yPass.net - The Solaris 8 / OpenLDAP Definitive = Guide

From: Subject: yPass.net - The Solaris 8 / OpenLDAP Definitive Guide Date: Fri, 7 Feb 2003 11:03:49 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----=_NextPart_000_0013_01C2CE98.97AEEE90" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C2CE98.97AEEE90 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.ypass.net/solaris8/openldap/ldapcachemgr.html yPass.net - The Solaris 8 / OpenLDAP Definitive = Guide

UNIX /=20 Solaris 8

Software

Dictionary

BBS=20 Info

LegoRacers

Other=20 Crap

yPass Home > UNIX/Solaris 8 Info = > OpenLDAP with = Solaris=20 8 > LDAP=20 Cache Manager

Intro=20 to LDAP
Security
SchemaReplicat= ion
Gett= ing=20 the Software
= Configuring=20 OpenLDAP
Populatin= g=20 OpenLDAP
C= onfiguring=20 Solaris
LDAP=20 Cache Manager
LDAP=20 Scripts
Solaris=20 = Schemas

Questions? Send me an email at eric@ypass.net and I'll=20 try to help.=20

/usr/lib/ldap/ldap_cachgemgr

5/28/2002 Update:

The bug in nss_ldap = which=20 causes multiple NS_LDAP_SEARCH_DNs to be ignored = when=20 specified on the same line has been fixed. This = means=20 that ldap_cachemgr can be used with LDAP = hierarchies=20 other than ou=3DPeople. Note that I have not = tested the=20 functionality, however Sun specifically = addresses this=20 issue in PatchID=20 #108993-07.=20

This is a very evil, yet oddly helpful = program which=20 has a couple of bugs. As far as I can tell, the=20 ldap_cachemgr serves a few purposes:=20

It caches the contents of the = ldap_client_file and=20 ldap_client_cred file. This is important. See = the bug=20 list of ldap_cachemgr below.=20
It can update the ldap_client_file and=20 ldap_client_cred file automatically based on = profiles=20 which can be stored in the LDAP directory.=20
Assits nscd, and allows regular users to = perform=20 ldap lookups.

Bugs with Solaris = LDAP=20 support as of Solaris maintenance update 4:=20

(This bug is fixed by PatchID = #108993-07 - See=20 above)
If you chose a directory other = than=20 ou=3DPeople, you CAN NOT run ldap_cachemgr. = Doing so=20 will cause major problems. It seems that = ldap_cachemgr=20 can't deal with having both=20 = passwd:(ou=3DSomethingThatsNotPeople,dc=3Dexample,dc=3Dcom)=20 and=20 = shadow:(ou=3DSomethingThatsNotPeople,dc=3Dexample,dc=3Dcom)=20 defined in your ldap_client_file. If you do = try this,=20 ldap_cachemgr will be able to lookup the = passwd=20 information, but it will look for shadow = information=20 under ou=3DPeople regardless of what you = specify. The=20 effect that this has is getspnam() calls, so = your=20 users will have NO password. By no password, I = mean=20 that you can log in as any user without = specifying a=20 password at all.=20
It appears that if ldap_cachemgr is not = running,=20 the contents of the ldap_client_file and=20 ldap_client_cred files are read unbuffered = from disk,=20 1 character at a time. Obviously if your = server is=20 performing massive amounts of LDAP queries, = this can=20 be a problem. Luckily, the operating system's=20 filesystem cache will cache this information.=20

Since the ldap_client_cred file should = only be=20 readable by root (it contains the solaris DN's = bind=20 password), normal users cannot perform directory = server=20 lookups unless there is a go-between from the = user's=20 shell to the ldap server. This go-between is = usually the=20 ldap_cachemgr.=20

If you decide not to run ldap_cachemgr, it is = extremely important that nscd is running. nscd = does a=20 fairly reasonable job accessing the directory = server for=20 standard users.=20

Now that you've heard why not to run = ldap_cachemgr,=20 let's talk about why you should run = ldap_cachemgr. If=20 you have chosen to conform to Sun's ou=3DPeople = style=20 hierarchy for your LDAP schema, you are in luck. = You can=20 store profiles in your LDAP server which hosts = will=20 occasionally check, and if they have been = updated, they=20 will update their cold start config (the=20 /var/ldap/ldap_client_*) files by themselves.=20

To generate this profile, you can use the=20 ldap_gen_profile command. Here is an example=20 ldap_gen_profile command:

ldap_gen_profile =
-P default \
    -a simple \
    -D cn=3Dsolaris,ou=3Dldapusers,dc=3Dviawest,dc=3Dnet \
    -w abc123 \
    -e 3600 \
    -o 30 \
    -b dc=3Dviawest,dc=3Dnet \
    127.0.0.1,192.168.0.1

This specifies (in order):

Authentication method of simple=20
BindDN of=20 = cn=3Dsolaris,ou=3Dldapusers,dc=3Dviawest,dc=3Dnet=20
The bind password is abc123=20
Profile is cached for one hour=20
The search time limit is 30 seconds=20
The base dn is dc=3Dviawest,dc=3Dnet=20
The LDAP servers are 127.0.0.1 and = 192.168.0.1=20

This command will output:

dn: =
cn=3Ddefault,ou=3Dprofile,dc=3Dviawest,dc=3Dnet
    SolarisBindDN: cn=3Dsolaris,ou=3Dldapusers,dc=3Dviawest,dc=3Dnet
    SolarisBindPassword: {NS1}a1ee08dc7d61
    SolarisLDAPServers: 127.0.0.1, 192.168.0.1
    SolarisSearchBaseDN: dc=3Dviawest,dc=3Dnet
    SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
    SolarisTransportSecurity: NS_LDAP_SEC_NONE
    SolarisSearchReferral: NS_LDAP_FOLLOWREF
    SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
    SolarisSearchTimeLimit: 30
    SolarisCacheTTL: 3600
    cn: profile
    ObjectClass: top
    ObjectClass: SolarisNamingProfile

It is important to note that the output of=20 ldap_gen_profile is not a valid LDIF file. You = need to=20 remove the blank spaces at the beginning of the = lines.=20 Now, if you haven't done so already, you'll need = to=20 create the directory inside of the directory = server for=20 ou=3DProfile. So, if we wanted to add this = profile, we=20 would create the LDIF file:

dn: =
ou=3DProfile,dc=3DViawest,dc=3DNet
objectclass: top
objectclass: organizationalUnit
ou: Profile

dn: cn=3Ddefault,ou=3Dprofile,dc=3Dviawest,dc=3Dnet
SolarisBindDN: cn=3Dsolaris,ou=3Dldapusers,dc=3Dviawest,dc=3Dnet
SolarisBindPassword: {NS1}a1ee08dc7d61
SolarisLDAPServers: 127.0.0.1, 192.168.0.1
SolarisSearchBaseDN: dc=3Dviawest,dc=3Dnet
SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
SolarisTransportSecurity: NS_LDAP_SEC_NONE
SolarisSearchReferral: NS_LDAP_FOLLOWREF
SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
SolarisSearchTimeLimit: 3600
SolarisCacheTTL: 3600
cn: default
ObjectClass: top
ObjectClass: SolarisNamingProfile

Save this ldif as profile.ldif and add it to the=20 directory server:

# /etc/init.d/slapd stop
# slapadd -n 1 -l profile.ldif
# /etc/init.d/slapd start

Now, you can easily configure any Solaris 8=20 machine as an LDAP client with the ldapclient = command:

# ldapclient -v -P default -d viawest.net 127.0.0.1

------=_NextPart_000_0013_01C2CE98.97AEEE90 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Location: http://www.ypass.net/images/ypass.question.png iVBORw0KGgoAAAANSUhEUgAAAJAAAAA6CAIAAADQo0dnAAAAK3RFWHRDcmVhdGlvbiBUaW1lAFdl ZCAxIE1heSAyMDAyIDIzOjQ2OjQzIC0wNzAwDQB8TAAAAAd0SU1FB9IFAg81D8gZyGUAAAAJcEhZ cwAACxIAAAsSAdLdfvwAAAAEZ0FNQQAAsY8L/GEFAAAVf0lEQVR42u2ce1CU1xnGj3dEQkCEKqIg XiBe8I4g2E4VrTZabKz31knU2hj9I5o4Jn9kHNMkY0ZNykxnosZoNFUbx1tslSRGwaJtFRsvKEqM IooFLxgjokJA+zt7lm/Pnt3FdfHa8M7OzvLtdznnfd73eZ/3fN9S786dO6LOHrTh5Fu3xKVL4upV ceGCaNZM9OsnGjTw4UwNH/VUfgQGWt9+K9atE2fPiu++k6+UFNGnTx1gj6vdvi3mzxfnzzu2BASI khLRqpUPJ6v/qGfzI7CqKkmDumVlic8+8+1kdRl2n4w0+v57SXc//CD8/MRPfiLfsbIy8Ze/iMpK p50vXxbXrvl2nTrA7oeRQJ9/Lo4eFcXFUlzAeD16iKlTpbg4dkxs3+7mkMhI3y5VB5jXRpaUloqG DSUe9erZN5aXiy+/lDlE0pBkyviMvmjcWGKGMjSSicNTU8Xgwb6Nog4w7+zUKZlDBQUShgkTROfO 9u0bN0q0bt409we8I0ckWnBjTIzIy3N8FREhRo4UzZv7NpA6wFwMFY6E41VYKHGC5aCvzZtloqie FXjeeks0aSIyM8Vf/+pAKzhY1jDLVKHq2VMipAP21FM+oyVqA1hJScnOnTtDQ0MTEhKaNm36SH18 Xw2c0tLEiRNSL2B0SxCgrhrIG14w27ZtkiSVkXmw3Pr1jt1IMgBGgyBGdEOM1PddnPt45J07dy5f vlxZWZmbm3uKMHxSjJJz5YpMGsIfV7q13bvF11/b0RI2UW5oPPDD4/n5kvQsI72M3UjBRo1kklmn svashfmeYfXr1we2srKy+rWIl4dnOO7f/xaHD4uiIvnZ31907y6ee86N+8gwfbkuNFTCozdS0AlH 7djhhBChcOCA03mCgqRKJAUNwMLDazOPuwAGJKRRcXFxaWlpZGSkv79/PZtAKi8vP3DgAGj17ds3 Kirq4fr+Hg1XHjokli0T//2v1NyWHT8u3ydNknlgGRhAd7p16mQCBqeB98mTTrtdvSpfuiE3wIwD DcA6dqzNbO4CWFVV1d69e9977z0IcO7cuSNGjFCAQYOJiYkRERENGz4esoWcwNFkDxH99NNSmFFU lP3tb+KTT9w0qmBDk3T9ulOSuSYEzGZsAS2cAPyejG+Bqls3CS0n5BK6RUfXZqKmu43F+wsXLmzY sGHAgAGxsbEXL15MT09v165dTExMUFBQcHBwrdCiJhP7N27IqKecMEnkE76+1yVRzkAtoTkl5DkV MJAxOGvaNEk+QLJ6tUMawFG69612yjIEgqHRERfGwlJIiMTAgAGE2E6UoAltjpNzwdCNTNMyxqZW QLw2AFFr/TiJsTh5vKKigky6du0aXAfp3bp1a82aNWwcPnz4ypUrV6xYceXKlfj4eDZGR0fXc52t N4a/zp2TK6G8kxA0mEgAyISz0dy89JKjxbEMd9MAXbwowSAbunYVliglzNetE+npUhrolpUl2rcX o0eLLVscaBFe48aJjz5y7NaypTD0LYARAQY8MKpubdvKbNYLGDDQnIHE8uV2piXskpOlpxm2Ab/X flM4AT0ByVnh5mefrQYM6svLy1u1atWhQ4dAgtRBqQcGBhYVFXXu3BmolixZct0WU8eOHcvOzibP fAEMYJYulcUZpxDIejbzmWz4+98dgLEFLDMyxK5d8kD2JykhqJ/+VPz+9zIdUXp/+pNUdAZaovqO BgGhK1gcir9wJf6F1jgDuoMT1gxY69ZmMlGEuLQOGCchd1WvpoyrkGoM2ACMFERetmkj9/cAEidm COCEP/btk4GNsGWwv/mNHLgdsJs3by5btmzdunUTJkwYPXo0+iIgIADYyDa2p6WlXa8eNAlXWFjo 421PoEI0u64LWGY1mEz14EHx5z+LM2ecdiDk6H5+9jPRq5d0UHa2w0F4lny1LDBQTlT3F8mNUCTw 4+NlWOA1g36ZlIoMywhKYDbqHxfiunpXoGSIjivAPPOMPKFBp/z5xz+KefNkvjgbM4Y+CbDcXJGT Iz9YnTo4/eIXsvYxHDtgSPMmTZqEhYVNmzbtGa5UbQcPHly7du13WgNPYvndIws73MF5KiqcNjIE HXsra/Es2WMINmtmoEj87t3r2Ni8uRgyRDKSdR4okeKhe58LETFQHN9Chq1amYBxZjDWxwMMbNGT CSTwX0mJU1rjELbrEhRQqWGA6ip2SMdqHuaCahfggSlIKTge3I2OjqkMGmT3jR2wRo0aderUaevW rdecL0B6ffPNN/oWlH3Xrl196b2Yoes8ExKk361oVYKNtFi8WHpKGS6mDulIM1FGxdl0pPEX/qVt ioyUr759JZswTv2KfObkvP75T1l1fvc7p0UH9a1uLVpIWtZNySLGo58WCoO3rWIJJJRP5WDXNSDO GRbGEVzqxAm5xA9O1HRPfTzh8atfSTpQZgcM9ouLi6Pl2rNnT69evfLz86FBEmu7860BcEpOTgaw u8NDnDIlvMxA1F0iIlpfarOBL8kNnrYGS9oDxtatTnsOHy5rmw4Pkozp6tnDt5yHmVHhEIdKoXF1 kDt92s3w+OrLLyXRkGo6YEZOkygUQt3ortRilW7EFoCp1OQrxgDr2twqJk4Ua9YwvDv+zao6dKro 3KM4+Jm8XY1hEGoZozZKuavBnUlJDi6wAwbRdevWDe2+dOnSQYMGITdSUlKQIdsoGNXGPj169Jgz Z05ISIhHxYEj8DX+Iqs//1wyG/TFfEaOFOPHOzld2CQTUamr3g4d5D6HDztNgiEb4Qcf/uc/Zuog 63n961+SG1NTZVVv107MmiVWrJBh7BrAUA/i0wDMKDn0c+SiblFREgYCizTSR64GTL4mJorp06VI UH8mJd1OTKIyUl6Z1vF9skRxZS81AI4cO1aWY8scsp7KNGrUqJdffvm11157++23U1NTUYO0zPb9 GjZMSEhge79+/Uy0uDiqCQ5mLLAQ36LiIOOVK+2Kiy3UGFUhdIMA9dtIRBEEAmB6mEObkJLFNsoL 7EZ24jiD7DEw4LrEjaK72Fgxe7bUxWvXyqTUYWNU0A1nYGfolEwicRmPERkGSZJzXLd/f5mgaAN1 QnUqvDtihBg2jHkpsUf2EEI0BVwffxDJrnq2BuOs8HpcnNNGpz5s2LBhu3btQiueO3fu/fff79ix Y2hoKFUN0Th48OBXXnklKirKTW4xOkoOjKSM4GJohJOlj3EuM2duhjsAg0TRw4lYUms8XIUU4VRM cckSp4AELaDt00fKMFzmariKzIbukIU7dkjlSZYDBnVlwwZHLWRUlBPauMxMGWdcbuZMJ5pVywI6 OXNdRkgcMDDE3p49spRyOaiCwfTsKc9ZPQQutXOnjB/XoPLSCPJf/9opvUzAgGf69OlZWVm5ubnz 5s1btGjRG2+8cebMmd69e0OGHpkQb5JbhsHQluEsaM11dQB36w6i3oArW/7wB8qyrD0QsiHShE2v E87UEuhu/XrpNYAxKIYLkZQLFjiGQQXFp2BgAYbTCXs6a5X3gGEUMOJJhY5U0w3lDnRg1sIS2MC9 vNwZmCKVONpntLgm5IrbDJc7AYam6NOnz4svvvjuu+8i6N955x0a6oKCgoyMDPqzxMTEDh06uNeH alnaMhiG0NJDBX9lZZlu1VtUPPLLX9rv7A0cKD7+WKJlEY5+IKfClXgCl3EIHEXBR9zqBZKvOLk+ BnCyGExZv372tUdlZJueTFyCthpxhmpgdrR9VER9mbhGA9yf/1yyA6INWlHtzD31rgTGc88J17U/ cwP6fsqUKSUlJR988EF6erpqkE+cOJGZmTlkyJAlS5aEh4e7yTNDvBoqlalyiKGPdcM7sD/iStjW Gj76SMpCNT/OzEsvfohAHAeciBq2E8Y9eshjV61yChHOqXsI8AoLHaMCHgTqP/7h2EJOwwRkIV0P 5EYeEwpspIz4ZIwxJUUCzQChZK5PJSNCmJ+6tVnzsQQt13c1N6u3LVq0gA9JrPXa/dOKioovvvhi 4cKF8+fPf1qJZssAwyBaxeyW4RqFonEU1A8HorugavShigOgstDCxoyRfzqPT847Lc2xhd7LuK3F XNlNT02i3ar4KMOXXpLAw6WMAXTZH8hxElL2/plibvVUhxoC+fztt3K5DclSA1vChEOHOu433AUw YdOEFzV1xJ+Iw6KiorVr1/bv33/06NFmkhkrY2hYazhcVj3i6trivPCCXCLC3fqKAzXJ8jLHUmn0 ZIWQ0dNGe4AP9BUsxpacLGHo0sVUJRzOxuefl3SHPfusLBSADYTVeuHBGbNkNpAC8VyDXGTSoOXp vrR7wGifqWHWn/TUQFVYWPjqq68uWLAA9YgGccJMny1jgbMtp5M6fMtGowOFeeguCXDdwEZfWCEO 1B0TfTbkt7G+pR8CJFQPOA176y2pEhFEnEHFDV+R0NbI4WpeD8XwB2H82Wfy9hzDATwgATyrqVGm tMaAAR7X9N0AhtDYsWNHqSYiQCgiIqJ169aIkblz57755pv0Z04SXwcMb+ouJqL5FlGgL7UJWxPm GtR6WyZszyft3u3Un+J3UkfdpHCtA2xMShKTJ9v/hKhHjZKvR23EIalOf0iLoXxDV4Lo+fBDcyWc FCS9VNvt1twAVlZWlp+ff1tzXPv27ZU4TEpKSktLmz179pw5cxYvXtymTRu53ahhJJN1LCqHKsU7 fKinBYcgJVwFp3EbF4yNO/FA1batnFBqql0ciur2CF1FAtF++fSrkAdhRBR4nDghNm2S9x6UKKYC ILBGjpQJZzhArWr17l3TU1VuALt169b3zk9mPVWNOPBAhvTUSI/ly5cDW6CCSl+/V7dIq4+UtYqB qOVEyxiRQYbKDK4Tzpqez+hsZkwETJkilxvU4jrFnXylSbqX24MP2pgunWR6umzi1YIXw6Q+jB0r c8u4DacMnTRs2F16BzeAIQhvOidqcXHxjRs3Ll++zHtlZWV5eTmw7d27d+LEiXbA3Hpf2MIpNlZ+ gOt0MBiUvohnGb0zmWddnX1gVFKW86DdOZW8Sd7QfkVfBfeDM5VS9C/IILgcHa96enIeTfrb38r6 RF12m0CQPV0llb1mcwNYPZvpW3bv3r1s2bLs7OywsLCmTZs2a9asZcuWtNWO56U8SSxiRglIUkHP MABz+7QXumDWLHnXihRn7AkJ9uWJx94IKmLy8GG5cojKIaWskk13N2SIbG2Itxq4Du6grXAr5XVz 44vGjRs3c5bpR44cef311wcOHIhEpAlrZLMGVqkAXTKcP121KnwsbOyAENfVBPu7/fkGp6LbZHLs DKiqQD5ORrowNIQDSojsuX5dtpdQH0JV3ZbgK/ZRS6FUWzQQBMhciboapgJO6qbXXafrBjAqFoyH UPyhOicQIFSv3Nzc7du3jx071s/Pz+zD1H1YAzD2odEXticDrWf2wJVOknl4erqbo+4aZg8FGCWe eIfleKFvmATdKeWY/CefePEBkHQZK2zLLMwbnGAHeMSbkKMdhS292dMNYE2aNJk5c+ZXX321f/9+ a2P37t3Hjx9PN0bpmjp1anJystOiIhnDyxDuBJhaG2RPUo0/qUO8g4dvDxn46nrld97Vo3XEoWo9 VIHhM2Dwrp6sARskrXq8A13HFtKIbzlQrZao81hKiMlREHgRhyAUEyOVBZ/xh1o39mQWfdBYkl5e /kDCfQ1r0aJFZGSkBRjsl5iYOHnyZN63bNlSUlJyx3jgiWkZHSBG+6dqG+8o2Ydiiq/UU3zQMLUE d6uc4IP6ZQI48eKzunmg7ogpUL0xOIIJQRAhIZLEwIYgRB6RTGhV73sK6jtHIU/o8uPjvT3QfT0H MxKIQpWampqRkXH9+vXo6Gh/f//evXvHxcXVt5l9V+aakSEfXjNunRBmdEUPpiWyCokiK1IBSMgG VU74zFjAjK9ICyu99Hajepr2HzbwosaQ9krfkBxsUcCwESGsFiZQpngZYMgGShRfqUP41odnXDjV tGny12V09t6vi3kUYGAWHh4+Y8aMs2fP5uXlWYv0jY0CQ/u3Zo35sAZij7GoRfr7BxIIqbso6GZe RUXynaJCFQEtfXXXMB0PMgMA8D41lw/4XT2iqNaiVXuCrmNP9VtLpqvIzTdUajDOSYkgQfGW937y CBjpFRsb27x5c0oaKqO127V+YbsbUlpqVwqQMS/6WfRpRERt0LIe4SFLKC0wW36+fPpVPQWm6pDS YzokYKAeHuAFGPAVHg8Ls48LVNhBAcDOKrHUAzUKiZpLzoMwxgOd3pN5pMSgoCDkYnBwcEhICJhR 1dyfgFilO8cxfOjUSTqpdhpP/YIrL0/etQce9Uy366N6arZgQCGhEvBSv9tX91UYDqjw52PWFNwH 8wgYUIFTQEAA1SsnJ8fjo770zi+84P2tWMPUTxRJI1QAfQw48QInpZVJMuvRMfVwLXkDQqBCYKj7 i2whqwgSVX6eiN+q1cY8UiJkeOPGDSpWly5dNm/efPTo0Xbt2rl5PkAxyz2aEtOoZ/rNkyftvySG 94z1YWAAEkKCpOGdBOYDWcX2/7/U8dI8ZhhMeP78eT4MHjx45cqVn376aVJSkkdi9MIAiaRRSwPq cdfCQplJyDklFsBd6S4uQh3u2lWqFrgOCaD68v/77PHGPALWqlWrTZs2IejbtGkzZsyYpUuXnj59 2jfAwEk95r9vn7zXAE7G7w2gNYABofbt5SoOXGet8daZYR69Ak7FxcWXLl0KCwsjyVavXp2Zmdmr Vy8vf8RH0qgFqZwciVNBgZTjyEnVXqvVR8gNouvWTb6sTKpLo5rNo/dRHBUVFSdPnqSGoTtGjRoF K44bN67t3XQoOEF6X38tby5QnyhUVnukntbjBKRRly6yJoHTY7Bw+CSZe8Bu375dWloKYOpRHLJq wIABGzduPHbsWM2AUZM+/NB+f0EtiSrtAE4gRCZFR0uQlOz+0QqH2pgTYJWVlRStgoKC7OxslOGZ M2fUugYlLSYmJioqCsCG0XV5NmCgSqnf1XFoeLjEKS5OQkWfVEd3tTc7YLRZJSUlK1as2LVrF+IQ 5Hr27Llw4cKUlBRhAwyV37179x88/Yip2miV4uNla9WnjwQJEYEup0+qS6b7ZXbA4EA6LQArKyub NGnS+PHjO3furP51CiCBHztERERcu9t/+QOY55+X98I93Qivs1paPbWEwXt5eXlOTg7woDICAgL4 8/jx4/v37z916hSVDKpE1ickJCxatCjA0xMcdfbgzfGDPj8/v77Vj7WcPXt21qxZ27ZtA5v4+Hiq V2hoKE1YgwYNrl69WgfYIzT3KjEwMBCJGBsbO2PGjKFDhwYFBQEVyVdVVRVoPEZfZw/X6tX93/on y+qEwRNm/wNI2wRN/2OpGQAAAABJRU5ErkJggg== ------=_NextPart_000_0013_01C2CE98.97AEEE90 Content-Type: text/css; charset="iso-8859-2" Content-Transfer-Encoding: 7bit Content-Location: http://www.ypass.net/ypass.css TD { FONT-SIZE: smaller; FONT-FAMILY: sans-serif } TD.tiny { FONT-SIZE: 9pt; FONT-FAMILY: sans-serif } TD.white { FONT-SIZE: smaller; COLOR: #fefefe; FONT-FAMILY: sans-serif } A.blacklink { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:visited { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:active { COLOR: #446600; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:hover { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: underline } .whitelink { COLOR: #fefefe; FONT-FAMILY: sans-serif } A.whitelink { COLOR: #fefefe; TEXT-DECORATION: none } A.whitelink:visited { COLOR: #fefefe; TEXT-DECORATION: none } A.whitelink:hover { COLOR: #fefefe; TEXT-DECORATION: underline } A.whitelink:active { COLOR: #a9a9a9; TEXT-DECORATION: none } .bluelink { COLOR: #0000ff; FONT-FAMILY: sans-serif } A.bluelink { COLOR: #0000ff; TEXT-DECORATION: none } A.bluelink:visited { COLOR: #0000ff; TEXT-DECORATION: none } A.bluelink:hover { COLOR: #0000ff; TEXT-DECORATION: underline } A.bluelink:active { COLOR: #a9a9a9; TEXT-DECORATION: none } A { COLOR: #ff0000; TEXT-DECORATION: none } A:visited { COLOR: #ff0000; TEXT-DECORATION: none } A:hover { COLOR: #ff0000; TEXT-DECORATION: underline } A:active { COLOR: #a9a9a9; TEXT-DECORATION: none } ------=_NextPart_000_0013_01C2CE98.97AEEE90--