name}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:614
+msgid ""
+"This template will add the value which is stored in the ediPartyName "
+"component of the SAN as escaped hex sequence."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:619
+msgid "Example: (attr:binary={subject_ediparty_name})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:624
+msgid "{subject_registered_id}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:627
+msgid ""
+"This template will add the OID which is stored in the registeredID component "
+"of the SAN as a dotted-decimal string."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:632
+msgid "Example: (oid={subject_registered_id})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:417
+msgid ""
+"The templates to add certificate data to the search filter are based on "
+"Python-style formatting strings. They consist of a keyword in curly braces "
+"with an optional sub-component specifier separated by a '.' or an optional "
+"conversion/formatting option separated by a '!'. Allowed values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><title>
+#: sss-certmap.5.xml:639
+msgid "LDAPU1 extension"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para>
+#: sss-certmap.5.xml:641
+msgid "The following template are available when using the 'LDAPU1' extension:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:647
+msgid "{serial_number[!(dec|hex[_ucr])]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:650
+msgid ""
+"This template will add the serial number of the certificate. By default it "
+"will be printed as a hexadecimal number with lower-case letters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:655
+msgid ""
+"With the formatting option '!dec' the number will be printed as decimal "
+"string. The hexadecimal output can be printed with upper-case letters ('!"
+"hex_u'), with a colon separating the hexadecimal bytes ('!hex_c') or with "
+"the hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can "
+"be combined so that e.g. '!hex_uc' will produce a colon-separated "
+"hexadecimal string with upper-case letters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:665
+msgid "Example: LDAPU1:(serial={serial_number})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:671
+msgid "{subject_key_id[!hex[_ucr]]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:674
+msgid ""
+"This template will add the subject key id of the certificate. By default it "
+"will be printed as a hexadecimal number with lower-case letters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:679
+msgid ""
+"The hexadecimal output can be printed with upper-case letters ('!hex_u'), "
+"with a colon separating the hexadecimal bytes ('!hex_c') or with the "
+"hexadecimal bytes in reverse order ('!hex_r'). The postfix letters can be "
+"combined so that e.g. '!hex_uc' will produce a colon-separated hexadecimal "
+"string with upper-case letters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:688
+msgid "Example: LDAPU1:(ski={subject_key_id})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:694
+msgid "{cert[!DIGEST[_ucr]]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:697
+msgid ""
+"This template will add the hexadecimal digest/hash of the certificate where "
+"DIGEST must be replaced with the name of a digest/hash function supported by "
+"OpenSSL, e.g. 'sha512'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:703
+msgid ""
+"The hexadecimal output can be printed with upper-case letters ('!sha512_u'), "
+"with a colon separating the hexadecimal bytes ('!sha512_c') or with the "
+"hexadecimal bytes in reverse order ('!sha512_r'). The postfix letters can be "
+"combined so that e.g. '!sha512_uc' will produce a colon-separated "
+"hexadecimal string with upper-case letters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:712
+msgid "Example: LDAPU1:(dgst={cert!sha256})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:718
+msgid "{subject_dn_component[(.attr_name|[number]]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:721
+msgid ""
+"This template will add an attribute value of a component of the subject DN, "
+"by default the value of the most specific component."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:726
+msgid ""
+"A different component can it either selected by attribute name, e.g. "
+"{subject_dn_component.uid} or by position, e.g. {subject_dn_component.[2]} "
+"where positive numbers start counting from the most specific component and "
+"negative numbers start counting from the least specific component. Attribute "
+"name and the position can be combined as e.g. {subject_dn_component.uid[2]} "
+"which means that the name of the second component must be 'uid'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:737
+msgid "Example: LDAPU1:(uid={subject_dn_component.uid})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:743
+msgid "{issuer_dn_component[(.attr_name|[number]]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:746
+msgid ""
+"This template will add an attribute value of a component of the issuer DN, "
+"by default the value of the most specific component."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:751
+msgid ""
+"See 'subject_dn_component' for details about the attribute name and position "
+"specifiers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:755
+msgid ""
+"Example: LDAPU1:(domain={issuer_dn_component.[-2]}.{issuer_dn_component."
+"dc[-1]})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><term>
+#: sss-certmap.5.xml:760
+msgid "{sid[.rid]}"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:763
+msgid ""
+"This template will add the SID if the corresponding extension introduced by "
+"Microsoft with the OID 1.3.6.1.4.1.311.25.2 is available. With the '.rid' "
+"selector only the last component, i.e. the RID, will be added."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><refsect3><para><variablelist><varlistentry><listitem><para>
+#: sss-certmap.5.xml:770
+msgid "Example: LDAPU1:(objectsid={sid})"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss-certmap.5.xml:779
+msgid "DOMAIN LIST"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss-certmap.5.xml:781
+msgid ""
+"If the domain list is not empty users mapped to a given certificate are not "
+"only searched in the local domain but in the listed domains as well as long "
+"as they are know by SSSD. Domains not know to SSSD will be ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
+"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
+"ジの <quote>ファイル形式</quote> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+"IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。"
+"(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)"
+"このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に"
+"自己検索され、サーバーから直接取得されている必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
+"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
+"optimizations for IPA environments. The IPA provider accepts the same "
+"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
+"However, it is neither necessary nor recommended to set these options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:57
+msgid ""
+"The IPA provider primarily copies the traditional ldap and krb5 provider "
+"default options with some exceptions, the differences are listed in the "
+"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:62
+msgid ""
+"As an access provider, the IPA provider has a minimal configuration (see "
+"<quote>ipa_access_order</quote>) as it mainly uses HBAC (host-based access "
+"control) rules. Please refer to freeipa.org for more information about HBAC."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:68
+msgid ""
+"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
+"configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:74
+msgid ""
+"The IPA provider will use the PAC responder if the Kerberos tickets of users "
+"from trusted realms contain a PAC. To make configuration easier the PAC "
+"responder is started automatically if the IPA ID provider is configured."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:90
+msgid "ipa_domain (string)"
+msgstr "ipa_domain (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:93
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+"IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定"
+"ドメイン名が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:101
+msgid "ipa_server, ipa_backup_server (string)"
+msgstr "ipa_server, ipa_backup_server (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:104
+msgid ""
+"The comma-separated list of IP addresses or hostnames of the IPA servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:117
+msgid "ipa_hostname (string)"
+msgstr "ipa_hostname (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:120
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host. The "
+"hostname must be fully qualified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:129 sssd-ad.5.xml:1181
+msgid "dyndns_update (boolean)"
+msgstr "dyndns_update (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:132
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:141 sssd-ad.5.xml:1195
+msgid ""
+"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
+"the default Kerberos realm must be set properly in /etc/krb5.conf"
+msgstr ""
+"注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、"
+"デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必"
+"要があります"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:146
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:158 sssd-ad.5.xml:1206
+msgid "dyndns_ttl (integer)"
+msgstr "dyndns_ttl (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:161 sssd-ad.5.xml:1209
+msgid ""
+"The TTL to apply to the client DNS record when updating it. If "
+"dyndns_update is false this has no effect. This will override the TTL "
+"serverside if set by an administrator."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:166
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:172
+msgid "Default: 1200 (seconds)"
+msgstr "初期値: 1200 (秒)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:178 sssd-ad.5.xml:1220
+msgid "dyndns_iface (string)"
+msgstr "dyndns_iface (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:181 sssd-ad.5.xml:1223
+msgid ""
+"Optional. Applicable only when dyndns_update is true. Choose the interface "
+"or a list of interfaces whose IP addresses should be used for dynamic DNS "
+"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
+"should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:188
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:194
+msgid ""
+"Default: Use the IP addresses of the interface which is used for IPA LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:198 sssd-ad.5.xml:1234
+msgid "Example: dyndns_iface = em1, vnet1, vnet2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290
+msgid "dyndns_auth (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293
+msgid ""
+"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
+"updates with the DNS server, insecure updates can be sent by setting this "
+"option to 'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299
+msgid "Default: GSS-TSIG"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305
+#, fuzzy
+#| msgid "dyndns_iface (string)"
+msgid "dyndns_auth_ptr (string)"
+msgstr "dyndns_iface (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308
+msgid ""
+"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
+"PTR updates with the DNS server, insecure updates can be sent by setting "
+"this option to 'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314
+msgid "Default: Same as dyndns_auth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:234
+msgid "ipa_enable_dns_sites (boolean)"
+msgstr "ipa_enable_dns_sites (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:237 sssd-ad.5.xml:238
+msgid "Enables DNS sites - location based service discovery."
+msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:241
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, then the SSSD will first attempt location "
+"based discovery using a query that contains \"_location.hostname.example."
+"com\" and then fall back to traditional SRV discovery. If the location based "
+"discovery succeeds, the IPA servers located with the location based "
+"discovery are treated as primary servers and the IPA servers located using "
+"the traditional SRV discovery are used as back up servers"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1240
+msgid "dyndns_refresh_interval (integer)"
+msgstr "dyndns_refresh_interval (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:263
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online. This option is "
+"optional and applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:276 sssd-ad.5.xml:1258
+msgid "dyndns_update_ptr (bool)"
+msgstr "dyndns_update_ptr (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:1261
+msgid ""
+"Whether the PTR record should also be explicitly updated when updating the "
+"client's DNS records. Applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:284
+msgid ""
+"This option should be False in most IPA deployments as the IPA server "
+"generates the PTR records automatically when forward records are changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266
+msgid ""
+"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not "
+"apply for PTR record updates. Those updates are always sent separately."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:295
+msgid "Default: False (disabled)"
+msgstr "初期値: False (無効)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277
+msgid "dyndns_force_tcp (bool)"
+msgstr "dyndns_force_tcp (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280
+msgid ""
+"Whether the nsupdate utility should default to using TCP for communicating "
+"with the DNS server."
+msgstr ""
+"nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するか"
+"どうか。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284
+msgid "Default: False (let nsupdate choose the protocol)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320
+msgid "dyndns_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323
+msgid ""
+"The DNS server to use when performing a DNS update. In most setups, it's "
+"recommended to leave this option unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328
+msgid ""
+"Setting this option makes sense for environments where the DNS server is "
+"different from the identity server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333
+msgid ""
+"Please note that this option will be only used in fallback attempt when "
+"previous attempt using autodetected settings failed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338
+msgid "Default: None (let nsupdate choose the server)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344
+msgid "dyndns_update_per_family (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347
+msgid ""
+"DNS update is by default performed in two steps - IPv4 update and then IPv6 "
+"update. In some cases it might be desirable to perform IPv4 and IPv6 update "
+"in single step."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:353
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ipa_access_order (string)"
+msgstr "ldap_access_order (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:360
+#, fuzzy
+#| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy."
+msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:399
+msgid ""
+"Please note that 'access_provider = ipa' must be set for this feature to "
+"work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:406
+msgid "ipa_deskprofile_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:409
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440
+msgid "Default: Use base DN"
+msgstr "初期値: ベース DN を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "ipa_subdomains_search_base (string)"
+msgid "ipa_subid_ranges_search_base (string)"
+msgstr "ipa_subdomains_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422
+#, fuzzy
+#| msgid ""
+#| "Optional. Use the given string as search base for HBAC related objects."
+msgid ""
+"Optional. Use the given string as search base for subordinate ranges related "
+"objects."
+msgstr ""
+"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
+"して使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:426
+#, fuzzy
+#| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>"
+msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:433
+msgid "ipa_hbac_search_base (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:436
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+"オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと"
+"して使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:446
+msgid "ipa_host_search_base (string)"
+msgstr "ipa_host_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:449
+msgid "Deprecated. Use ldap_host_search_base instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:455
+msgid "ipa_selinux_search_base (string)"
+msgstr "ipa_selinux_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:458
+msgid "Optional. Use the given string as search base for SELinux user maps."
+msgstr ""
+"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと"
+"して使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:474
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_subdomains_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:477
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列"
+"を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:486
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:493
+msgid "ipa_master_domain_search_base (string)"
+msgstr "ipa_master_domain_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:496
+msgid "Optional. Use the given string as search base for master domain object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:505
+msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:512
+msgid "ipa_views_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:515
+msgid "Optional. Use the given string as search base for views containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:524
+msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:534
+msgid ""
+"The name of the Kerberos realm. This is optional and defaults to the value "
+"of <quote>ipa_domain</quote>."
+msgstr ""
+"Kerberos レルムの名前です。これはオプションで、初期値は <quote>ipa_domain</"
+"quote> の値です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:538
+msgid ""
+"The name of the Kerberos realm has a special meaning in IPA - it is "
+"converted into the base DN to use for performing LDAP operations."
+msgstr ""
+"IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するた"
+"めに使用するベース DN に変換されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362
+msgid "krb5_confd_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365
+msgid ""
+"Absolute path of a directory where SSSD should place Kerberos configuration "
+"snippets."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369
+msgid ""
+"To disable the creation of the configuration snippets set the parameter to "
+"'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373
+msgid ""
+"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:564
+msgid "ipa_deskprofile_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:567
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599
+msgid "Default: 5 (seconds)"
+msgstr "初期値: 5 (秒)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:580
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:583
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:588
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:594
+msgid "ipa_hbac_refresh (integer)"
+msgstr "ipa_hbac_refresh (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:597
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:610
+msgid "ipa_hbac_selinux (integer)"
+msgstr "ipa_hbac_selinux (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:613
+msgid ""
+"The amount of time between lookups of the SELinux maps against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many user login requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:626
+msgid "ipa_server_mode (boolean)"
+msgstr "ipa_server_mode (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:629
+msgid ""
+"This option will be set by the IPA installer (ipa-server-install) "
+"automatically and denotes if SSSD is running on an IPA server or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:634
+msgid ""
+"On an IPA server SSSD will lookup users and groups from trusted domains "
+"directly while on a client it will ask an IPA server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:639
+msgid ""
+"NOTE: There are currently some assumptions that must be met when SSSD is "
+"running on an IPA server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:644
+msgid ""
+"The <quote>ipa_server</quote> option must be configured to point to the IPA "
+"server itself. This is already the default set by the IPA installer, so no "
+"manual change is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:653
+msgid ""
+"The <quote>full_name_format</quote> option must not be tweaked to only print "
+"short names for users from trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:668
+msgid "ipa_automount_location (string)"
+msgstr "ipa_automount_location (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:671
+msgid "The automounter location this IPA client will be using"
+msgstr "この IPA クライアントが使用する automounter の場所です"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:674
+msgid "Default: The location named \"default\""
+msgstr "初期値: \"default\" という名前の場所"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:682
+msgid "VIEWS AND OVERRIDES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:691
+msgid "ipa_view_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:694
+msgid "Objectclass of the view container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:697
+msgid "Default: nsContainer"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:703
+msgid "ipa_view_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:706
+msgid "Name of the attribute holding the name of the view."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496
+#: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911
+#: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066
+#: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269
+msgid "Default: cn"
+msgstr "初期値: cn"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:716
+msgid "ipa_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:719
+msgid "Objectclass of the override objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:722
+msgid "Default: ipaOverrideAnchor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:728
+msgid "ipa_anchor_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:731
+msgid ""
+"Name of the attribute containing the reference to the original object in a "
+"remote domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:735
+msgid "Default: ipaAnchorUUID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:741
+msgid "ipa_user_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:744
+msgid ""
+"Name of the objectclass for user overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:749
+msgid "User overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:752
+msgid "ldap_user_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:755
+msgid "ldap_user_uid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:758
+msgid "ldap_user_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:761
+msgid "ldap_user_gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:764
+msgid "ldap_user_home_directory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:767
+msgid "ldap_user_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:770
+msgid "ldap_user_ssh_public_key"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:775
+msgid "Default: ipaUserOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:781
+msgid "ipa_group_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:784
+msgid ""
+"Name of the objectclass for group overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:789
+msgid "Group overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:792
+msgid "ldap_group_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:795
+msgid "ldap_group_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:800
+msgid "Default: ipaGroupOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:684
+msgid ""
+"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
+"later version. Since all paths and objectclasses are fixed on the server "
+"side there is basically no need to configure anything. For completeness the "
+"related options are listed here with their default values. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ipa.5.xml:812
+msgid "SUBDOMAINS PROVIDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:814
+msgid ""
+"The IPA subdomains provider behaves slightly differently if it is configured "
+"explicitly or implicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:818
+msgid ""
+"If the option 'subdomains_provider = ipa' is found in the domain section of "
+"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
+"subdomain requests are sent to the IPA server if necessary."
+msgstr ""
+"'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見"
+"つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブド"
+"メインのリクエストが必要に応じて IPA サーバーに送られます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:824
+msgid ""
+"If the option 'subdomains_provider' is not set in the domain section of sssd."
+"conf but there is the option 'id_provider = ipa', the IPA subdomains "
+"provider is configured implicitly. In this case, if a subdomain request "
+"fails and indicates that the server does not support subdomains, i.e. is not "
+"configured for trusts, the IPA subdomains provider is disabled. After an "
+"hour or after the IPA provider goes online, the subdomains provider is "
+"enabled again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ipa.5.xml:835
+msgid "TRUSTED DOMAINS CONFIGURATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:843
+#, no-wrap
+msgid ""
+"[domain/ipa.domain.com/ad.domain.com]\n"
+"ad_server = dc.ad.domain.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:837
+msgid ""
+"Some configuration options can also be set for a trusted domain. A trusted "
+"domain configuration can be set using the trusted domain subsection as shown "
+"in the example below. Alternatively, the <quote>subdomain_inherit</quote> "
+"option can be used in the parent domain. <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:848
+msgid ""
+"For more details, see the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:855
+msgid ""
+"Different configuration options are tunable for a trusted domain depending "
+"on whether you are configuring SSSD on an IPA server or an IPA client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:860
+msgid "OPTIONS TUNABLE ON IPA MASTERS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:862
+msgid ""
+"The following options can be set in a subdomain section on an IPA master:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896
+msgid "ad_server"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:869
+msgid "ad_backup_server"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899
+msgid "ad_site"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:875
+msgid "ldap_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:878
+msgid "ldap_user_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:881
+msgid "ldap_group_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:890
+msgid "OPTIONS TUNABLE ON IPA CLIENTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:892
+msgid ""
+"The following options can be set in a subdomain section on an IPA client:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:904
+msgid ""
+"Note that if both options are set, only <quote>ad_server</quote> is "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:908
+msgid ""
+"Since any request for a user or a group identity from a trusted domain "
+"triggered from an IPA client is resolved by the IPA server, the "
+"<quote>ad_server</quote> and <quote>ad_site</quote> options only affect "
+"which AD DC will the authentication be performed against. In particular, the "
+"addresses resolved from these lists will be written to <quote>kdcinfo</"
+"quote> files read by the Kerberos locator plugin. Please refer to the "
+"<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> manual page for more details on the "
+"Kerberos locator plugin."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:932
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the ipa provider-specific options."
+msgstr ""
+"以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
+"replaceable> セクションにあるドメインの 1 つであることを仮定しています。この"
+"例は IPA プロバイダー固有のオプションのみを示しています。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:939
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"id_provider = ipa\n"
+"ipa_server = ipaserver.example.com\n"
+"ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
+msgid "sssd-ad"
+msgstr "sssd-ad"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:23
+msgid ""
+"This manual page describes the configuration of the AD provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:36
+msgid ""
+"The AD provider is a back end used to connect to an Active Directory server. "
+"This provider requires that the machine be joined to the AD domain and a "
+"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
+"channel, SSL/TLS options should not be used with the AD provider and will be "
+"superseded by Kerberos usage."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:44
+msgid ""
+"The AD provider supports connecting to Active Directory 2008 R2 or later. "
+"Earlier versions may work, but are unsupported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:48
+msgid ""
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:54
+msgid ""
+"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
+"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
+"optimizations for Active Directory environments. The AD provider accepts the "
+"same options used by the sssd-ldap and sssd-krb5 providers with some "
+"exceptions. However, it is neither necessary nor recommended to set these "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:69
+msgid ""
+"The AD provider primarily copies the traditional ldap and krb5 provider "
+"default options with some exceptions, the differences are listed in the "
+"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:74
+msgid ""
+"The AD provider can also be used as an access, chpass, sudo and autofs "
+"provider. No configuration of the access provider is required on the client "
+"side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:79
+msgid ""
+"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
+"configured in sssd.conf then the id_provider must also be set to <quote>ad</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:91
+#, no-wrap
+msgid ""
+"ldap_id_mapping = False\n"
+" "
+msgstr ""
+"ldap_id_mapping = False\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:85
+msgid ""
+"By default, the AD provider will map UID and GID values from the objectSID "
+"parameter in Active Directory. For details on this, see the <quote>ID "
+"MAPPING</quote> section below. If you want to disable ID mapping and instead "
+"rely on POSIX attributes defined in Active Directory, you should set "
+"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
+"be used, it is recommended for performance reasons that the attributes are "
+"also replicated to the Global Catalog. If POSIX attributes are replicated, "
+"SSSD will attempt to locate the domain of a requested numerical ID with the "
+"help of the Global Catalog and only search that domain. In contrast, if "
+"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
+"all the domains in the forest sequentially. Please note that the "
+"<quote>cache_first</quote> option might be also helpful in speeding up "
+"domainless searches. Note that if only a subset of POSIX attributes is "
+"present in the Global Catalog, the non-replicated attributes are currently "
+"not read from the LDAP port."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:108
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:113
+msgid ""
+"SSSD only resolves Active Directory Security Groups. For more information "
+"about AD group types see: <ulink url=\"https://docs.microsoft.com/en-us/"
+"windows-server/identity/ad-ds/manage/understand-security-groups\"> Active "
+"Directory security groups</ulink>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:120
+msgid ""
+"SSSD filters out Domain Local groups from remote domains in the AD forest. "
+"By default they are filtered out e.g. when following a nested group "
+"hierarchy in remote domains because they are not valid in the local domain. "
+"This is done to be in agreement with Active Directory's group-membership "
+"assignment which can be seen in the PAC of the Kerberos ticket of a user "
+"issued by Active Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:138
+msgid "ad_domain (string)"
+msgstr "ad_domain (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:141
+msgid ""
+"Specifies the name of the Active Directory domain. This is optional. If not "
+"provided, the configuration domain name is used."
+msgstr ""
+"Active Directory ドメインの名前を指定します。これはオプションです。指定されな"
+"ければ、設定のドメイン名が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:146
+msgid ""
+"For proper operation, this option should be specified as the lower-case "
+"version of the long version of the Active Directory domain."
+msgstr ""
+"正しい動作のために、このオプションは Active Directory ドメインの長いバージョ"
+"ンの小文字バージョンとして指定されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:151
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) is "
+"autodetected by the SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:158
+msgid "ad_enabled_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:161
+msgid ""
+"A comma-separated list of enabled Active Directory domains. If provided, "
+"SSSD will ignore any domains not listed in this option. If left unset, all "
+"discovered domains from the AD forest will be available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:168
+msgid ""
+"During the discovery of the domains SSSD will filter out some domains where "
+"flags or attributes indicate that they do not belong to the local forest or "
+"are not trusted. If ad_enabled_domains is set, SSSD will try to enable all "
+"listed domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:179
+#, no-wrap
+msgid ""
+"ad_enabled_domains = sales.example.com, eng.example.com\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"For proper operation, this option must be specified in all lower-case and as "
+"the fully qualified domain name of the Active Directory domain. For example: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) will be "
+"autodetected by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:193
+msgid "ad_server, ad_backup_server (string)"
+msgstr "ad_server, ad_backup_server (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:196
+msgid ""
+"The comma-separated list of hostnames of the AD servers to which SSSD should "
+"connect in order of preference. For more information on failover and server "
+"redundancy, see the <quote>FAILOVER</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:203
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:208
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:216
+msgid "ad_hostname (string)"
+msgstr "ad_hostname (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:219
+msgid ""
+"Optional. On machines where the hostname(5) does not reflect the fully "
+"qualified name, sssd will try to expand the short name. If it is not "
+"possible or the short name should be really used instead, set this parameter "
+"explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:226
+msgid ""
+"This field is used to determine the host principal in use in the keytab and "
+"to perform dynamic DNS updates. It must match the hostname for which the "
+"keytab was issued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:235
+msgid "ad_enable_dns_sites (boolean)"
+msgstr "ad_enable_dns_sites (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, the SSSD will first attempt to discover the "
+"Active Directory server to connect to using the Active Directory Site "
+"Discovery and fall back to the DNS SRV records if no AD site is found. The "
+"DNS SRV configuration, including the discovery domain, is used during site "
+"discovery as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:258
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:261
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:269
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:277
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:285
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:290
+msgid ""
+"Nested group membership must be searched for using a special OID "
+"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
+"example.org: syntax to ensure the parser does not attempt to interpret the "
+"colon characters associated with the OID. If you do not use this OID then "
+"nested group membership will not be resolved. See usage example below and "
+"refer here for further information about the OID: <ulink url=\"https://msdn."
+"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
+"extensions</ulink>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:314
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+"\n"
+"# apply filter for a member of a nested group in dom1:\n"
+"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:333
+msgid "ad_site (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:336
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:347
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:350
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:358
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:372
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:375
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:384
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to the host. For more "
+"information on the supported policy settings please refer to the "
+"<quote>ad_gpo_map</quote> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:392
+msgid ""
+"Please note that current version of SSSD does not support Active Directory's "
+"built-in groups. Built-in groups (such as Administrators with SID "
+"S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See "
+"upstream issue tracker https://github.com/SSSD/sssd/issues/5063 ."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:401
+msgid ""
+"Before performing access control SSSD applies group policy security "
+"filtering on the GPOs. For every single user login, the applicability of the "
+"GPOs that are linked to the host is checked. In order for a GPO to apply to "
+"a user, the user or at least one of the groups to which it belongs must have "
+"following permissions on the GPO:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:411
+msgid ""
+"Read: The user or one of its groups must have read access to the properties "
+"of the GPO (RIGHT_DS_READ_PROPERTY)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:418
+msgid ""
+"Apply Group Policy: The user or at least one of its groups must be allowed "
+"to apply the GPO (RIGHT_DS_CONTROL_ACCESS)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:426
+msgid ""
+"By default, the Authenticated Users group is present on a GPO and this group "
+"has both Read and Apply Group Policy access rights. Since authentication of "
+"a user must have been completed successfully before GPO security filtering "
+"and access control are started, the Authenticated Users group permissions on "
+"the GPO always apply also to the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:435
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing. For logging GPO-based access control debug level 'trace "
+"functions' is required (see <citerefentry> <refentrytitle>sssctl</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:454
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:458
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:464
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:470
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:481
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:484
+msgid "Default: enforcing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:490
+msgid "ad_gpo_implicit_deny (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:493
+msgid ""
+"Normally when no applicable GPOs are found the users are allowed access. "
+"When this option is set to True users will be allowed access only when "
+"explicitly allowed by a GPO rule. Otherwise users will be denied access. "
+"This can be used to harden security but be careful when using this option "
+"because it can deny access even to users in the built-in Administrators "
+"group if no GPO rules apply to them."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:509
+msgid ""
+"The following 2 tables should illustrate when a user is allowed or rejected "
+"based on the allow and deny login rights defined on the server-side and the "
+"setting of ad_gpo_implicit_deny."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+#: sssd-ad.5.xml:521
+msgid "ad_gpo_implicit_deny = False (default)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+#: sssd-ad.5.xml:522 sssd-ad.5.xml:548
+msgid "allow-rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+#: sssd-ad.5.xml:522 sssd-ad.5.xml:548
+msgid "deny-rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+#: sssd-ad.5.xml:523 sssd-ad.5.xml:549
+msgid "results"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
+#: sssd-ad.5.xml:526 sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:552
+#: sssd-ad.5.xml:555 sssd-ad.5.xml:558
+msgid "missing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+#: sssd-ad.5.xml:527
+#, fuzzy
+#| msgid "The following values are allowed:"
+msgid "all users are allowed"
+msgstr "以下の値が許可されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry>
+#: sssd-ad.5.xml:529 sssd-ad.5.xml:532 sssd-ad.5.xml:535 sssd-ad.5.xml:555
+#: sssd-ad.5.xml:558 sssd-ad.5.xml:561
+msgid "present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+#: sssd-ad.5.xml:530
+msgid "only users not in deny-rules are allowed"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+#: sssd-ad.5.xml:533 sssd-ad.5.xml:559
+#, fuzzy
+#| msgid "The following values are allowed:"
+msgid "only users in allow-rules are allowed"
+msgstr "以下の値が許可されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+#: sssd-ad.5.xml:536 sssd-ad.5.xml:562
+msgid "only users in allow-rules and not in deny-rules are allowed"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><thead><row><entry>
+#: sssd-ad.5.xml:547
+msgid "ad_gpo_implicit_deny = True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><informaltable><tgroup><tbody><row><entry><para>
+#: sssd-ad.5.xml:553 sssd-ad.5.xml:556
+#, fuzzy
+#| msgid "The following values are allowed:"
+msgid "no users are allowed"
+msgstr "以下の値が許可されます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:569
+msgid "ad_gpo_ignore_unreadable (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:572
+msgid ""
+"Normally when some group policy containers (AD object) of applicable group "
+"policy objects are not readable by SSSD then users are denied access. This "
+"option allows to ignore group policy containers and with them associated "
+"policies if their attributes in group policy containers are not readable for "
+"SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:589
+msgid "ad_gpo_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:592
+msgid ""
+"The amount of time between lookups of GPO policy files against the AD "
+"server. This will reduce the latency and load on the AD server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:605
+msgid "ad_gpo_map_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:608
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the InteractiveLogonRight and "
+"DenyInteractiveLogonRight policy settings. Only those GPOs are evaluated "
+"for which the user has Read and Apply Group Policy permission (see option "
+"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the "
+"deny interactive logon setting for the user or one of its groups, the user "
+"is denied local access. If none of the evaluated GPOs has an interactive "
+"logon right defined, the user is granted local access. If at least one "
+"evaluated GPO contains interactive logon right settings, the user is granted "
+"local access only, if it or at least one of its groups is part of the policy "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:626
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on locally\" and \"Deny log on locally\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:640
+#, no-wrap
+msgid ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:631
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>login</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:663
+msgid "gdm-fingerprint"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:683
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:688
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:693
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:698
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:703
+msgid "xdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:712
+msgid "ad_gpo_map_remote_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:715
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the RemoteInteractiveLogonRight and "
+"DenyRemoteInteractiveLogonRight policy settings. Only those GPOs are "
+"evaluated for which the user has Read and Apply Group Policy permission (see "
+"option <quote>ad_gpo_access_control</quote>). If an evaluated GPO contains "
+"the deny remote logon setting for the user or one of its groups, the user is "
+"denied remote interactive access. If none of the evaluated GPOs has a "
+"remote interactive logon right defined, the user is granted remote access. "
+"If at least one evaluated GPO contains remote interactive logon right "
+"settings, the user is granted remote access only, if it or at least one of "
+"its groups is part of the policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:734
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on through Remote Desktop Services\" and \"Deny log on through Remote "
+"Desktop Services\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:749
+#, no-wrap
+msgid ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:740
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>sshd</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:757
+msgid "sshd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:762
+msgid "cockpit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:771
+msgid "ad_gpo_map_network (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:774
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the NetworkLogonRight and "
+"DenyNetworkLogonRight policy settings. Only those GPOs are evaluated for "
+"which the user has Read and Apply Group Policy permission (see option "
+"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the "
+"deny network logon setting for the user or one of its groups, the user is "
+"denied network logon access. If none of the evaluated GPOs has a network "
+"logon right defined, the user is granted logon access. If at least one "
+"evaluated GPO contains network logon right settings, the user is granted "
+"logon access only, if it or at least one of its groups is part of the policy "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:792
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Access "
+"this computer from the network\" and \"Deny access to this computer from the "
+"network\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:807
+#, no-wrap
+msgid ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:798
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>ftp</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:815
+msgid "ftp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:820
+msgid "samba"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:829
+msgid "ad_gpo_map_batch (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:832
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
+"policy settings. Only those GPOs are evaluated for which the user has Read "
+"and Apply Group Policy permission (see option <quote>ad_gpo_access_control</"
+"quote>). If an evaluated GPO contains the deny batch logon setting for the "
+"user or one of its groups, the user is denied batch logon access. If none "
+"of the evaluated GPOs has a batch logon right defined, the user is granted "
+"logon access. If at least one evaluated GPO contains batch logon right "
+"settings, the user is granted logon access only, if it or at least one of "
+"its groups is part of the policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:850
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a batch job\" and \"Deny log on as a batch job\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:864
+#, no-wrap
+msgid ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:855
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>crond</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:867
+msgid ""
+"Note: Cron service name may differ depending on Linux distribution used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:873
+msgid "crond"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:882
+msgid "ad_gpo_map_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:885
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the ServiceLogonRight and "
+"DenyServiceLogonRight policy settings. Only those GPOs are evaluated for "
+"which the user has Read and Apply Group Policy permission (see option "
+"<quote>ad_gpo_access_control</quote>). If an evaluated GPO contains the "
+"deny service logon setting for the user or one of its groups, the user is "
+"denied service logon access. If none of the evaluated GPOs has a service "
+"logon right defined, the user is granted logon access. If at least one "
+"evaluated GPO contains service logon right settings, the user is granted "
+"logon access only, if it or at least one of its groups is part of the policy "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:903
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a service\" and \"Deny log on as a service\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:916
+#, no-wrap
+msgid ""
+"ad_gpo_map_service = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:908 sssd-ad.5.xml:983
+msgid ""
+"It is possible to add a PAM service name to the default set by using "
+"<quote>+service_name</quote>. Since the default set is empty, it is not "
+"possible to remove a PAM service name from the default set. For example, in "
+"order to add a custom pam service name (e.g. <quote>my_pam_service</quote>), "
+"you would use the following configuration: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:926
+msgid "ad_gpo_map_permit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:929
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always granted, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:943
+#, no-wrap
+msgid ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:934
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for unconditionally permitted "
+"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:951
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:966
+msgid "systemd-user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:975
+msgid "ad_gpo_map_deny (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:978
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always denied, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:991
+#, no-wrap
+msgid ""
+"ad_gpo_map_deny = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1001
+msgid "ad_gpo_default_right (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1004
+msgid ""
+"This option defines how access control is evaluated for PAM service names "
+"that are not explicitly listed in one of the ad_gpo_map_* options. This "
+"option can be set in two different manners. First, this option can be set to "
+"use a default logon right. For example, if this option is set to "
+"'interactive', it means that unmapped PAM service names will be processed "
+"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
+"settings. Alternatively, this option can be set to either always permit or "
+"always deny access for unmapped PAM service names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1017
+msgid "Supported values for this option include:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1026
+msgid "remote_interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1031
+msgid "network"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1036
+msgid "batch"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1041
+msgid "service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1046
+msgid "permit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:1051
+msgid "deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1057
+msgid "Default: deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1063
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1066
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1072
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1078
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1081
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expects 2 integers separated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1090
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1096
+msgid "ad_update_samba_machine_account_password (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1099
+msgid ""
+"If enabled, when SSSD renews the machine account password, it will also be "
+"updated in Samba's database. This prevents Samba's copy of the machine "
+"account password from getting out of date when it is set up to use AD for "
+"authentication."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1112
+msgid "ad_use_ldaps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1115
+msgid ""
+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
+"have multiple encryption layers on a single connection and we still want to "
+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
+"property maxssf is set to 0 (zero) for those connections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:1132
+#, fuzzy
+#| msgid "ldap_sudo_include_netgroups (boolean)"
+msgid "ad_allow_remote_domain_local_groups (boolean)"
+msgstr "ldap_sudo_include_netgroups (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1135
+msgid ""
+"If this option is set to <quote>true</quote> SSSD will not filter out Domain "
+"Local groups from remote domains in the AD forest. By default they are "
+"filtered out e.g. when following a nested group hierarchy in remote domains "
+"because they are not valid in the local domain. To be compatible with other "
+"solutions which make AD users and groups available on Linux client this "
+"option was added."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1145
+msgid ""
+"Please note that setting this option to <quote>true</quote> will be against "
+"the intention of Domain Local group in Active Directory and <emphasis>SHOULD "
+"ONLY BE USED TO FACILITATE MIGRATION FROM OTHER SOLUTIONS</emphasis>. "
+"Although the group exists and user can be member of the group the intention "
+"is that the group should be only used in the domain it is defined and in no "
+"others. Since there is only one type of POSIX groups the only way to achieve "
+"this on the Linux side is to ignore those groups. This is also done by "
+"Active Directory as can be seen in the PAC of the Kerberos ticket for a "
+"local service or in tokenGroups requests where remote Domain Local groups "
+"are missing as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1161
+msgid ""
+"Given the comments above, if this option is set to <quote>true</quote> the "
+"tokenGroups request must be disabled by setting <quote>ldap_use_tokengroups</"
+"quote> to <quote>false</quote> to get consistent group-memberships of a "
+"users. Additionally the Global Catalog lookup should be skipped as well by "
+"setting <quote>ad_enable_gc</quote> to <quote>false</quote>. Finally it "
+"might be necessary to modify <quote>ldap_group_nesting_level</quote> if the "
+"remote Domain Local groups can only be found with a deeper nesting level."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1184
+msgid ""
+"Optional. This option tells SSSD to automatically update the Active "
+"Directory DNS server with the IP address of this client. The update is "
+"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
+"only needs to allow secure updates for the DNS zone. The IP address of the "
+"AD LDAP connection is used for the updates, if it is not otherwise specified "
+"by using the <quote>dyndns_iface</quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1214
+msgid "Default: 3600 (seconds)"
+msgstr "初期値: 3600 (秒)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1230
+msgid ""
+"Default: Use the IP addresses of the interface which is used for AD LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:1243
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online. This option is "
+"optional and applicable only when dyndns_update is true. Note that the "
+"lowest possible value is 60 seconds in-case if value is provided less than "
+"60, parameter will assume lowest value only."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1393
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This example shows only the AD provider-specific options."
+msgstr ""
+"以下の例は SSSD が正しく設定され、example.com が <replaceable>[sssd]</"
+"replaceable> セクションにあるドメインの一つであると仮定しています。この例は "
+"AD プロバイダー固有のオプションのみ示してします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:1400
+#, no-wrap
+msgid ""
+"[domain/EXAMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.example.com\n"
+"ad_hostname = client.example.com\n"
+"ad_domain = example.com\n"
+msgstr ""
+"[domain/EXAMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.example.com\n"
+"ad_hostname = client.example.com\n"
+"ad_domain = example.com\n"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:1420
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
+msgstr ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1416
+msgid ""
+"The AD access control provider checks if the account is expired. It has the "
+"same effect as the following configuration of the LDAP provider: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1426
+msgid ""
+"However, unless the <quote>ad</quote> access control provider is explicitly "
+"configured, the default access provider is <quote>permit</quote>. Please "
+"note that if you configure an access provider other than <quote>ad</quote>, "
+"you need to set all the connection parameters (such as LDAP URIs and "
+"encryption details) manually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1434
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+msgid "sssd-sudo"
+msgstr "sssd-sudo"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-sudo.5.xml:17
+msgid "Configuring sudo with the SSSD back end"
+msgstr "SSSD バックエンドを用いた sudo の設定法"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:36
+msgid "Configuring sudo to cooperate with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:38
+msgid ""
+"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
+"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
+"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:47
+msgid ""
+"For example, to configure sudo to first lookup rules in the standard "
+"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> file (which should contain rules that apply to "
+"local users) and then in SSSD, the nsswitch.conf file should contain the "
+"following line:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:57
+#, no-wrap
+msgid "sudoers: files sss\n"
+msgstr "sudoers: files sss\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:61
+msgid ""
+"More information about configuring the sudoers search order from the "
+"nsswitch.conf file as well as information about the LDAP schema that is used "
+"to store sudo rules in the directory can be found in <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:82
+msgid "Configuring SSSD to fetch sudo rules"
+msgstr "sudo ルールを取得するよう SSSD を設定する方法"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
+msgid ""
+"The following example shows how to configure SSSD to download sudo rules "
+"from an LDAP server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:99
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXAMPLE\n"
+"\n"
+"[domain/EXAMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://example.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
+msgstr ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXAMPLE\n"
+"\n"
+"[domain/EXAMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://example.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:98
+msgid ""
+"<placeholder type=\"programlisting\" id=\"0\"/> <phrase "
+"condition=\"have_systemd\"> It's important to note that on platforms where "
+"systemd is supported there's no need to add the \"sudo\" provider to the "
+"list of services, as it became optional. However, sssd-sudo.socket must be "
+"enabled instead. </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:118
+msgid ""
+"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
+"automatically enabled. The sudo search base is configured to use the IPA "
+"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
+"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
+"$SUFFIX) is no longer required for IPA sudo functionality."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:128
+msgid "The SUDO rule caching mechanism"
+msgstr "SUDO ルールキャッシュメカニズム"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:130
+msgid ""
+"The biggest challenge, when developing sudo support in SSSD, was to ensure "
+"that running sudo with SSSD as the data source provides the same user "
+"experience and is as fast as sudo but keeps providing the most current set "
+"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
+"of updates. They are referred to as full refresh, smart refresh and rules "
+"refresh."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:138
+msgid ""
+"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
+"new or were modified after the last update. Its primary goal is to keep the "
+"database growing by fetching only small increments that do not generate "
+"large amounts of network traffic."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:144
+msgid ""
+"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
+"in the cache and replaces them with all rules that are stored on the server. "
+"This is used to keep the cache consistent by removing every rule which was "
+"deleted from the server. However, full refresh may produce a lot of traffic "
+"and thus it should be run only occasionally depending on the size and "
+"stability of the sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:152
+msgid ""
+"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
+"more permission than defined. It is triggered each time the user runs sudo. "
+"Rules refresh will find all rules that apply to this user, check their "
+"expiration time and redownload them if expired. In the case that any of "
+"these rules are missing on the server, the SSSD will do an out of band full "
+"refresh because more rules (that apply to other users) may have been deleted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:161
+msgid ""
+"If enabled, SSSD will store only rules that can be applied to this machine. "
+"This means rules that contain one of the following values in "
+"<emphasis>sudoHost</emphasis> attribute:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:168
+msgid "keyword ALL"
+msgstr "keyword ALL"
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:173
+msgid "wildcard"
+msgstr "ワイルドカード"
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:178
+msgid "netgroup (in the form \"+netgroup\")"
+msgstr "netgroup (\"+netgroup\" の形式)"
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:183
+msgid "hostname or fully qualified domain name of this machine"
+msgstr "このマシンのホスト名または完全修飾ドメイン名"
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:188
+msgid "one of the IP addresses of this machine"
+msgstr "このマシンの IP アドレスのどれか"
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:193
+msgid "one of the IP addresses of the network (in the form \"address/mask\")"
+msgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:199
+msgid ""
+"There are many configuration options that can be used to adjust the "
+"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:213
+msgid "Tuning the performance"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:215
+msgid ""
+"SSSD uses different kinds of mechanisms with more or less complex LDAP "
+"filters to keep the cached sudo rules up to date. The default configuration "
+"is set to values that should satisfy most of our users, but the following "
+"paragraphs contain few tips on how to fine- tune the configuration to your "
+"requirements."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:222
+msgid ""
+"1. <emphasis>Index LDAP attributes</emphasis>. Make sure that following LDAP "
+"attributes are indexed: objectClass, cn, entryUSN or modifyTimestamp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:227
+msgid ""
+"2. <emphasis>Set ldap_sudo_search_base</emphasis>. Set the search base to "
+"the container that holds the sudo rules to limit the scope of the lookup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:232
+msgid ""
+"3. <emphasis>Set full and smart refresh interval</emphasis>. If your sudo "
+"rules do not change often and you do not require quick update of cached "
+"rules on your clients, you may consider increasing the "
+"<emphasis>ldap_sudo_full_refresh_interval</emphasis> and "
+"<emphasis>ldap_sudo_smart_refresh_interval</emphasis>. You may also consider "
+"disabling the smart refresh by setting "
+"<emphasis>ldap_sudo_smart_refresh_interval = 0</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:241
+msgid ""
+"4. If you have large number of clients, you may consider increasing the "
+"value of <emphasis>ldap_sudo_random_offset</emphasis> to distribute the load "
+"on the server better."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr "sssd"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr "System Security Services Daemon"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote "
+"directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム"
+"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター"
+"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ"
+"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク"
+"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを"
+"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す"
+"るためのより強靭なデータベースを提供します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:53
+msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:57
+msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
+msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:60
+msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
+msgstr "<emphasis>0</emphasis>: デバッグメッセージで日時を無効にします"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:69
+msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
+msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:73
+msgid ""
+"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
+msgstr ""
+"<emphasis>1</emphasis>: デバッグメッセージにミリ秒をタイムスタンプに追加しま"
+"す"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:76
+msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
+msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:85
+msgid "<option>--logger=</option><replaceable>value</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:89
+msgid "Location where SSSD will send log messages."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:92
+msgid ""
+"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
+"output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:96
+msgid ""
+"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
+"default, the log files are stored in <filename>/var/log/sssd</filename> and "
+"there are separate log files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:102
+msgid ""
+"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:106
+msgid ""
+"Default: not set (fall back to journald if available, otherwise to stderr)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:113
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:117
+msgid "Become a daemon after starting up."
+msgstr "起動後にデーモンになります。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:123 sss_seed.8.xml:136
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr "<option>-i</option>,<option>--interactive</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:127
+msgid "Run in the foreground, don't become a daemon."
+msgstr "フォアグラウンドで実行して、デーモンになりません。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:133
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr "<option>-c</option>,<option>--config</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:137
+msgid ""
+"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
+"conf</filename>. For reference on the config file syntax and options, "
+"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"非標準の設定ファイルを指定します。初期値は <filename>/etc/sssd/sssd.conf</"
+"filename> です。設定ファイルの構文とオプションは <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> マニュアルページを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:150
+msgid "<option>-g</option>,<option>--genconf</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:154
+msgid ""
+"Do not start the SSSD, but refresh the configuration database from the "
+"contents of <filename>/etc/sssd/sssd.conf</filename> and exit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:162
+msgid "<option>-s</option>,<option>--genconf-section</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:166
+msgid ""
+"Similar to <quote>--genconf</quote>, but only refresh a single section from "
+"the configuration file. This option is useful mainly to be called from "
+"systemd unit files to allow socket-activated responders to refresh their "
+"configuration without requiring the administrator to restart the whole SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:178
+msgid "<option>--version</option>"
+msgstr "<option>--version</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:182
+msgid "Print version number and exit."
+msgstr "バージョン番号を表示して終了します。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:190
+msgid "Signals"
+msgstr "シグナル"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:193
+msgid "SIGTERM/SIGINT"
+msgstr "SIGTERM/SIGINT"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:196
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then "
+"shut down the monitor."
+msgstr ""
+"SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダ"
+"ウンします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:202
+msgid "SIGHUP"
+msgstr "SIGHUP"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:205
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs "
+"like logrotate."
+msgstr ""
+"SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを"
+"閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用い"
+"てログローテーションを促進することを意味します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:213
+msgid "SIGUSR1"
+msgstr "SIGUSR1"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:216
+msgid ""
+"Tells the SSSD to simulate offline operation for the duration of the "
+"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:225
+msgid "SIGUSR2"
+msgstr "SIGUSR2"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:228
+msgid ""
+"Tells the SSSD to go online immediately. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:240
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:244
+msgid ""
+"If the environment variable SSS_LOCKFREE is set to \"NO\", requests from "
+"multiple threads of a single application will be serialized."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr "sss_obfuscate"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr "平文パスワードをわかりにくくする"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
+msgstr ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+"<command>sss_obfuscate</command> は、与えられたパスワードを人間が読みにくい形"
+"式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password is read from standard input or entered "
+"interactively. The obfuscated password is put into "
+"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
+"<quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more details on these parameters."
+msgstr ""
+"平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。"
+"解読しにくくされたパスワードが指定された SSSD ドメインの "
+"<quote>ldap_default_authtok</quote> パラメータに置かれます。また "
+"<quote>ldap_default_authtok_type</quote> パラメーターが "
+"<quote>obfuscated_password</quote> に設定されます。これらのパラメーターの詳細"
+"は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:49
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ"
+"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ"
+"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること"
+"を <emphasis>強く</emphasis> 推奨します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:63
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr "<option>-s</option>,<option>--stdin</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:67
+msgid "The password to obfuscate will be read from standard input."
+msgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:127
+#: sss_ssh_knownhostsproxy.1.xml:78
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:79
+msgid ""
+"The SSSD domain to use the password in. The default name is <quote>default</"
+"quote>."
+msgstr ""
+"パスワードに使用する SSSD ドメインです。名前の初期値は <quote>default</"
+"quote> です。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:86
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:91
+msgid "Read the config file specified by the positional parameter."
+msgstr "位置パラメーターにより指定された設定ファイルを読み込みます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:95
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_override.8.xml:10 sss_override.8.xml:15
+msgid "sss_override"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_override.8.xml:16
+msgid "create local overrides of user and group attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_override.8.xml:21
+msgid ""
+"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:32
+msgid ""
+"<command>sss_override</command> enables to create a client-side view and "
+"allows to change selected values of specific user and groups. This change "
+"takes effect only on local machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:37
+msgid ""
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:48
+msgid ""
+"<emphasis>NOTE:</emphasis> The options provided in this man page only work "
+"with <quote>ldap</quote> and <quote>AD</quote> <quote> id_provider</quote>. "
+"IPA overrides can be managed centrally on the IPA server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:56 sssctl.8.xml:41
+msgid "AVAILABLE COMMANDS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:58
+msgid ""
+"Argument <emphasis>NAME</emphasis> is the name of original object in all "
+"commands. It is not possible to override <emphasis>uid</emphasis> or "
+"<emphasis>gid</emphasis> to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:65
+msgid ""
+"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
+"optional> <optional><option>-g,--gid</option> GID</optional> "
+"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
+"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:78
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:86
+msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:91
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:100
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:105
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:113
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:118
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:124
+msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:129
+msgid ""
+"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard passwd file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:134
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:137
+msgid ""
+"where original_name is original name of the user whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:146
+msgid "ckent:superman::::::"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:149
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:155
+msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:160
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>user-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:168
+msgid ""
+"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:175
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:183
+msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:188
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:197
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:202
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:210
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:215
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:221
+msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:226
+msgid ""
+"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard group file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:231
+msgid "original_name:name:gid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:234
+msgid ""
+"where original_name is original name of the group whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:243
+msgid "admins:administrators:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:246
+msgid "Domain Users:Users:501"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:252
+msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:257
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>group-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:267 sssctl.8.xml:50
+msgid "COMMON OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:269 sssctl.8.xml:52
+msgid "Those options are available with all commands."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:274 sssctl.8.xml:57
+msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr "sssd-krb5"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
+"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+"このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対する Kerberos 5 認証バックエンド"
+"の設定を説明しています。詳細な構文の参考資料は、<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> マニュアルページの <quote>ファイル形式</quote> セクションを参照"
+"してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It "
+"must be paired with an identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー"
+"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要"
+"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより"
+"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう"
+"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は "
+"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す"
+"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> <refentrytitle>k5login</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
+"Please note that an empty .k5login file will deny all access to this user. "
+"To activate this feature, use 'access_provider = krb5' in your SSSD "
+"configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend, "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+"UPN が識別バックエンド <command>sssd</command> において利用できない場合は、形"
+"式 <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> "
+"を使用して UPN を構築します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:77
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect, in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled; for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+"SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区"
+"切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は "
+"<quote>FAILOVER</quote> セクションを参照してください。ポート番号(コロンの後"
+"ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これ"
+"が無ければ、サービス探索が有効になっています。詳細は <quote>サービス探索</"
+"quote> のセクションを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr "Kerberos レルムの名前です。このオプションは指定する必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
+msgstr "krb5_kpasswd, krb5_backup_kpasswd (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC, alternative "
+"servers can be defined here. An optional port number (preceded by a colon) "
+"may be appended to the addresses or hostnames."
+msgstr ""
+"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ"
+"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス"
+"ト名に追加できます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
+"servers to try, the backend is not switched to operate offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</"
+"quote>のセクションを参照してください。注:KDC に対する認証がまだ可能であるな"
+"らば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラ"
+"インに切り替えないことに注意してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr "初期値: KDC を使用します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr "krb5_ccachedir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
+msgid "Default: /tmp"
+msgstr "初期値: /tmp"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:151
+msgid "krb5_ccname_template (string)"
+msgstr "krb5_ccname_template (文字列)"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
+msgid "%u"
+msgstr "%u"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
+msgid "login name"
+msgstr "ログイン名"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
+msgid "%U"
+msgstr "%U"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:170
+msgid "login UID"
+msgstr "ログイン UID"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:173
+msgid "%p"
+msgstr "%p"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:174
+msgid "principal name"
+msgstr "プリンシパル名"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:178
+msgid "%r"
+msgstr "%r"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:179
+msgid "realm name"
+msgstr "レルム名"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:182 include/override_homedir.xml:42
+msgid "%h"
+msgstr "%h"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:124
+msgid "home directory"
+msgstr "ホームディレクトリー"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
+msgid "%d"
+msgstr "%d"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:193 include/override_homedir.xml:31
+msgid "%P"
+msgstr "%P"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:194
+msgid "the process ID of the SSSD client"
+msgstr "SSSD クライアントのプロセス ID"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:56
+msgid "%%"
+msgstr "%%"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:57
+msgid "a literal '%'"
+msgstr "文字 '%'"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:154
+msgid ""
+"Location of the user's credential cache. Three credential cache types are "
+"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
+"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
+"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
+"implies the <quote>FILE</quote> type. In the template, the following "
+"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
+"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
+"filename in a safe way."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:208
+msgid ""
+"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
+"persistent:%U</quote>, which uses the Linux kernel keyring to store "
+"credentials on a per-UID basis. This is also the recommended choice, as it "
+"is the most secure and predictable method."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:216
+msgid ""
+"The default value for the credential cache name is sourced from the profile "
+"stored in the system wide krb5.conf configuration file in the [libdefaults] "
+"section. The option name is default_ccache_name. See krb5.conf(5)'s "
+"PARAMETER EXPANSION paragraph for additional information on the expansion "
+"format defined by krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:225
+msgid ""
+"NOTE: Please be aware that libkrb5 ccache expansion template from "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:234
+msgid "Default: (from libkrb5)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:240
+msgid "krb5_keytab (string)"
+msgstr "krb5_keytab (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:243
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+"KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所"
+"です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:253
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr "krb5_store_password_if_offline (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:256
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider comes online again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:261
+msgid ""
+"NOTE: this feature is only available on Linux. Passwords stored in this way "
+"are kept in plaintext in the kernel keyring and are potentially accessible "
+"by the root user (with difficulty)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:274
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:277
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) "
+"を有効化します。以下のオプションがサポートされます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:282
+msgid ""
+"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
+"option at all."
+msgstr ""
+"<emphasis>never</emphasis> は FAST を使用します。このオプションを何も設定しな"
+"いことと同等です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:286
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it."
+msgstr ""
+"<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして"
+"いなければ、FAST を使用せずに認証を続行します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:291
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+"<emphasis>demand</emphasis> は FAST を使用します。サーバーが FAST を要求しな"
+"ければ、認証が失敗します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:296
+msgid "Default: not set, i.e. FAST is not used."
+msgstr "初期値: 設定されません、つまり FAST が使用されません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:299
+#, fuzzy
+#| msgid "NOTE: a keytab is required to use FAST."
+msgid "NOTE: a keytab or support for anonymous PKINIT is required to use FAST."
+msgstr "注: キーテーブルは FAST を使用する必要があります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:303
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+"注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポート"
+"します。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプショ"
+"ンを使用すると設定エラーになります。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:312
+msgid "krb5_fast_principal (string)"
+msgstr "krb5_fast_principal (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:315
+msgid "Specifies the server principal to use for FAST."
+msgstr "FAST に対して使用するサーバープリンシパルを指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:321
+#, fuzzy
+#| msgid "krb5_use_kdcinfo (boolean)"
+msgid "krb5_fast_use_anonymous_pkinit (boolean)"
+msgstr "krb5_use_kdcinfo (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:324
+msgid ""
+"If set to true try to use anonymous PKINIT instead of a keytab to get the "
+"required credential for FAST. The krb5_fast_principal options is ignored in "
+"this case."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:364
+msgid "krb5_kdcinfo_lookahead (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:367
+msgid ""
+"When krb5_use_kdcinfo is set to true, you can limit the amount of servers "
+"handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. This might be "
+"helpful when there are too many servers discovered using SRV record."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:377
+msgid ""
+"The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. "
+"The first number represents number of primary servers used and the second "
+"number specifies the number of backup servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:383
+msgid ""
+"For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
+"will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
+"servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:392
+msgid "Default: 3:1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:398
+msgid "krb5_use_enterprise_principal (boolean)"
+msgstr "krb5_use_enterprise_principal (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:401
+msgid ""
+"Specifies if the user principal should be treated as enterprise principal. "
+"See section 5 of RFC 6806 for more details about enterprise principals."
+msgstr ""
+"ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指"
+"定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照"
+"してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:407
+msgid "Default: false (AD provider: true)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:410
+msgid ""
+"The IPA provider will set to option to 'true' if it detects that the server "
+"is capable of handling enterprise principals and the option is not set "
+"explicitly in the config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:419
+#, fuzzy
+#| msgid "krb5_use_kdcinfo (boolean)"
+msgid "krb5_use_subdomain_realm (boolean)"
+msgstr "krb5_use_kdcinfo (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:422
+msgid ""
+"Specifies to use subdomains realms for the authentication of users from "
+"trusted domains. This option can be set to 'true' if enterprise principals "
+"are used with upnSuffixes which are not known on the parent domain KDCs. If "
+"the option is set to 'true' SSSD will try to send the request directly to a "
+"KDC of the trusted domain the user is coming from."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:438
+msgid "krb5_map_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:441
+msgid ""
+"The list of mappings is given as a comma-separated list of pairs "
+"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
+"name and <quote>primary</quote> is a user part of a kerberos principal. This "
+"mapping is used when user is authenticating using <quote>auth_provider = "
+"krb5</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-krb5.5.xml:453
+#, no-wrap
+msgid ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:458
+msgid ""
+"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
+"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
+"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
+"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in an SSSD domain, the following options "
+"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
+"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ"
+"ンを使用する必要があります。 SSSD ドメインの設定における詳細は "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</"
+"quote> を参照してください。 <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:485
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication; it does not "
+"include any identity provider."
+msgstr ""
+"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> "
+"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証"
+"の設定のみを示し、識別プロバイダーを何も含みません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:493
+#, no-wrap
+msgid ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr "sss_cache"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr "キャッシュクリーンアップを実行する"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online. Options that invalidate a single object only accept a "
+"single provided argument."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:43
+msgid "<option>-E</option>,<option>--everything</option>"
+msgstr "<option>-E</option>,<option>--everything</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:47
+msgid "Invalidate all cached entries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:53
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:58
+msgid "Invalidate specific user."
+msgstr "特定のユーザーを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:64
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:68
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:75
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:80
+msgid "Invalidate specific group."
+msgstr "特定のグループを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:86
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr "<option>-G</option>,<option>--groups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:90
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+"すべてのグループレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のグループの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:97
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:102
+msgid "Invalidate specific netgroup."
+msgstr "特定のネットワークグループを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:108
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr "<option>-N</option>,<option>--netgroups</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:112
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+"すべてのネットワークグループレコードを無効にします。このオプションが設定され"
+"ていると、これが特定のネットワークグループの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:124
+msgid "Invalidate specific service."
+msgstr "特定のサービスを無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-S</option>,<option>--services</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:134
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+"すべてのサービスレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のサービスの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:146
+msgid "Invalidate specific autofs maps."
+msgstr "特定の autofs マップを無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-A</option>,<option>--autofs-maps</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:156
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+"すべての autofs マップを無効化します。このオプションは特定のマップが設定され"
+"ていても、その無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:163
+msgid ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:168
+msgid "Invalidate SSH public keys of a specific host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:174
+msgid "<option>-H</option>,<option>--ssh-hosts</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:178
+msgid ""
+"Invalidate SSH public keys of all hosts. This option overrides invalidation "
+"of SSH public keys of specific host if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:186
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:191
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:197
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:201
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:209
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:214
+msgid "Restrict invalidation process only to a particular domain."
+msgstr "無効化プロセスを特定のドメインのみに制限します。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_cache.8.xml:224
+msgid "EFFECTS ON THE FAST MEMORY CACHE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:226
+msgid ""
+"<command>sss_cache</command> also invalidates the memory cache. Since the "
+"memory cache is a file which is mapped into the memory of each process which "
+"called SSSD to resolve users or groups the file cannot be truncated. A "
+"special flag is set in the header of the file to indicate that the content "
+"is invalid and then the file is unlinked by SSSD's NSS responder and a new "
+"cache file is created. Whenever a process is now doing a new lookup for a "
+"user or a group it will see the flag, close the old memory cache file and "
+"map the new one into its memory. When all processes which had opened the old "
+"memory cache file have closed it while looking up a user or a group the "
+"kernel can release the occupied disk space and the old memory cache file is "
+"finally removed completely."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:240
+msgid ""
+"A special case is long running processes which are doing user or group "
+"lookups only at startup, e.g. to determine the name of the user the process "
+"is running as. For those lookups the memory cache file is mapped into the "
+"memory of the process. But since there will be no further lookups this "
+"process would never detect if the memory cache file was invalidated and "
+"hence it will be kept in memory and will occupy disk space until the process "
+"stops. As a result calling <command>sss_cache</command> might increase the "
+"disk usage because old memory cache files cannot be removed from the disk "
+"because they are still mapped by long running processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:252
+msgid ""
+"A possible work-around for long running processes which are looking up users "
+"and groups only at startup or very rarely is to run them with the "
+"environment variable SSS_NSS_USE_MEMCACHE set to \"NO\" so that they won't "
+"use the memory cache at all and not map the memory cache file into the "
+"memory. In general a better solution is to tune the cache timeout parameters "
+"so that they meet the local expectations and calling <command>sss_cache</"
+"command> is not needed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr "sss_debuglevel"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "[DEPRECATED] change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_seed.8.xml:10 sss_seed.8.xml:15
+msgid "sss_seed"
+msgstr "sss_seed"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_seed.8.xml:16
+msgid "seed the SSSD cache with a user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_seed.8.xml:21
+msgid ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+"arg>"
+msgstr ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+"arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:33
+msgid ""
+"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
+"temporary password. If a user entry is already present in the SSSD cache "
+"then the entry is updated with the temporary password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:46
+msgid ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:51
+msgid ""
+"Provide the name of the domain in which the user is a member of. The domain "
+"is also used to retrieve user information. The domain must be configured in "
+"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
+"Information retrieved from the domain overrides what is provided in the "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:63
+msgid ""
+"<option>-n</option>,<option>--username</option> <replaceable>USER</"
+"replaceable>"
+msgstr ""
+"<option>-n</option>,<option>--username</option> <replaceable>USER</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:68
+msgid ""
+"The username of the entry to be created or modified in the cache. The "
+"<replaceable>USER</replaceable> option must be provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:76
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:81
+msgid "Set the UID of the user to <replaceable>UID</replaceable>."
+msgstr "ユーザーの UID を <replaceable>UID</replaceable> に設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:88
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:93
+msgid "Set the GID of the user to <replaceable>GID</replaceable>."
+msgstr "ユーザーの GID を <replaceable>GID</replaceable> に設定します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:100
+msgid ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
+msgstr ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:105
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+"ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項"
+"目として使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:112
+msgid ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
+msgstr ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:117
+msgid ""
+"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
+msgstr ""
+"ユーザーのホームディレクトリーを <replaceable>HOME_DIR</replaceable> に設定し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:124
+msgid ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
+msgstr ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:129
+msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:140
+msgid ""
+"Interactive mode for entering user information. This option will only prompt "
+"for information not provided in the options or retrieved from the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:148
+msgid ""
+"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
+"replaceable>"
+msgstr ""
+"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:153
+msgid ""
+"Specify file to read user's password from. (if not specified password is "
+"prompted for)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:165
+msgid ""
+"The length of the password (or the size of file specified with -p or --"
+"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
+"on systems with no globally-defined PASS_MAX value)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ifp.5.xml:43
+msgid "FIND BY VALID CERTIFICATE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ifp.5.xml:45
+msgid ""
+"The following options can be used to control how the certificates are "
+"validated when using the FindByValidCertificate() API:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92
+msgid "ca_db"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ifp.5.xml:49 sss_ssh_authorizedkeys.1.xml:93
+msgid "p11_child_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd-ifp.5.xml:50 sss_ssh_authorizedkeys.1.xml:94
+msgid "certificate_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ifp.5.xml:52
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"For more details about the options see <citerefentry><refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:62
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:69
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:75
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:79
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:93
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:108
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:115
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:116
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:119
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:120
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:123
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:127
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:128
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:97
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:141
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:133
+msgid ""
+"It is possible to add another attribute to this set by using "
+"<quote>+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:145
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:155
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup that overrides caller-supplied limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:160
+msgid "Default: 0 (let the caller set an upper limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refentryinfo>
+#: sss_rpcidmapd.5.xml:8
+msgid ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
+"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
+msgid "sss_rpcidmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_rpcidmapd.5.xml:33
+msgid "sss plugin configuration directives for rpc.idmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:37
+msgid "CONFIGURATION FILE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:39
+msgid ""
+"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
+"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:49
+msgid "SSS CONFIGURATION EXTENSION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:51
+msgid "Enable SSS plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:53
+msgid ""
+"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
+"attribute to contain <emphasis>sss</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:59
+msgid "[sss] config section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:61
+msgid ""
+"In order to change the default of one of the configuration attributes of the "
+"<emphasis>sss</emphasis> plugin listed below you will need to create a "
+"config section for it, named <quote>[sss]</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sss_rpcidmapd.5.xml:67
+msgid "Configuration attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sss_rpcidmapd.5.xml:69
+msgid "memcache (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sss_rpcidmapd.5.xml:72
+msgid "Indicates whether or not to use memcache optimisation technique."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:85
+msgid "SSSD INTEGRATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:87
+msgid ""
+"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
+"in sssd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:91
+msgid ""
+"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
+"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
+"wire)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_rpcidmapd.5.xml:103
+#, no-wrap
+msgid ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:100
+msgid ""
+"The following example shows a minimal idmapd.conf which makes use of the sss "
+"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:316 include/seealso.xml:2
+msgid "SEE ALSO"
+msgstr "関連項目"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:122
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr "sss_ssh_authorizedkeys"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr "1"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr "OpenSSH 認可キーを取得する"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+"<command>sss_ssh_authorizedkeys</command> はユーザー <replaceable>USER</"
+"replaceable> の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力しま"
+"す (詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> の <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク"
+"ションを参照してください)。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:59
+#, no-wrap
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:52
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_ssh_authorizedkeys.1.xml:65
+msgid "KEYS FROM CERTIFICATES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:67
+msgid ""
+"In addition to the public SSH keys for user <replaceable>USER</replaceable> "
+"<command>sss_ssh_authorizedkeys</command> can return public SSH keys derived "
+"from the public key of a X.509 certificate as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:73
+msgid ""
+"To enable this the <quote>ssh_use_certificate_keys</quote> option must be "
+"set to true (default) in the [ssh] section of <filename>sssd.conf</"
+"filename>. If the user entry contains certificates (see "
+"<quote>ldap_user_certificate</quote> in <citerefentry><refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) or "
+"there is a certificate in an override entry for the user (see "
+"<citerefentry><refentrytitle>sss_override</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> or <citerefentry><refentrytitle>sssd-ipa</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details) and the "
+"certificate is valid SSSD will extract the public key from the certificate "
+"and convert it into the format expected by sshd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:90
+msgid "Besides <quote>ssh_use_certificate_keys</quote> the options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:96
+msgid ""
+"can be used to control how the certificates are validated (see "
+"<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for details)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:101
+msgid ""
+"The validation is the benefit of using X.509 certificates instead of SSH "
+"keys directly because e.g. it gives a better control of the lifetime of the "
+"keys. When the ssh client is configured to use the private keys from a "
+"Smartcard with the help of a PKCS#11 shared library (see "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> for details) it might be irritating that authentication is "
+"still working even if the related X.509 certificate on the Smartcard is "
+"already expired because neither <command>ssh</command> nor <command>sshd</"
+"command> will look at the certificate at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_ssh_authorizedkeys.1.xml:114
+msgid ""
+"It has to be noted that the derived public SSH key can still be added to the "
+"<filename>authorized_keys</filename> file of the user to bypass the "
+"certificate validation if the <command>sshd</command> configuration permits "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:132
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"SSSD ドメイン <replaceable>DOMAIN</replaceable> にあるユーザーの公開鍵を検索"
+"します。"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_ssh_authorizedkeys.1.xml:141 sss_ssh_knownhostsproxy.1.xml:102
+msgid "EXIT STATUS"
+msgstr "終了コード"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:143 sss_ssh_knownhostsproxy.1.xml:104
+msgid ""
+"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr "OpenSSH ホストキーを取得します"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and establishes the connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+"<replaceable>PROXY_COMMAND</replaceable> が指定されていると、ソケットを開く代"
+"わりにホストへの接続を作成するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> は <citerefentry><refentrytitle>ssh</refentrytitle> "
+"<manvolnum>1</manvolnum></citerefentry> 設定に対して以下のディレクティブを使"
+"用することにより、ホストキー認証に <command>sss_ssh_knownhostsproxy</"
+"command> を使用するために設定できます: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:66
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:71
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host. By "
+"default, port 22 is used."
+msgstr ""
+"ホストに接続するためにポート <replaceable>PORT</replaceable> を使用します。初"
+"期値ではポート 22 が使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:83
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+"SSSD ドメイン <replaceable>DOMAIN</replaceable> においてホスト公開鍵を検索し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:89
+msgid "<option>-k</option>,<option>--pubkey</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:93
+msgid ""
+"Print the host ssh public keys for host <replaceable>HOST</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: idmap_sss.8.xml:10 idmap_sss.8.xml:15
+msgid "idmap_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: idmap_sss.8.xml:16
+msgid "SSSD's idmap_sss Backend for Winbind"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:22
+msgid ""
+"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
+"No database is required in this case as the mapping is done by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: idmap_sss.8.xml:29
+msgid "IDMAP OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: idmap_sss.8.xml:33
+msgid "range = low - high"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: idmap_sss.8.xml:35
+msgid ""
+"Defines the available matching UID and GID range for which the backend is "
+"authoritative."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:45
+msgid ""
+"This example shows how to configure idmap_sss as the default mapping module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: idmap_sss.8.xml:50
+#, no-wrap
+msgid ""
+"[global]\n"
+"security = ads\n"
+"workgroup = &lt;AD-DOMAIN-SHORTNAME&gt;\n"
+"\n"
+"idmap config &lt;AD-DOMAIN-SHORTNAME&gt; : backend = sss\n"
+"idmap config &lt;AD-DOMAIN-SHORTNAME&gt; : range = 200000-2147483647\n"
+"\n"
+"idmap config * : backend = tdb\n"
+"idmap config * : range = 100000-199999\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:62
+msgid ""
+"Please replace &lt;AD-DOMAIN-SHORTNAME&gt; with the NetBIOS domain name of "
+"the AD domain. If multiple AD domains should be used each domain needs an "
+"<literal>idmap config</literal> line with <literal>backend = sss</literal> "
+"and a line with a suitable <literal>range</literal>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: idmap_sss.8.xml:69
+msgid ""
+"Since Winbind requires a writeable default backend and idmap_sss is read-"
+"only the example includes <literal>backend = tdb</literal> as default."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssctl.8.xml:10 sssctl.8.xml:15
+msgid "sssctl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssctl.8.xml:16
+msgid "SSSD control and status utility"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssctl.8.xml:21
+msgid ""
+"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssctl.8.xml:32
+msgid ""
+"<command>sssctl</command> provides a simple and unified way to obtain "
+"information about SSSD status, such as active server, auto-discovered "
+"servers, domains and cached objects. In addition, it can manage SSSD data "
+"files for troubleshooting in such a way that is safe to manipulate while "
+"SSSD is running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssctl.8.xml:43
+msgid ""
+"To list all available commands run <command>sssctl</command> without any "
+"parameters. To print help for selected command run <command>sssctl COMMAND --"
+"help</command>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-files.5.xml:10 sssd-files.5.xml:16
+msgid "sssd-files"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-files.5.xml:17
+msgid "SSSD files provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:23
+msgid ""
+"This manual page describes the files provider for <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:36
+msgid ""
+"The files provider mirrors the content of the <citerefentry> "
+"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
+"provider is to make the users and groups traditionally only accessible with "
+"NSS interfaces also available through the SSSD interfaces such as "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:55
+msgid ""
+"Another reason is to provide efficient caching of local users and groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:58
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"Please note that besides explicit domain definition the files provider can "
+"be configured also implicitly using 'enable_files_domain' option. See "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for details."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:66
+msgid ""
+"SSSD never handles resolution of user/group \"root\". Also resolution of UID/"
+"GID 0 is not handled by SSSD. Such requests are passed to next NSS module "
+"(usually files)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:71
+msgid ""
+"When SSSD is not running or responding, nss_sss returns the UNAVAIL code "
+"which causes the request to be passed to the next module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:95
+msgid "passwd_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:98
+msgid ""
+"Comma-separated list of one or multiple password filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:104
+msgid "Default: /etc/passwd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:110
+msgid "group_files (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:113
+msgid ""
+"Comma-separated list of one or multiple group filenames to be read and "
+"enumerated by the files provider, inotify monitor watches will be set on "
+"each file to detect changes dynamically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:119
+msgid "Default: /etc/group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-files.5.xml:125
+#, fuzzy
+#| msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+msgid "fallback_to_nss (boolean)"
+msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:128
+msgid ""
+"While updating the internal data SSSD will return an error and let the "
+"client continue with the next NSS module. This helps to avoid delays when "
+"using the default system files <filename>/etc/passwd</filename> and "
+"<filename>/etc/group</filename> and the NSS configuration has 'sss' before "
+"'files' for the 'passwd' and 'group' maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-files.5.xml:138
+msgid ""
+"If the files provider is configured to monitor other files it makes sense to "
+"set this option to 'False' to avoid inconsistent behavior because in general "
+"there would be no other NSS module which can be used as a fallback."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:79
+msgid ""
+"In addition to the options listed below, generic SSSD domain options can be "
+"set where applicable. Refer to the section <quote>DOMAIN SECTIONS</quote> "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for details on the configuration of "
+"an SSSD domain. But the purpose of the files provider is to expose the same "
+"data as the UNIX files, just through the SSSD interfaces. Therefore not all "
+"generic domain options are supported. Likewise, some global options, such as "
+"overriding the shell in the <quote>nss</quote> section for all domains has "
+"no effect on the files domain unless explicitly specified per-domain. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:157
+msgid ""
+"The following example assumes that SSSD is correctly configured and files is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-files.5.xml:163
+#, no-wrap
+msgid ""
+"[domain/files]\n"
+"id_provider = files\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-files.5.xml:168
+msgid ""
+"To leverage caching of local users and groups by SSSD nss_sss module must be "
+"listed before nss_files module in /etc/nsswitch.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-files.5.xml:174
+#, no-wrap
+msgid ""
+"passwd: sss files\n"
+"group: sss files\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:10 sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals. For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g. when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:178
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:183
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
+msgid "sssd-kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-kcm.8.xml:17
+msgid "SSSD Kerberos Cache Manager"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:23
+msgid ""
+"This manual page describes the configuration of the SSSD Kerberos Cache "
+"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
+"credential caches. It originates in the Heimdal Kerberos project, although "
+"the MIT Kerberos library also provides client side (more details on that "
+"below) support for the KCM credential cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:31
+msgid ""
+"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
+"(typically used through an application, like e.g., <citerefentry> "
+"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
+"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
+"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
+"communicate over a UNIX socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:42
+msgid ""
+"The KCM server keeps track of each credential caches's owner and performs "
+"access check control based on the UID and GID of the KCM client. The root "
+"user has access to all credential caches."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:47
+msgid "The KCM credential cache has several interesting properties:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:51
+msgid ""
+"since the process runs in userspace, it is subject to UID namespacing, "
+"unlike the kernel keyring"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:56
+msgid ""
+"unlike the kernel keyring-based cache, which is shared between all "
+"containers, the KCM server is a separate process whose entry point is a UNIX "
+"socket"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-kcm.8.xml:61
+msgid ""
+"the SSSD implementation stores the ccaches in a database, typically located "
+"at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to "
+"survive KCM server restarts or machine reboots."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:67
+msgid ""
+"This allows the system to use a collection-aware credential cache, yet share "
+"the credential cache between some or no containers by bind-mounting the "
+"socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:72
+msgid ""
+"The KCM default client idle timeout is 5 minutes, this allows more time for "
+"user interaction with command line tools such as kinit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:78
+msgid "USING THE KCM CREDENTIAL CACHE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:88
+#, no-wrap
+msgid ""
+"[libdefaults]\n"
+" default_ccache_name = KCM:\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:80
+msgid ""
+"In order to use KCM credential cache, it must be selected as the default "
+"credential type in <citerefentry> <refentrytitle>krb5.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
+"cache name must be only <quote>KCM:</quote> without any template "
+"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:93
+msgid ""
+"Next, make sure the Kerberos client libraries and the KCM server must agree "
+"on the UNIX socket path. By default, both use the same path <replaceable>/"
+"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos "
+"library, change its <quote>kcm_socket</quote> option which is described in "
+"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:115
+#, no-wrap
+msgid ""
+"systemctl start sssd-kcm.socket\n"
+"systemctl enable sssd-kcm.socket\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:104
+msgid ""
+"Finally, make sure the SSSD KCM server can be contacted. The KCM service is "
+"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
+"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD "
+"services, it cannot be started by adding the <quote>kcm</quote> string to "
+"the <quote>service</quote> directive. <placeholder type=\"programlisting\" "
+"id=\"0\"/> Please note your distribution may already configure the units for "
+"you."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:124
+msgid "THE CREDENTIAL CACHE STORAGE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:126
+msgid ""
+"The credential caches are stored in a database, much like SSSD caches user "
+"or group entries. The database is typically located at <quote>/var/lib/sss/"
+"secrets</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:133
+msgid "OBTAINING DEBUG LOGS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:144
+#, no-wrap
+msgid ""
+"[kcm]\n"
+"debug_level = 10\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:149 sssd-kcm.8.xml:211
+#, no-wrap
+msgid ""
+"systemctl restart sssd-kcm.service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:135
+msgid ""
+"The sssd-kcm service is typically socket-activated <citerefentry> "
+"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry>. To generate debug logs, add the following either to the "
+"<filename>/etc/sssd/sssd.conf</filename> file directly or as a configuration "
+"snippet to <filename>/etc/sssd/conf.d/</filename> directory: <placeholder "
+"type=\"programlisting\" id=\"0\"/> Then, restart the sssd-kcm service: "
+"<placeholder type=\"programlisting\" id=\"1\"/> Finally, run whatever use-"
+"case doesn't work for you. The KCM logs will be generated at <filename>/var/"
+"log/sssd/sssd_kcm.log</filename>. It is recommended to disable the debug "
+"logs when you no longer need the debugging to be enabled as the sssd-kcm "
+"service can generate quite a large amount of debugging information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:159
+msgid ""
+"Please note that configuration snippets are, at the moment, only processed "
+"if the main configuration file at <filename>/etc/sssd/sssd.conf</filename> "
+"exists at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-kcm.8.xml:166
+msgid "RENEWALS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:174
+#, no-wrap
+msgid ""
+"tgt_renewal = true\n"
+"krb5_renew_interval = 60m\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:168
+msgid ""
+"The sssd-kcm service can be configured to attempt TGT renewal for renewable "
+"TGTs stored in the KCM ccache. Renewals are only attempted when half of the "
+"ticket lifetime has been reached. KCM Renewals are configured when the "
+"following options are set in the [kcm] section: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:179
+msgid ""
+"SSSD can also inherit krb5 options for renewals from an existing domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: sssd-kcm.8.xml:183
+#, no-wrap
+msgid ""
+"tgt_renewal = true\n"
+"tgt_renewal_inherit = domain-name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:191
+#, no-wrap
+msgid ""
+"krb5_renew_interval\n"
+"krb5_renewable_lifetime\n"
+"krb5_lifetime\n"
+"krb5_validate\n"
+"krb5_canonicalize\n"
+"krb5_auth_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:187
+msgid ""
+"The following krb5 options can be configured in the [kcm] section to control "
+"renewal behavior, these options are described in detail below <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:204
+msgid ""
+"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
+"conf file. Please note that because the KCM service is typically socket-"
+"activated, it is enough to just restart the <quote>sssd-kcm</quote> service "
+"after changing options in the <quote>kcm</quote> section of sssd.conf: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:215
+msgid ""
+"The KCM service is configured in the <quote>kcm</quote> For a detailed "
+"syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:223
+msgid ""
+"The generic SSSD service options such as <quote>debug_level</quote> or "
+"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for a complete list. In addition, "
+"there are some KCM-specific options as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:234
+msgid "socket_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:237
+msgid "The socket the KCM service will listen on."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:240
+msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:243
+msgid ""
+"<phrase condition=\"have_systemd\"> Note: on platforms where systemd is "
+"supported, the socket path is overwritten by the one defined in the sssd-kcm."
+"socket unit file. </phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:252
+msgid "max_ccaches (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:255
+msgid "How many credential caches does the KCM database allow for all users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:259
+msgid "Default: 0 (unlimited, only the per-UID quota is enforced)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:264
+msgid "max_uid_ccaches (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:267
+msgid ""
+"How many credential caches does the KCM database allow per UID. This is "
+"equivalent to <quote>with how many principals you can kinit</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:272
+msgid "Default: 64"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:277
+msgid "max_ccache_size (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:280
+msgid ""
+"How big can a credential cache be per ccache. Each service ticket accounts "
+"into this quota."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:284
+msgid "Default: 65536"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:289
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "tgt_renewal (bool)"
+msgstr "enumerate (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:292
+msgid "Enables TGT renewals functionality."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:295
+#, fuzzy
+#| msgid "Default: False (disabled)"
+msgid "Default: False (Automatic renewals disabled)"
+msgstr "初期値: False (無効)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-kcm.8.xml:300
+#, fuzzy
+#| msgid "krb5_renew_interval (string)"
+msgid "tgt_renewal_inherit (string)"
+msgstr "krb5_renew_interval (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:303
+msgid "Domain to inherit krb5_* options from, for use with TGT renewals."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-kcm.8.xml:307
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: NULL"
+msgstr "初期値: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-kcm.8.xml:318
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:367
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"attrs:string\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:161
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:164
+msgid "Probes the sdap_get_generic_ext_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:168 sssd-systemtap.5.xml:222
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:176
+msgid "probe sdap_parse_entry"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:179
+msgid ""
+"Probes the sdap_parse_entry() function. It is called repeatedly with every "
+"received attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:184
+#, no-wrap
+msgid ""
+"attr:string\n"
+"value:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:190
+msgid "probe sdap_parse_entry_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:193
+msgid ""
+"Probes the sdap_parse_entry() function. It is called when parsing of "
+"received object is finished."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:201
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:204
+msgid "Probes the sdap_deref_search_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:208
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:215
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:218
+msgid "Probes the sdap_deref_search_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:234
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:238
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:241
+msgid "Probes the sdap_acct_req_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:245 sssd-systemtap.5.xml:260
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:253
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:256
+msgid "Probes the sdap_acct_req_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:272
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:276
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:279
+msgid "Probes the sdap_search_user_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:283 sssd-systemtap.5.xml:295 sssd-systemtap.5.xml:307
+#: sssd-systemtap.5.xml:319
+#, no-wrap
+msgid ""
+"filter:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:288
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:291
+msgid "Probes the sdap_search_user_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:300
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:303
+msgid "Probes the sdap_search_user_save_begin() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:312
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:315
+msgid "Probes the sdap_search_user_save_end() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:328
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:332
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:335
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:338
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:352
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:365
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:372
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:375
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:380
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:384
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:389
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:392
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:397
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:400
+msgid "Convert method to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:410
+msgid "SAMPLE SYSTEMTAP SCRIPTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:412
+msgid ""
+"Start the SystemTap script (<command>stap /usr/share/sssd/systemtap/&lt;"
+"script_name&gt;.stp</command>), then perform an identity operation and the "
+"script will collect information from probes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:418
+msgid "Provided SystemTap scripts are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:422
+msgid "dp_request.stp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:425
+msgid "Monitoring of data provider request performance."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:430
+msgid "id_perf.stp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:433
+msgid "Monitoring of <command>id</command> command performance."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:439
+msgid "ldap_perf.stp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:442
+msgid "Monitoring of LDAP queries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:447
+msgid "nested_group_perf.stp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:450
+msgid "Performance of nested groups resolving."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
+msgid "sssd-ldap-attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap-attributes.5.xml:17
+msgid "SSSD LDAP Provider: Mapping Attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap-attributes.5.xml:23
+msgid ""
+"This manual page describes the mapping attributes of SSSD LDAP provider "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. Refer to the <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
+"for full details about SSSD LDAP provider configuration options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:38
+msgid "USER ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:42
+msgid "ldap_user_object_class (string)"
+msgstr "ldap_user_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:45
+msgid "The object class of a user entry in LDAP."
+msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:48
+msgid "Default: posixAccount"
+msgstr "初期値: posixAccount"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:54
+msgid "ldap_user_name (string)"
+msgstr "ldap_user_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:57
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr "ユーザーのログイン名に対応する LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:61
+msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:68
+msgid "ldap_user_uid_number (string)"
+msgstr "ldap_user_uid_number (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:71
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr "ユーザーの ID に対応する LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:75
+msgid "Default: uidNumber"
+msgstr "初期値: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:81
+msgid "ldap_user_gid_number (string)"
+msgstr "ldap_user_gid_number (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:84
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:88 sssd-ldap-attributes.5.xml:698
+msgid "Default: gidNumber"
+msgstr "初期値: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:94
+msgid "ldap_user_primary_group (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:97
+msgid ""
+"Active Directory primary group attribute for ID-mapping. Note that this "
+"attribute should only be set manually if you are running the <quote>ldap</"
+"quote> provider with ID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:103
+msgid "Default: unset (LDAP), primaryGroupID (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:109
+msgid "ldap_user_gecos (string)"
+msgstr "ldap_user_gecos (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:112
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:116
+msgid "Default: gecos"
+msgstr "初期値: gecos"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:122
+msgid "ldap_user_home_directory (string)"
+msgstr "ldap_user_home_directory (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:125
+msgid "The LDAP attribute that contains the name of the user's home directory."
+msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:129
+msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:135
+msgid "ldap_user_shell (string)"
+msgstr "ldap_user_shell (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:138
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:142
+msgid "Default: loginShell"
+msgstr "初期値: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:148
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:151
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:155 sssd-ldap-attributes.5.xml:724
+msgid ""
+"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
+"IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:162
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_objectsid (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:165
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 "
+"ActiveDirectory サーバーに対してのみ必要です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:170 sssd-ldap-attributes.5.xml:739
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:177
+msgid "ldap_user_modify_timestamp (string)"
+msgstr "ldap_user_modify_timestamp (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:180 sssd-ldap-attributes.5.xml:749
+#: sssd-ldap-attributes.5.xml:872
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:184 sssd-ldap-attributes.5.xml:753
+#: sssd-ldap-attributes.5.xml:879
+msgid "Default: modifyTimestamp"
+msgstr "初期値: modifyTimestamp"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:190
+msgid "ldap_user_shadow_last_change (string)"
+msgstr "ldap_user_shadow_last_change (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:193
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
+"the last password change)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を"
+"含みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:203
+msgid "Default: shadowLastChange"
+msgstr "初期値: shadowLastChange"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:209
+msgid "ldap_user_shadow_min (string)"
+msgstr "ldap_user_shadow_min (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:212
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
+"password age)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含"
+"みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:221
+msgid "Default: shadowMin"
+msgstr "初期値: shadowMin"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:227
+msgid "ldap_user_shadow_max (string)"
+msgstr "ldap_user_shadow_max (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:230
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
+"password age)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含"
+"みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:239
+msgid "Default: shadowMax"
+msgstr "初期値: shadowMax"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:245
+msgid "ldap_user_shadow_warning (string)"
+msgstr "ldap_user_shadow_warning (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:248
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password warning period)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含"
+"みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:258
+msgid "Default: shadowWarning"
+msgstr "初期値: shadowWarning"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:264
+msgid "ldap_user_shadow_inactive (string)"
+msgstr "ldap_user_shadow_inactive (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:267
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password inactivity period)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含"
+"みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:277
+msgid "Default: shadowInactive"
+msgstr "初期値: shadowInactive"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:283
+msgid "ldap_user_shadow_expire (string)"
+msgstr "ldap_user_shadow_expire (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:286
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
+"parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> counterpart (account expiration date)."
+msgstr ""
+"ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含み"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:296
+msgid "Default: shadowExpire"
+msgstr "初期値: shadowExpire"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:302
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr "ldap_user_krb_last_pwd_change (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:305
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos "
+"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:311
+msgid "Default: krbLastPwdChange"
+msgstr "初期値: krbLastPwdChange"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:317
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr "ldap_user_krb_password_expiration (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:320
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+"ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパス"
+"ワード失効日時を保存する LDAP 属性の名前を含みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:326
+msgid "Default: krbPasswordExpiration"
+msgstr "初期値: krbPasswordExpiration"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:332
+msgid "ldap_user_ad_account_expires (string)"
+msgstr "ldap_user_ad_account_expires (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:335
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+"ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの"
+"失効日時を保存する LDAP 属性の名前を含みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:340
+msgid "Default: accountExpires"
+msgstr "初期値: accountExpires"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:346
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr "ldap_user_ad_user_account_control (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:349
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+"ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカ"
+"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:354
+msgid "Default: userAccountControl"
+msgstr "初期値: userAccountControl"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:360
+msgid "ldap_ns_account_lock (string)"
+msgstr "ldap_ns_account_lock (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:363
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+"ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメー"
+"ターがアクセスが許可されるかされないかを決定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:368
+msgid "Default: nsAccountLock"
+msgstr "初期値: nsAccountLock"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:374
+msgid "ldap_user_nds_login_disabled (string)"
+msgstr "ldap_user_nds_login_disabled (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:377
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines if "
+"access is allowed or not."
+msgstr ""
+"ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされない"
+"かをこの属性が決定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:381 sssd-ldap-attributes.5.xml:395
+msgid "Default: loginDisabled"
+msgstr "初期値: loginDisabled"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:387
+msgid "ldap_user_nds_login_expiration_time (string)"
+msgstr "ldap_user_nds_login_expiration_time (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:390
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines until "
+"which date access is granted."
+msgstr ""
+"ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスが"
+"いつまで許可されるのかを決定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:401
+msgid "ldap_user_nds_login_allowed_time_map (string)"
+msgstr "ldap_user_nds_login_allowed_time_map (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:404
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines the "
+"hours of a day in a week when access is granted."
+msgstr ""
+"ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可さ"
+"れるときの一週間の日の時間を決定します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:409
+msgid "Default: loginAllowedTimeMap"
+msgstr "初期値: loginAllowedTimeMap"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:415
+msgid "ldap_user_principal (string)"
+msgstr "ldap_user_principal (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:418
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:422
+msgid "Default: krbPrincipalName"
+msgstr "初期値: krbPrincipalName"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:428
+msgid "ldap_user_extra_attrs (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:431
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:436
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:446
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:456
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:459
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:463
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:466
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:476
+msgid "ldap_user_ssh_public_key (string)"
+msgstr "ldap_user_ssh_public_key (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:479
+msgid "The LDAP attribute that contains the user's SSH public keys."
+msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:483 sssd-ldap-attributes.5.xml:963
+msgid "Default: sshPublicKey"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:489
+msgid "ldap_user_fullname (string)"
+msgstr "ldap_user_fullname (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:492
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr "ユーザーの完全名に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:502
+msgid "ldap_user_member_of (string)"
+msgstr "ldap_user_member_of (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:505
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:509 sssd-ldap-attributes.5.xml:950
+msgid "Default: memberOf"
+msgstr "初期値: memberOf"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:515
+msgid "ldap_user_authorized_service (string)"
+msgstr "ldap_user_authorized_service (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:518
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry "
+"to determine access privilege."
+msgstr ""
+"もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、"
+"SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある "
+"authorizedService 属性を使用します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:525
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+"明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検"
+"索します。最後にすべて許可 (*) を検索します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:530
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>authorized_service</quote> in order for the "
+"ldap_user_authorized_service option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:537
+msgid ""
+"Some distributions (such as Fedora-29+ or RHEL-8) always include the "
+"<quote>systemd-user</quote> PAM service as part of the login process. "
+"Therefore when using service-based access control, the <quote>systemd-user</"
+"quote> service might need to be added to the list of allowed services."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:545
+msgid "Default: authorizedService"
+msgstr "初期値: authorizedService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:551
+msgid "ldap_user_authorized_host (string)"
+msgstr "ldap_user_authorized_host (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:554
+msgid ""
+"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+"presence of the host attribute in the user's LDAP entry to determine access "
+"privilege."
+msgstr ""
+"access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限"
+"を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:560
+msgid ""
+"An explicit deny (!host) is resolved first. Second, SSSD searches for "
+"explicit allow (host) and finally for allow_all (*)."
+msgstr ""
+"明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検"
+"索します。最後にすべて許可 (*) が検索されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:565
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>host</quote> in order for the "
+"ldap_user_authorized_host option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:572
+msgid "Default: host"
+msgstr "初期値: host"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:578
+msgid "ldap_user_authorized_rhost (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:581
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:588
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:593
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:600
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:606
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:609
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:613
+msgid "Default: userCertificate;binary"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:619
+msgid "ldap_user_email (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:622
+msgid "Name of the LDAP attribute containing the email address of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:626
+msgid ""
+"Note: If an email address of a user conflicts with an email address or fully "
+"qualified name of another user, then SSSD will not be able to serve those "
+"users properly. If for some reason several users need to share the same "
+"email address then set this option to a nonexistent attribute name in order "
+"to disable user lookup/login by email."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:635
+msgid "Default: mail"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:640
+#, fuzzy
+#| msgid "ldap_user_name (string)"
+msgid "ldap_user_passkey (string)"
+msgstr "ldap_user_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:643
+#, fuzzy
+#| msgid "The LDAP attribute that contains the port managed by this service."
+msgid ""
+"Name of the LDAP attribute containing the passkey mapping data of the user."
+msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:647
+msgid "Default: passkey (LDAP), ipaPassKey (IPA), altSecurityIdentities (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:657
+msgid "GROUP ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:661
+msgid "ldap_group_object_class (string)"
+msgstr "ldap_group_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:664
+msgid "The object class of a group entry in LDAP."
+msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:667
+msgid "Default: posixGroup"
+msgstr "初期値: posixGroup"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:673
+msgid "ldap_group_name (string)"
+msgstr "ldap_group_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:676
+msgid ""
+"The LDAP attribute that corresponds to the group name. In an environment "
+"with nested groups, this value must be an LDAP attribute which has a unique "
+"name for every group. This requirement includes non-POSIX groups in the tree "
+"of nested groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:684
+msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:691
+msgid "ldap_group_gid_number (string)"
+msgstr "ldap_group_gid_number (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:694
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr "グループの ID に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:704
+msgid "ldap_group_member (string)"
+msgstr "ldap_group_member (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:707
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr "グループのメンバーの名前を含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:711
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:717
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:720
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:731
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_objectsid (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:734
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 "
+"ActiveDirectory サーバーに対してのみ必要です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:746
+msgid "ldap_group_modify_timestamp (string)"
+msgstr "ldap_group_modify_timestamp (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:759
+msgid "ldap_group_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:762
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:767
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:773
+msgid "Default: groupType in the AD provider, otherwise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:780
+msgid "ldap_group_external_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:783
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:789
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:799
+msgid "NETGROUP ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:803
+msgid "ldap_netgroup_object_class (string)"
+msgstr "ldap_netgroup_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:806
+msgid "The object class of a netgroup entry in LDAP."
+msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:809
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:813
+msgid "Default: nisNetgroup"
+msgstr "初期値: nisNetgroup"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:819
+msgid "ldap_netgroup_name (string)"
+msgstr "ldap_netgroup_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:822
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr "ネットワークグループ名に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:826
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:836
+msgid "ldap_netgroup_member (string)"
+msgstr "ldap_netgroup_member (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:839
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:843
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:847
+msgid "Default: memberNisNetgroup"
+msgstr "初期値: memberNisNetgroup"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:853
+msgid "ldap_netgroup_triple (string)"
+msgstr "ldap_netgroup_triple (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:856
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+"ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性で"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:860 sssd-ldap-attributes.5.xml:876
+msgid "This option is not available in IPA provider."
+msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:863
+msgid "Default: nisNetgroupTriple"
+msgstr "初期値: nisNetgroupTriple"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:869
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr "ldap_netgroup_modify_timestamp (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:888
+msgid "HOST ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:892
+msgid "ldap_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:895
+msgid "The object class of a host entry in LDAP."
+msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:898 sssd-ldap-attributes.5.xml:995
+msgid "Default: ipService"
+msgstr "初期値: ipService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:904
+msgid "ldap_host_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:907 sssd-ldap-attributes.5.xml:933
+msgid "The LDAP attribute that corresponds to the host's name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:917
+msgid "ldap_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:920
+msgid ""
+"The LDAP attribute that corresponds to the host's fully-qualified domain "
+"name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:924
+msgid "Default: fqdn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:930
+msgid "ldap_host_serverhostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:937
+msgid "Default: serverHostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:943
+msgid "ldap_host_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:946
+msgid "The LDAP attribute that lists the host's group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:956
+msgid "ldap_host_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:959
+msgid "The LDAP attribute that contains the host's SSH public keys."
+msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:969
+msgid "ldap_host_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:972
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:985
+msgid "SERVICE ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:989
+msgid "ldap_service_object_class (string)"
+msgstr "ldap_service_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:992
+msgid "The object class of a service entry in LDAP."
+msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1001
+msgid "ldap_service_name (string)"
+msgstr "ldap_service_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1004
+msgid ""
+"The LDAP attribute that contains the name of service attributes and their "
+"aliases."
+msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1014
+msgid "ldap_service_port (string)"
+msgstr "ldap_service_port (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1017
+msgid "The LDAP attribute that contains the port managed by this service."
+msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1021
+msgid "Default: ipServicePort"
+msgstr "初期値: ipServicePort"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1027
+msgid "ldap_service_proto (string)"
+msgstr "ldap_service_proto (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1030
+msgid ""
+"The LDAP attribute that contains the protocols understood by this service."
+msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1034
+msgid "Default: ipServiceProtocol"
+msgstr "初期値: ipServiceProtocol"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:1043
+msgid "SUDO ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1047
+msgid "ldap_sudorule_object_class (string)"
+msgstr "ldap_sudorule_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1050
+msgid "The object class of a sudo rule entry in LDAP."
+msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1053
+msgid "Default: sudoRole"
+msgstr "初期値: sudoRole"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1059
+msgid "ldap_sudorule_name (string)"
+msgstr "ldap_sudorule_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1062
+msgid "The LDAP attribute that corresponds to the sudo rule name."
+msgstr "sudo ルール名に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1072
+msgid "ldap_sudorule_command (string)"
+msgstr "ldap_sudorule_command (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1075
+msgid "The LDAP attribute that corresponds to the command name."
+msgstr "コマンド名に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1079
+msgid "Default: sudoCommand"
+msgstr "初期値: sudoCommand"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1085
+msgid "ldap_sudorule_host (string)"
+msgstr "ldap_sudorule_host (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1088
+msgid ""
+"The LDAP attribute that corresponds to the host name (or host IP address, "
+"host IP network, or host netgroup)"
+msgstr ""
+"ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワー"
+"クグループ)に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1093
+msgid "Default: sudoHost"
+msgstr "初期値: sudoHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1099
+msgid "ldap_sudorule_user (string)"
+msgstr "ldap_sudorule_user (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1102
+msgid ""
+"The LDAP attribute that corresponds to the user name (or UID, group name or "
+"user's netgroup)"
+msgstr ""
+"ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応す"
+"る LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1106
+msgid "Default: sudoUser"
+msgstr "初期値: sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1112
+msgid "ldap_sudorule_option (string)"
+msgstr "ldap_sudorule_option (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1115
+msgid "The LDAP attribute that corresponds to the sudo options."
+msgstr "sudo オプションに対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1119
+msgid "Default: sudoOption"
+msgstr "初期値: sudoOption"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1125
+msgid "ldap_sudorule_runasuser (string)"
+msgstr "ldap_sudorule_runasuser (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1128
+msgid ""
+"The LDAP attribute that corresponds to the user name that commands may be "
+"run as."
+msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1132
+msgid "Default: sudoRunAsUser"
+msgstr "初期値: sudoRunAsUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1138
+msgid "ldap_sudorule_runasgroup (string)"
+msgstr "ldap_sudorule_runasgroup (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1141
+msgid ""
+"The LDAP attribute that corresponds to the group name or group GID that "
+"commands may be run as."
+msgstr ""
+"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1145
+msgid "Default: sudoRunAsGroup"
+msgstr "初期値: sudoRunAsGroup"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1151
+msgid "ldap_sudorule_notbefore (string)"
+msgstr "ldap_sudorule_notbefore (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1154
+msgid ""
+"The LDAP attribute that corresponds to the start date/time for when the sudo "
+"rule is valid."
+msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1158
+msgid "Default: sudoNotBefore"
+msgstr "初期値: sudoNotBefore"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1164
+msgid "ldap_sudorule_notafter (string)"
+msgstr "ldap_sudorule_notafter (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1167
+msgid ""
+"The LDAP attribute that corresponds to the expiration date/time, after which "
+"the sudo rule will no longer be valid."
+msgstr ""
+"sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性で"
+"す。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1172
+msgid "Default: sudoNotAfter"
+msgstr "初期値: sudoNotAfter"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1178
+msgid "ldap_sudorule_order (string)"
+msgstr "ldap_sudorule_order (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1181
+msgid "The LDAP attribute that corresponds to the ordering index of the rule."
+msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1185
+msgid "Default: sudoOrder"
+msgstr "初期値: sudoOrder"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:1194
+msgid "AUTOFS ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:1201
+msgid "IP HOST ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1205
+msgid "ldap_iphost_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1208
+msgid "The object class of an iphost entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1211
+msgid "Default: ipHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1217
+msgid "ldap_iphost_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1220
+msgid ""
+"The LDAP attribute that contains the name of the IP host attributes and "
+"their aliases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1230
+msgid "ldap_iphost_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1233
+msgid "The LDAP attribute that contains the IP host address."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1237
+msgid "Default: ipHostNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap-attributes.5.xml:1246
+msgid "IP NETWORK ATTRIBUTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1250
+msgid "ldap_ipnetwork_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1253
+msgid "The object class of an ipnetwork entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1256
+msgid "Default: ipNetwork"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1262
+msgid "ldap_ipnetwork_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1265
+msgid ""
+"The LDAP attribute that contains the name of the IP network attributes and "
+"their aliases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap-attributes.5.xml:1275
+msgid "ldap_ipnetwork_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1278
+msgid "The LDAP attribute that contains the IP network address."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap-attributes.5.xml:1282
+msgid "Default: ipNetworkNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_localauth_plugin.8.xml:10 sssd_krb5_localauth_plugin.8.xml:15
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "sssd_krb5_localauth_plugin"
+msgstr "sssd_krb5_locator_plugin"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_localauth_plugin.8.xml:16
+msgid "Kerberos local authorization plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_localauth_plugin.8.xml:22
+msgid ""
+"The Kerberos local authorization plugin <command>sssd_krb5_localauth_plugin</"
+"command> is used by libkrb5 to either find the local name for a given "
+"Kerberos principal or to check if a given local name and a given Kerberos "
+"principal relate to each other."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_localauth_plugin.8.xml:29
+msgid ""
+"SSSD handles the local names for users from a remote source and can read the "
+"Kerberos user principal name from the remote source as well. With this "
+"information SSSD can easily handle the mappings mentioned above even if the "
+"local name and the Kerberos principal differ considerably."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_localauth_plugin.8.xml:36
+msgid ""
+"Additionally with the information read from the remote source SSSD can help "
+"to prevent unexpected or unwanted mappings in case the user part of the "
+"Kerberos principal accidentally corresponds to a local name of a different "
+"user. By default libkrb5 might just strip the realm part of the Kerberos "
+"principal to get the local name which would lead to wrong mappings in this "
+"case."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd_krb5_localauth_plugin.8.xml:46
+#, fuzzy
+#| msgid "CONFIGURATION OPTIONS"
+msgid "CONFIGURATION"
+msgstr "設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd_krb5_localauth_plugin.8.xml:56
+#, no-wrap
+msgid ""
+"[plugins]\n"
+" localauth = {\n"
+" module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so\n"
+" }\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_localauth_plugin.8.xml:48
+msgid ""
+"The Kerberos local authorization plugin must be enabled explicitly in the "
+"Kerberos configuration, see <citerefentry> <refentrytitle>krb5.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. SSSD will create a "
+"config snippet with the content like e.g. <placeholder "
+"type=\"programlisting\" id=\"0\"/> automatically in the SSSD's public "
+"Kerberos configuration snippet directory. If this directory is included in "
+"the local Kerberos configuration the plugin will be enabled automatically."
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/autofs_attributes.xml:3
+msgid "ldap_autofs_map_object_class (string)"
+msgstr "ldap_autofs_map_object_class (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:6
+msgid "The object class of an automount map entry in LDAP."
+msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:9
+msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/autofs_attributes.xml:16
+msgid "ldap_autofs_map_name (string)"
+msgstr "ldap_autofs_map_name (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:19
+msgid "The name of an automount map entry in LDAP."
+msgstr "LDAP における automount のマップエントリーの名前です。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:22
+msgid ""
+"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/autofs_attributes.xml:29
+msgid "ldap_autofs_entry_object_class (string)"
+msgstr "ldap_autofs_entry_object_class (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:32
+msgid ""
+"The object class of an automount entry in LDAP. The entry usually "
+"corresponds to a mount point."
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:37
+msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/autofs_attributes.xml:44
+msgid "ldap_autofs_entry_key (string)"
+msgstr "ldap_autofs_entry_key (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:47 include/autofs_attributes.xml:61
+msgid ""
+"The key of an automount entry in LDAP. The entry usually corresponds to a "
+"mount point."
+msgstr ""
+"LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ"
+"ントと対応します。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:51
+msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/autofs_attributes.xml:58
+msgid "ldap_autofs_entry_value (string)"
+msgstr "ldap_autofs_entry_value (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/autofs_attributes.xml:65
+msgid ""
+"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
+"automountInformation"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr "サービス探索"
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query. This feature is "
+"not supported for backup servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
+msgid "Configuration"
+msgstr "設定"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+"何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとする"
+"ために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に"
+"特別なキーワード <quote>_srv_</quote> を挿入することにより、ユーザーが固定"
+"サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これ"
+"は設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用"
+"し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバック"
+"したい場合、この機能は有用です。"
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr "ドメイン名"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr "プロトコル"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+"問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプ"
+"ションの説明にドキュメント化されています。"
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr "関連項目"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。"
+
+#. type: Content of: <refentryinfo>
+#: include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - https://github."
+"com/SSSD/sssd/</orgname>"
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr "フェイルオーバー"
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different "
+"server if the current server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr "フェイルオーバーの構文"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces "
+"is allowed around the comma. The servers are listed in order of preference. "
+"The list can contain any number of servers."
+msgstr ""
+"サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいく"
+"つでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいく"
+"つでも含められます。"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:16
+msgid ""
+"For each failover-enabled config option, two variants exist: "
+"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
+"that servers in the primary list are preferred and backup servers are only "
+"searched if no primary servers can be reached. If a backup server is "
+"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
+"periodically try to reconnect to one of the primary servers. If it succeeds, "
+"it will replace the current active (backup) server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:27
+msgid "The Failover Mechanism"
+msgstr "フェイルオーバーのメカニズム"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:29
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:42
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30 "
+"seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:47
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_server_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid ""
+"Time in milliseconds that sets how long would SSSD talk to a single DNS "
+"server before trying next one."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:90
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:94
+msgid ""
+"Time in seconds to tell how long would SSSD try to resolve single DNS query "
+"(e.g. resolution of a hostname or an SRV record) before trying the next "
+"hostname or discovery domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:106
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:110
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:123
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout</"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote> which should be larger "
+"than <quote>dns_resolver_server_timeout</quote>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr "ID マッピング"
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:59
+msgid "Mapping Algorithm"
+msgstr "マッピング・アルゴリズム"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:61
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:67
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:73
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:80
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:86
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:101
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):"
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:106
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:111
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 200,000 and going up to "
+"2,000,200,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:117
+msgid "Advanced Configuration"
+msgstr "高度な設定"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:120
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_idmap_range_min (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:123
+#, fuzzy
+#| msgid ""
+#| "Specifies the lower bound of the range of POSIX IDs to use for mapping "
+#| "Active Directory user and group SIDs."
+msgid ""
+"Specifies the lower (inclusive) bound of the range of POSIX IDs to use for "
+"mapping Active Directory user and group SIDs. It is the first POSIX ID which "
+"can be used for the mapping."
+msgstr ""
+"Active Directory ユーザーとグループの SID をマッピングするために使用する "
+"POSIX ID の範囲の下限を指定します。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:129
+msgid ""
+"NOTE: This option is different from <quote>min_id</quote> in that "
+"<quote>min_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>min_id</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139 include/ldap_id_mapping.xml:197
+msgid "Default: 200000"
+msgstr "初期値: 200000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:144
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_idmap_range_max (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:147
+msgid ""
+"Specifies the upper (exclusive) bound of the range of POSIX IDs to use for "
+"mapping Active Directory user and group SIDs. It is the first POSIX ID which "
+"cannot be used for the mapping anymore, i.e. one larger than the last one "
+"which can be used for the mapping."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:155
+msgid ""
+"NOTE: This option is different from <quote>max_id</quote> in that "
+"<quote>max_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>max_id</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:165
+msgid "Default: 2000200000"
+msgstr "初期値: 2000200000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:170
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_idmap_range_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+"各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中"
+"にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:185
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:192
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:202
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_idmap_default_domain_sid (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:205
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:216
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_idmap_default_domain (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:219
+msgid "Specify the name of the default domain."
+msgstr "初期ドメインの名前を指定します。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:227
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_idmap_autorid_compat (論理値)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:230
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+"winbind の <quote>idmap_autorid</quote> アルゴリズムとより同じように振る舞う"
+"ために ID マッピングのアルゴリズムの振る舞いを変更します。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:235
+#, fuzzy
+#| msgid ""
+#| "When this option is configured, domains will be allocated starting with "
+#| "slice zero and increasing monatomically with each additional domain."
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monotonically with each additional domain."
+msgstr ""
+"このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ"
+"ンに単原子的に増加するよう割り当てられます。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:240
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+"注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依"
+"存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なく"
+"とも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、"
+"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ"
+"れます。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:255
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:258
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:279
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:281
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:287
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:290
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:291
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:292
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:293
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:294
+msgid "Mandatory Label Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:295
+msgid "Authentication Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:296
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:297
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:299
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:303
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names can be used to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote>LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, "
+"<quote>MANDATORY LABEL AUTHORITY</quote>, <quote>AUTHENTICATION AUTHORITY</"
+"quote>, <quote>NT AUTHORITY</quote> and <quote>BUILTIN</quote> should not be "
+"used as domain names in <filename>sssd.conf</filename>."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-?</option>,<option>--help</option>"
+msgstr "<option>-?</option>,<option>--help</option>"
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7 include/param_help_py.xml:7
+msgid "Display help message and exit."
+msgstr "ヘルプメッセージを表示して終了します。"
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help_py.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3
+msgid ""
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:10
+msgid ""
+"Please note that each SSSD service logs into its own log file. Also please "
+"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
+"section only enables debugging just for the sssd process itself, not for the "
+"responder or provider processes. The <quote>debug_level</quote> parameter "
+"should be added to all sections that you wish to produce debug logs from."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:18
+msgid ""
+"In addition to changing the log level in the config file using the "
+"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
+"restart, it is also possible to change the debug level on the fly using the "
+"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> tool."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10
+msgid "Currently supported debug levels:"
+msgstr "現在サポートされるデバッグレベル:"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13
+msgid ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
+msgid ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill SSSD, but one that indicates that at least one major "
+"feature is not going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
+msgid ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31
+msgid ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48
+msgid ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53
+msgid ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:81
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x20000</emphasis>: Performance and "
+"statistical data, please note that due to the way requests are processed "
+"internally the logged execution time of a request might be longer than it "
+"actually was."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:88 include/debug_levels_tools.xml:62
+msgid ""
+"<emphasis>10</emphasis>, <emphasis>0x10000</emphasis>: Even more low-level "
+"libldb tracing information. Almost never really required."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:93 include/debug_levels_tools.xml:67
+msgid ""
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:97 include/debug_levels_tools.xml:71
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+"<emphasis>例</emphasis>: 致命的なエラー、重大なエラー、深刻なエラーおよび関数"
+"データをログに取得するには 0x0270 を使用します。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:101 include/debug_levels_tools.xml:75
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+"<emphasis>例</emphasis>: 致命的なエラー、設定値の設定、関数データ、内部制御関"
+"数のトレースメッセージをログに取得するには 0x1310 を使用します。"
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:106 include/debug_levels_tools.xml:80
+msgid ""
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:110 include/debug_levels_tools.xml:84
+msgid ""
+"<emphasis>Default</emphasis>: 0x0070 (i.e. fatal, critical and serious "
+"failures; corresponds to setting 2 in decimal notation)"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr "ローカルドメイン"
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/seealso.xml:4
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ldap-attributes</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-simple</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ad</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase "
+"condition=\"with_files_provider\"> <citerefentry> <refentrytitle>sssd-files</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase "
+"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> "
+"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:3
+msgid ""
+"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
+"for this attribute type."
+msgstr ""
+"オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲お"
+"よび LDAP フィルター。"
+
+#. type: Content of: <listitem><para><programlisting>
+#: include/ldap_search_bases.xml:9
+#, no-wrap
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
+msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:7
+msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:13
+msgid ""
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:23
+msgid ""
+"For examples of this syntax, please refer to the <quote>ldap_search_base</"
+"quote> examples section."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:31
+msgid ""
+"Please note that specifying scope or filter is not supported for searches "
+"against an Active Directory Server that might yield a large number of "
+"results and trigger the Range Retrieval extension in the response."
+msgstr ""
+
+#. type: Content of: <para>
+#: include/autofs_restart.xml:2
+msgid ""
+"Please note that the automounter only reads the master map on startup, so if "
+"any autofs-related changes are made to the sssd.conf, you typically also "
+"need to restart the automounter daemon after restarting the SSSD."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/override_homedir.xml:2
+msgid "override_homedir (string)"
+msgstr "override_homedir (文字列)"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:16
+msgid "UID number"
+msgstr "UID 番号"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:20
+msgid "domain name"
+msgstr "ドメイン名"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:23
+msgid "%f"
+msgstr "%f"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:24
+msgid "fully qualified user name (user@domain)"
+msgstr "完全修飾ユーザー名 (user@domain)"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:27
+msgid "%l"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:28
+msgid "The first letter of the login name."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:32
+msgid "UPN - User Principal Name (name@REALM)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:35
+msgid "%o"
+msgstr "%o"
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:37
+msgid "The original home directory retrieved from the identity provider."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:44
+msgid ""
+"The original home directory retrieved from the identity provider, but in "
+"lower case."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:49
+msgid "%H"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:51
+msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:5
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+"ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提"
+"供できます。テンプレートでは、以下のシーケンスが置換されます: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:63
+msgid "This option can also be set per-domain."
+msgstr "このオプションはドメインごとに設定できます。"
+
+#. type: Content of: <varlistentry><listitem><para><programlisting>
+#: include/override_homedir.xml:68
+#, no-wrap
+msgid ""
+"override_homedir = /home/%u\n"
+" "
+msgstr ""
+"override_homedir = /home/%u\n"
+" "
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:72
+msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:76
+msgid ""
+"Please note, the home directory from a specific override for the user, "
+"either locally (see <citerefentry><refentrytitle>sss_override</"
+"refentrytitle> <manvolnum>8</manvolnum></citerefentry>) or centrally managed "
+"IPA id-overrides, has a higher precedence and will be used instead of the "
+"value given by override_homedir."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/homedir_substring.xml:2
+msgid "homedir_substring (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:5
+msgid ""
+"The value of this option will be used in the expansion of the "
+"<emphasis>override_homedir</emphasis> option if the template contains the "
+"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
+"contain this template so that this option can be used to expand the home "
+"directory path for each client machine (or operating system). It can be set "
+"per-domain or globally in the [nss] section. A value specified in a domain "
+"section will override one set in the [nss] section."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:15
+msgid "Default: /home"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
+msgid "MODIFIED DEFAULT OPTIONS"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ad_modified_defaults.xml:4
+msgid ""
+"Certain option defaults do not match their respective backend provider "
+"defaults, these option names and AD provider-specific defaults are listed "
+"below:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
+msgid "KRB5 Provider"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
+msgid "krb5_validate = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:18
+msgid "krb5_use_enterprise_principal = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ad_modified_defaults.xml:24
+msgid "LDAP Provider"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:28
+msgid "ldap_schema = ad"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
+msgid "ldap_force_upper_case_realm = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:38
+msgid "ldap_id_mapping = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:43
+msgid "ldap_sasl_mech = GSS-SPNEGO"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:48
+msgid "ldap_referrals = false"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:53
+msgid "ldap_account_expire_policy = ad"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
+msgid "ldap_use_tokengroups = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:63
+msgid "ldap_sasl_authid = sAMAccountName@REALM (typically SHORTNAME$@REALM)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:66
+msgid ""
+"The AD provider looks for a different principal than the LDAP provider by "
+"default, because in an Active Directory environment the principals are "
+"divided into two groups - User Principals and Service Principals. Only User "
+"Principal can be used to obtain a TGT and by default, computer object's "
+"principal is constructed from its sAMAccountName and the AD realm. The well-"
+"known host/hostname@REALM principal is a Service Principal and thus cannot "
+"be used to get a TGT with."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ad_modified_defaults.xml:80
+msgid "NSS configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:84
+msgid "fallback_homedir = /home/%d/%u"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:87
+msgid ""
+"The AD provider automatically sets \"fallback_homedir = /home/%d/%u\" to "
+"provide personal home directories for users without the homeDirectory "
+"attribute. If your AD Domain is properly populated with Posix attributes, "
+"and you want to avoid this fallback behavior, you can explicitly set "
+"\"fallback_homedir = %o\"."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:96
+msgid ""
+"Note that the system typically expects a home directory in /home/%u folder. "
+"If you decide to use a different directory structure, some other parts of "
+"your system may need adjustments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ad_modified_defaults.xml:102
+msgid ""
+"For example automated creation of home directories in combination with "
+"selinux requires selinux adjustment, otherwise the home directory will be "
+"created with wrong selinux context."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ipa_modified_defaults.xml:4
+msgid ""
+"Certain option defaults do not match their respective backend provider "
+"defaults, these option names and IPA provider-specific defaults are listed "
+"below:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:18
+msgid "krb5_use_fast = try"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:23
+msgid "krb5_canonicalize = true"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:29
+msgid "LDAP Provider - General"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:33
+msgid "ldap_schema = ipa_v1"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:43
+msgid "ldap_sasl_mech = GSSAPI"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:48
+msgid "ldap_sasl_minssf = 56"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:53
+msgid "ldap_account_expire_policy = ipa"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:64
+msgid "LDAP Provider - User options"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:68
+msgid "ldap_user_member_of = memberOf"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:73
+msgid "ldap_user_uuid = ipaUniqueID"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:78
+msgid "ldap_user_ssh_public_key = ipaSshPubKey"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:83
+msgid "ldap_user_auth_type = ipaUserAuthType"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ipa_modified_defaults.xml:89
+msgid "LDAP Provider - Group options"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:93
+msgid "ldap_group_object_class = ipaUserGroup"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:98
+msgid "ldap_group_object_class_alt = posixGroup"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:103
+msgid "ldap_group_member = member"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:108
+msgid "ldap_group_uuid = ipaUniqueID"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:113
+msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
+#: include/ipa_modified_defaults.xml:118
+msgid "ldap_group_external_member = ipaExternalMember"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/krb5_options.xml:3
+msgid "krb5_auth_timeout (integer)"
+msgstr "krb5_auth_timeout (整数)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:6
+msgid ""
+"Timeout in seconds after an online authentication request or change password "
+"request is aborted. If possible, the authentication request is continued "
+"offline."
+msgstr ""
+"オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトで"
+"す。可能ならば、認証要求がオフラインで継続されます。"
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/krb5_options.xml:17
+msgid "krb5_validate (boolean)"
+msgstr "krb5_validate (論理値)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:20
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed. The keytab is checked for entries sequentially, and the first entry "
+"with a matching realm is used for validation. If no entry matches the realm, "
+"the last entry in the keytab is used. This process can be used to validate "
+"environments using cross-realm trust by placing the appropriate keytab entry "
+"as the last entry or the only entry in the keytab file."
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:29
+msgid "Default: false (IPA and AD provider: true)"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:32
+#, fuzzy
+#| msgid ""
+#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> manual page for more details."
+msgid ""
+"Please note that the ticket validation is the first step when checking the "
+"PAC (see 'pac_check' in the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page for "
+"details). If ticket validation is disabled the PAC checks will be skipped as "
+"well."
+msgstr ""
+"詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> マニュアルページにある "
+"<quote>dns_discovery_domain</quote> パラメーターを参照してください。"
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/krb5_options.xml:44
+msgid "krb5_renewable_lifetime (string)"
+msgstr "krb5_renewable_lifetime (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:47
+msgid ""
+"Request a renewable ticket with a total lifetime, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:52 include/krb5_options.xml:86
+#: include/krb5_options.xml:123
+msgid "<emphasis>s</emphasis> for seconds"
+msgstr "秒は <emphasis>s</emphasis>"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:55 include/krb5_options.xml:89
+#: include/krb5_options.xml:126
+msgid "<emphasis>m</emphasis> for minutes"
+msgstr "分は <emphasis>m</emphasis>"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:58 include/krb5_options.xml:92
+#: include/krb5_options.xml:129
+msgid "<emphasis>h</emphasis> for hours"
+msgstr "時間は <emphasis>h</emphasis>"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:61 include/krb5_options.xml:95
+#: include/krb5_options.xml:132
+msgid "<emphasis>d</emphasis> for days."
+msgstr "日は <emphasis>d</emphasis>"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:64 include/krb5_options.xml:135
+msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
+msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:68 include/krb5_options.xml:139
+msgid ""
+"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
+"and a half hours, use '90m' instead of '1h30m'."
+msgstr ""
+"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に"
+"指定したい場合、'1h30m' の代わりに '90m' を使用します。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:73
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr "初期値: 設定されません、つまり TGT は更新可能ではありません"
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/krb5_options.xml:79
+msgid "krb5_lifetime (string)"
+msgstr "krb5_lifetime (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:82
+msgid ""
+"Request ticket with a lifetime, given as an integer immediately followed by "
+"a time unit:"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:98
+msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
+msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:102
+msgid ""
+"NOTE: It is not possible to mix units. To set the lifetime to one and a "
+"half hours please use '90m' instead of '1h30m'."
+msgstr ""
+"注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に"
+"指定したい場合、'1h30m' の代わりに '90m' を使用してください。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:107
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+"初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初"
+"期値です。"
+
+#. type: Content of: <variablelist><varlistentry><term>
+#: include/krb5_options.xml:114
+msgid "krb5_renew_interval (string)"
+msgstr "krb5_renew_interval (文字列)"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:117
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:144
+msgid "If this option is not set or is 0 the automatic renewal is disabled."
+msgstr ""
+"このオプションが設定されていない場合、または 0 に設定されている場合、自動更新"
+"は無効になります。"
+
+#. type: Content of: <variablelist><varlistentry><listitem><para>
+#: include/krb5_options.xml:157
+msgid ""
+"Specifies if the host and user principal should be canonicalized. This "
+"feature is available with MIT Kerberos 1.7 and later versions."
+msgstr ""
+"ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は "
+"MIT Kerberos 1.7 およびそれ以降で利用可能です。"
+
+#, fuzzy
+#~| msgid "This option is not available in IPA provider."
+#~ msgid "This option is ignored for the files provider."
+#~ msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+
+#, fuzzy
+#~| msgid ""
+#~| "Determines if user credentials are also cached in the local LDB cache"
+#~ msgid ""
+#~ "Determines if user credentials are also cached in the local LDB cache."
+#~ msgstr ""
+#~ "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかど"
+#~ "うかを決めます"
+
+#~ msgid "User credentials are stored in a SHA512 hash, not in plaintext"
+#~ msgstr ""
+#~ "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
+
+#~ msgid ""
+#~ "Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+#~ "which translates to \"the name is everything up to the <quote>@</quote> "
+#~ "sign, the domain everything after that\""
+#~ msgstr ""
+#~ "初期値: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> で"
+#~ "す。\"the name is everything up to the <quote>@</quote> sign, the domain "
+#~ "everything after that\" に解釈されます。"
+
+#~ msgid "The LDAP attribute that corresponds to the group name."
+#~ msgstr "グループ名に対応する LDAP 属性です。"
+
+#~ msgid ""
+#~ "Specifies the upper bound of the range of POSIX IDs to use for mapping "
+#~ "Active Directory user and group SIDs."
+#~ msgstr ""
+#~ "Active Directory ユーザーとグループ SID をマッピングするために使用する "
+#~ "POSIX ID の範囲の上限を指定します。"
+
+#~ msgid "sss_groupmod"
+#~ msgstr "sss_groupmod"
+
+#~ msgid "modify a group"
+#~ msgstr "グループを変更します。"
+
+#~ msgid ""
+#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_groupmod</command> modifies the group to reflect the changes "
+#~ "that are specified on the command line."
+#~ msgstr ""
+#~ "<command>sss_groupmod</command> はコマンドラインにおいて指定された変更を反"
+#~ "映するようグループを変更します。"
+
+#~ msgid ""
+#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+#~ msgstr ""
+#~ "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+
+#~ msgid ""
+#~ "Append this group to groups specified by the <replaceable>GROUPS</"
+#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
+#~ "is a comma separated list of group names."
+#~ msgstr ""
+#~ "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定さ"
+#~ "れたグループに追加します。 <replaceable>GROUPS</replaceable> パラメーター"
+#~ "はグループ名のカンマ区切り一覧です。"
+
+#~ msgid ""
+#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+#~ msgstr ""
+#~ "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+
+#~ msgid ""
+#~ "Remove this group from groups specified by the <replaceable>GROUPS</"
+#~ "replaceable> parameter."
+#~ msgstr ""
+#~ "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定さ"
+#~ "れたグループから削除します。"
+
+#~ msgid "<quote>local</quote>: SSSD internal provider for local users"
+#~ msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
+
+#~ msgid "The local domain section"
+#~ msgstr "ローカルドメインのセクション"
+
+#~ msgid ""
+#~ "This section contains settings for domain that stores users and groups in "
+#~ "SSSD native database, that is, a domain that uses "
+#~ "<replaceable>id_provider=local</replaceable>."
+#~ msgstr ""
+#~ "このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存す"
+#~ "るドメイン、つまり、 <replaceable>id_provider=local</replaceable> を使用す"
+#~ "るドメインに対する設定を含みます。"
+
+#~ msgid "default_shell (string)"
+#~ msgstr "default_shell (文字列)"
+
+#~ msgid "The default shell for users created with SSSD userspace tools."
+#~ msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
+
+#~ msgid "Default: <filename>/bin/bash</filename>"
+#~ msgstr "初期値: <filename>/bin/bash</filename>"
+
+#~ msgid "base_directory (string)"
+#~ msgstr "base_directory (文字列)"
+
+#~ msgid ""
+#~ "The tools append the login name to <replaceable>base_directory</"
+#~ "replaceable> and use that as the home directory."
+#~ msgstr ""
+#~ "ツールがログイン名を <replaceable>base_directory</replaceable> に追加し"
+#~ "て、ホームディレクトリーとして使用します。"
+
+#~ msgid "Default: <filename>/home</filename>"
+#~ msgstr "初期値: <filename>/home</filename>"
+
+#~ msgid "create_homedir (bool)"
+#~ msgstr "create_homedir (論理値)"
+
+#~ msgid ""
+#~ "Indicate if a home directory should be created by default for new users. "
+#~ "Can be overridden on command line."
+#~ msgstr ""
+#~ "初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示しま"
+#~ "す。コマンドラインにおいて上書きできます。"
+
+#~ msgid "remove_homedir (bool)"
+#~ msgstr "remove_homedir (論理値)"
+
+#~ msgid ""
+#~ "Indicate if a home directory should be removed by default for deleted "
+#~ "users. Can be overridden on command line."
+#~ msgstr ""
+#~ "初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示しま"
+#~ "す。コマンドラインにおいて上書きできます。"
+
+#~ msgid "homedir_umask (integer)"
+#~ msgstr "homedir_umask (整数)"
+
+#~ msgid ""
+#~ "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#~ "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
+#~ "permissions on a newly created home directory."
+#~ msgstr ""
+#~ "新規に作成されるホームディレクトリーにパーミッションの初期値を指定するため"
+#~ "に <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+#~ "<manvolnum>8</manvolnum> </citerefentry> により使用されます。"
+
+#~ msgid "Default: 077"
+#~ msgstr "初期値: 077"
+
+#~ msgid "skel_dir (string)"
+#~ msgstr "skel_dir (文字列)"
+
+#~ msgid ""
+#~ "The skeleton directory, which contains files and directories to be copied "
+#~ "in the user's home directory, when the home directory is created by "
+#~ "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum> </citerefentry>"
+#~ msgstr ""
+#~ "ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると"
+#~ "き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクト"
+#~ "リーを含む、スケルトンディレクトリーです。"
+
+#~ msgid "Default: <filename>/etc/skel</filename>"
+#~ msgstr "初期値: <filename>/etc/skel</filename>"
+
+#~ msgid "mail_dir (string)"
+#~ msgstr "mail_dir (文字列)"
+
+#~ msgid ""
+#~ "The mail spool directory. This is needed to manipulate the mailbox when "
+#~ "its corresponding user account is modified or deleted. If not specified, "
+#~ "a default value is used."
+#~ msgstr ""
+#~ "メールスプールディレクトリーです。これに対応するユーザーアカウントが変更ま"
+#~ "たは削除されたとき、これを操作する必要があります。指定されていなければ、初"
+#~ "期値が使用されます。"
+
+#~ msgid "Default: <filename>/var/mail</filename>"
+#~ msgstr "初期値: <filename>/var/mail</filename>"
+
+#~ msgid "userdel_cmd (string)"
+#~ msgstr "userdel_cmd (文字列)"
+
+#~ msgid ""
+#~ "The command that is run after a user is removed. The command us passed "
+#~ "the username of the user being removed as the first and only parameter. "
+#~ "The return code of the command is not taken into account."
+#~ msgstr ""
+#~ "ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメー"
+#~ "ターとして削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮"
+#~ "されません。"
+
+#~ msgid "Default: None, no command is run"
+#~ msgstr "初期値: なし、コマンドを実行しません"
+
+#~ msgid "sss_useradd"
+#~ msgstr "sss_useradd"
+
+#~ msgid "create a new user"
+#~ msgstr "新しいユーザーを作成する"
+
+#~ msgid ""
+#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_useradd</command> creates a new user account using the "
+#~ "values specified on the command line plus the default values from the "
+#~ "system."
+#~ msgstr ""
+#~ "<command>sss_useradd</command> は、コマンドラインにおいて指定された値とシ"
+#~ "ステムの初期値を使用して、新しいユーザーを作成します。"
+
+#~ msgid ""
+#~ "Set the UID of the user to the value of <replaceable>UID</replaceable>. "
+#~ "If not given, it is chosen automatically."
+#~ msgstr ""
+#~ "ユーザーの UID を <replaceable>UID</replaceable> の値を設定します。与えら"
+#~ "れないと、自動的に選択されます。"
+
+#~ msgid ""
+#~ "The home directory of the user account. The default is to append the "
+#~ "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and "
+#~ "use that as the home directory. The base that is prepended before "
+#~ "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
+#~ "baseDirectory</quote> setting in sssd.conf."
+#~ msgstr ""
+#~ "ユーザーアカウントのホームディレクトリーです。初期値は <filename>/home</"
+#~ "filename> に <replaceable>LOGIN</replaceable> の名前を追加して、ホームディ"
+#~ "レクトリーとして使用します。 <replaceable>LOGIN</replaceable> の前につける"
+#~ "ベースは sssd.conf において <quote>user_defaults/baseDirectory</quote> 設"
+#~ "定で変更できます。"
+
+#~ msgid ""
+#~ "The user's login shell. The default is currently <filename>/bin/bash</"
+#~ "filename>. The default can be changed with <quote>user_defaults/"
+#~ "defaultShell</quote> setting in sssd.conf."
+#~ msgstr ""
+#~ "ユーザーのログインシェルです。初期値は現在 <filename>/bin/bash</filename> "
+#~ "です。初期値は sssd.conf において <quote>user_defaults/defaultShell</"
+#~ "quote> で変更できます。"
+
+#~ msgid ""
+#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+#~ msgstr ""
+#~ "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+#~ "replaceable>"
+
+#~ msgid "A list of existing groups this user is also a member of."
+#~ msgstr "このユーザーがメンバーである既存のユーザーの一覧です。"
+
+#~ msgid "<option>-m</option>,<option>--create-home</option>"
+#~ msgstr "<option>-m</option>,<option>--create-home</option>"
+
+#~ msgid ""
+#~ "Create the user's home directory if it does not exist. The files and "
+#~ "directories contained in the skeleton directory (which can be defined "
+#~ "with the -k option or in the config file) will be copied to the home "
+#~ "directory."
+#~ msgstr ""
+#~ "ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オ"
+#~ "プションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファ"
+#~ "イルとディレクトリーがホームディレクトリーにコピーされます。"
+
+#~ msgid "<option>-M</option>,<option>--no-create-home</option>"
+#~ msgstr "<option>-M</option>,<option>--no-create-home</option>"
+
+#~ msgid ""
+#~ "Do not create the user's home directory. Overrides configuration settings."
+#~ msgstr "ユーザーのホームディレクトリーを作成しません。設定を上書きします。"
+
+#~ msgid ""
+#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+#~ "replaceable>"
+#~ msgstr ""
+#~ "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+#~ "replaceable>"
+
+#~ msgid ""
+#~ "The skeleton directory, which contains files and directories to be copied "
+#~ "in the user's home directory, when the home directory is created by "
+#~ "<command>sss_useradd</command>."
+#~ msgstr ""
+#~ "スケルトンディレクトリーです。ホームディレクトリーが "
+#~ "<command>sss_useradd</command> により作成されるとき、ユーザーのホームディ"
+#~ "レクトリーにコピーされるファイルとディレクトリーを含みます。"
+
+#~ msgid ""
+#~ "Special files (block devices, character devices, named pipes and unix "
+#~ "sockets) will not be copied."
+#~ msgstr ""
+#~ "特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよ"
+#~ "び UNIX ソケット) はコピーされません。"
+
+#~ msgid ""
+#~ "This option is only valid if the <option>-m</option> (or <option>--create-"
+#~ "home</option>) option is specified, or creation of home directories is "
+#~ "set to TRUE in the configuration."
+#~ msgstr ""
+#~ "<option>-m</option> (または <option>--create-home</option>) オプションが指"
+#~ "定されたとき、またはホームディレクトリーの作成が設定において TRUE に設定さ"
+#~ "れている場合のみ、このオプションが有効です。"
+
+#~ msgid ""
+#~ "<option>-Z</option>,<option>--selinux-user</option> "
+#~ "<replaceable>SELINUX_USER</replaceable>"
+#~ msgstr ""
+#~ "<option>-Z</option>,<option>--selinux-user</option> "
+#~ "<replaceable>SELINUX_USER</replaceable>"
+
+#~ msgid ""
+#~ "The SELinux user for the user's login. If not specified, the system "
+#~ "default will be used."
+#~ msgstr ""
+#~ "ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの"
+#~ "初期値を使います。"
+
+#~ msgid "sss_groupadd"
+#~ msgstr "sss_groupadd"
+
+#~ msgid "create a new group"
+#~ msgstr "新しいグループを作成する"
+
+#~ msgid ""
+#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_groupadd</command> creates a new group. These groups are "
+#~ "compatible with POSIX groups, with the additional feature that they can "
+#~ "contain other groups as members."
+#~ msgstr ""
+#~ "<command>sss_groupadd</command> が新しいグループを作成します。これらのグ"
+#~ "ループは POSIX グループと互換性があり、他のグループをメンバーとして含めら"
+#~ "れる追加機能と互換性があります。"
+
+#~ msgid ""
+#~ "Set the GID of the group to the value of <replaceable>GID</replaceable>. "
+#~ "If not given, it is chosen automatically."
+#~ msgstr ""
+#~ "グループの GID を <replaceable>GID</replaceable> の値に設定します。与えら"
+#~ "れないと、自動的に選択されます。"
+
+#~ msgid "sss_userdel"
+#~ msgstr "sss_userdel"
+
+#~ msgid "delete a user account"
+#~ msgstr "ユーザーアカウントを削除する"
+
+#~ msgid ""
+#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_userdel</command> deletes a user identified by login name "
+#~ "<replaceable>LOGIN</replaceable> from the system."
+#~ msgstr ""
+#~ "<command>sss_userdel</command> はログイン名 <replaceable>LOGIN</"
+#~ "replaceable> により識別されるユーザーをシステムから削除します。"
+
+#~ msgid "<option>-r</option>,<option>--remove</option>"
+#~ msgstr "<option>-r</option>,<option>--remove</option>"
+
+#~ msgid ""
+#~ "Files in the user's home directory will be removed along with the home "
+#~ "directory itself and the user's mail spool. Overrides the configuration."
+#~ msgstr ""
+#~ "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト"
+#~ "リーとユーザーのメールスプールとともに削除されます。設定が上書きされます。"
+
+#~ msgid "<option>-R</option>,<option>--no-remove</option>"
+#~ msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#~ msgid ""
+#~ "Files in the user's home directory will NOT be removed along with the "
+#~ "home directory itself and the user's mail spool. Overrides the "
+#~ "configuration."
+#~ msgstr ""
+#~ "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト"
+#~ "リーとユーザーのメールスプールとともに削除されません。設定が上書きされま"
+#~ "す。"
+
+#~ msgid "<option>-f</option>,<option>--force</option>"
+#~ msgstr "<option>-f</option>,<option>--force</option>"
+
+#~ msgid ""
+#~ "This option forces <command>sss_userdel</command> to remove the user's "
+#~ "home directory and mail spool, even if they are not owned by the "
+#~ "specified user."
+#~ msgstr ""
+#~ "このオプションは、指定されたユーザーにより所有されていないものさえ、"
+#~ "<command>sss_userdel</command> がユーザーのホームディレクトリーとメールス"
+#~ "プールを削除するよう強制します。"
+
+#~ msgid "<option>-k</option>,<option>--kick</option>"
+#~ msgstr "<option>-k</option>,<option>--kick</option>"
+
+#~ msgid "Before actually deleting the user, terminate all his processes."
+#~ msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。"
+
+#~ msgid "sss_groupdel"
+#~ msgstr "sss_groupdel"
+
+#~ msgid "delete a group"
+#~ msgstr "グループを削除する"
+
+#~ msgid ""
+#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_groupdel</command> deletes a group identified by its name "
+#~ "<replaceable>GROUP</replaceable> from the system."
+#~ msgstr ""
+#~ "<command>sss_groupdel</command> は名前 <replaceable>GROUP</replaceable> に"
+#~ "より識別されるグループをシステムから削除します。"
+
+#~ msgid "sss_groupshow"
+#~ msgstr "sss_groupshow"
+
+#~ msgid "print properties of a group"
+#~ msgstr "グループのプロパティーを表示します"
+
+#~ msgid ""
+#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_groupshow</command> displays information about a group "
+#~ "identified by its name <replaceable>GROUP</replaceable>. The information "
+#~ "includes the group ID number, members of the group and the parent group."
+#~ msgstr ""
+#~ "<command>sss_groupshow</command> はその名前 <replaceable>GROUP</"
+#~ "replaceable> により識別されるグループに関する情報を表示します。情報はグ"
+#~ "ループ ID 番号、グループのメンバーおよび親グループを含みます。"
+
+#~ msgid "<option>-R</option>,<option>--recursive</option>"
+#~ msgstr "<option>-R</option>,<option>--recursive</option>"
+
+#~ msgid ""
+#~ "Also print indirect group members in a tree-like hierarchy. Note that "
+#~ "this also affects printing parent groups - without <option>R</option>, "
+#~ "only the direct parent will be printed."
+#~ msgstr ""
+#~ "ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表"
+#~ "示にも影響を与えることに注意してください - <option>R</option> を指定しない"
+#~ "と、直接の親のみが表示されます。"
+
+#~ msgid "sss_usermod"
+#~ msgstr "sss_usermod"
+
+#~ msgid "modify a user account"
+#~ msgstr "ユーザーアカウントを修正します"
+
+#~ msgid ""
+#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+#~ msgstr ""
+#~ "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+#~ "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+#~ "arg>"
+
+#~ msgid ""
+#~ "<command>sss_usermod</command> modifies the account specified by "
+#~ "<replaceable>LOGIN</replaceable> to reflect the changes that are "
+#~ "specified on the command line."
+#~ msgstr ""
+#~ "<command>sss_usermod</command> は、コマンドラインにおいて指定された変更を"
+#~ "反映するために、 <replaceable>LOGIN</replaceable> により指定されたアカウン"
+#~ "トを変更します。"
+
+#~ msgid "The home directory of the user account."
+#~ msgstr "ユーザーアカウントのホームディレクトリーです。"
+
+#~ msgid "The user's login shell."
+#~ msgstr "ユーザーのログインシェルです。"
+
+#~ msgid ""
+#~ "Append this user to groups specified by the <replaceable>GROUPS</"
+#~ "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
+#~ "is a comma separated list of group names."
+#~ msgstr ""
+#~ "このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定さ"
+#~ "れたグループに追加します。 <replaceable>GROUPS</replaceable> パラメーター"
+#~ "はグループ名のカンマ区切り一覧です。"
+
+#~ msgid ""
+#~ "Remove this user from groups specified by the <replaceable>GROUPS</"
+#~ "replaceable> parameter."
+#~ msgstr "<replaceable>GROUPS</replaceable> "
+
+#~ msgid "<option>-l</option>,<option>--lock</option>"
+#~ msgstr "<option>-l</option>,<option>--lock</option>"
+
+#~ msgid "Lock the user account. The user won't be able to log in."
+#~ msgstr ""
+#~ "ユーザーアカウントをロックします。ユーザーはログインできなくなります。"
+
+#~ msgid "<option>-u</option>,<option>--unlock</option>"
+#~ msgstr "<option>-u</option>,<option>--unlock</option>"
+
+#~ msgid "Unlock the user account."
+#~ msgstr "ユーザーアカウントのロックを解除します。"
+
+#~ msgid "The SELinux user for the user's login."
+#~ msgstr "ユーザーのログインのための SELinux ユーザーです。"
+
+# auto translated by TM merge from project: SSSD, version: rhel-8, DocId:
+# po/sssd
+#~ msgid "Add an attribute/value pair. The format is attrname=value."
+#~ msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。"
+
+# auto translated by TM merge from project: SSSD, version: rhel-8, DocId:
+# po/sssd
+#~ msgid ""
+#~ "Set an attribute to a name/value pair. The format is attrname=value. For "
+#~ "multi-valued attributes, the command replaces the values already present"
+#~ msgstr ""
+#~ "名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持"
+#~ "つ属性の場合、コマンドがすでに存在する値に置き換えられます"
+
+# auto translated by TM merge from project: SSSD, version: rhel-8, DocId:
+# po/sssd
+#~ msgid "Delete an attribute/value pair. The format is attrname=value."
+#~ msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。"
+
+#~ msgid "Default: /etc/krb5.keytab"
+#~ msgstr "初期値: /etc/krb5.keytab"
+
+#~ msgid "memcache_timeout (int)"
+#~ msgstr "memcache_timeout (整数)"
+
+#~ msgid "<option>-f</option>,<option>--debug-to-files</option>"
+#~ msgstr "<option>-f</option>,<option>--debug-to-files</option>"
+
+#~ msgid ""
+#~ "Send the debug output to files instead of stderr. By default, the log "
+#~ "files are stored in <filename>/var/log/sssd</filename> and there are "
+#~ "separate log files for every SSSD service and domain."
+#~ msgstr ""
+#~ "デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログ"
+#~ "ファイルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD "
+#~ "サービスとドメインに対して別々のログファイルがあります。"
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 00:51:08 +0000