yPass.net - The Solaris 8 / OpenLDAP Definitive = Guide

From: Subject: yPass.net - The Solaris 8 / OpenLDAP Definitive Guide Date: Fri, 7 Feb 2003 10:54:10 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----=_NextPart_000_000C_01C2CE97.3EB3CEB0" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 This is a multi-part message in MIME format. ------=_NextPart_000_000C_01C2CE97.3EB3CEB0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.ypass.net/solaris8/openldap/configuringsolaris.html yPass.net - The Solaris 8 / OpenLDAP Definitive = Guide

UNIX /=20 Solaris 8

Software

Dictionary

BBS=20 Info

LegoRacers

Other=20 Crap

yPass Home > UNIX/Solaris 8 Info = > OpenLDAP with = Solaris=20 8 > C= onfiguring=20 Solaris

Intro=20 to LDAP
Security
SchemaReplicat= ion
Gett= ing=20 the Software
= Configuring=20 OpenLDAP
Populatin= g=20 OpenLDAP
C= onfiguring=20 Solaris
LDAP=20 Cache Manager
LDAP=20 Scripts
Solaris=20 = Schemas

Questions? Send me an email at eric@ypass.net and I'll=20 try to help.=20

Configuring Solaris

You'll be happy to = know that=20 this is the easy part. Before we get started, do = the=20 following:=20

Make sure ldap_cachemgr is NOT = running.=20 Kill it if it is running by executing:
```
# =
/etc/init.d/ldap.client stop
```
To make sure it doesn't start up when = we're not=20 looking, issue the following command:
```
# =
chmod 444 /usr/lib/ldap/ldap_cachemgr
```
Before re-enabling ldap_cachemgr, you = should read=20 the Notes=20 about ldap_cachemgr

There are = really only=20 two files to create to set up Solaris to query = LDAP. The=20 first file is /var/ldap/ldap_client_file. All of = the=20 Solaris documentation says not to edit the=20 ldap_client_file manually. Don't worry about = that too=20 much for now. See the Notes=20 about ldap_cachemgr. Notice how much i'm = trying to=20 force the ldap_cachemgr information on you. If = you=20 haven't read it by now, you may want to consider = it.=20

For now, we're going to rebel against Sun and = edit=20 this file manually. Here is a sample file: =

#
# Do not edit this file manually; your changes will be lost.Please use =
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION=3D 1.0
NS_LDAP_SERVERS=3D 127.0.0.1:389
NS_LDAP_SEARCH_BASEDN=3D dc=3Dviawest,dc=3Dnet
NS_LDAP_AUTH=3D NS_LDAP_AUTH_SIMPLE
NS_LDAP_TRANSPORT_SEC=3D NS_LDAP_SEC_NONE
NS_LDAP_SEARCH_REF=3D NS_LDAP_FOLLOWREF
NS_LDAP_DOMAIN=3D viawest.net
NS_LDAP_EXP=3D 987802213
NS_LDAP_SEARCH_DN=3D passwd:(ou=3DPeople,dc=3DViaWest,dc=3DNet)
NS_LDAP_SEARCH_DN=3D shadow:(ou=3DPeople,dc=3DViaWest,dc=3DNet)
NS_LDAP_SEARCH_SCOPE=3D NS_LDAP_SCOPE_SUBTREE
NS_LDAP_SEARCH_TIME=3D 30

In order, these mean:=20

NS_LDAP_FILE_VERSION=3D 1.0: Just = the version=20 number of the config file=20
NS_LDAP_SERVERS=3D 127.0.0.1:389: = This is the=20 IP address and port of the LDAP server that = Solaris=20 should use to look up NIS information. You can = specify=20 multiple servers by adding additional = NS_LDAP_SERVERS=20 lines. For example:
```
NS_LDAP_SERVERS=3D =
127.0.0.1:389
NS_LDAP_SERVERS=3D 192.168.0.1:389
```
NS_LDAP_BASEDN=3D = dc=3Dviawest,dc=3Dnet: This=20 specifies the BaseDN of the search which = Solaris uses=20 when looking up NIS domain information.=20
NS_LDAP_AUTH=3D = NS_LDAP_AUTH_SIMPLE: This is=20 the bind authentication method that Solaris = will use=20 to bind to the LDAP server. If you're not sure = what=20 this means, don't change it. Available options = are:=20
- NS_LDAP_AUTH_NONE=20
- NS_LDAP_AUTH_SIMPLE=20
- NS_LDAP_AUTH_SASL_CRAM_MD5=20
- NS_LDAP_AUTH_SASL_GSSAPI=20
- NS_LDAP_AUTH_SASL_SPNEGO=20
- NS_LDAP_AUTH_TLS
NS_LDAP_TRANSPORT_SEC=3D = NS_LDAP_SEC_NONE:=20 This specifies that you will not be using any = type of=20 Transport Layer Security (TLS) for your = directory=20 service lookups. Configuring SSL queries is = beyond the=20 scope of this document. Available options are: =
- NS_LDAP_SEC_NONE=20
- NS_LDAP_SEC_TLS=20
- NS_LDAP_SEC_SASL_INTEGRITY=20
- NS_LDAP_SEC_SASL_PRIVACY
NS_LDAP_SEARCH_REF=3D = NS_LDAP_FOLLOWREF: This=20 tells the Solaris that it should follow = referrals. If=20 you don't know what this means, don't change = this=20 option. Available options are:=20
- NS_LDAP_FOLLOWREF=20
- NS_LDAP_NOREF
NS_LDAP_DOMAIN=3D viawest.net: This = represents the NIS domain of the server. This = MUST be=20 the same as the nisDomain object which you = have in=20 your base.ldif file.=20
NS_LDAP_SEARCH_DN=3D=20 = passwd:(ou=3DPeople,dc=3DViaWest,dc=3DNet): This tells=20 Solaris which BaseDN it should use when = looking up=20 "passwd" entries. Before changing this search = from=20 ou=3DPeople, be sure to read Notes=20 about ldap_cachemgr.=20
NS_LDAP_SEARCH_DN=3D=20 = shadow:(ou=3DPeople,dc=3DViaWest,dc=3DNet): This tells=20 Solaris which BaseDN it should use when = looking up=20 "shadow" entries. Before changing this search = from=20 ou=3DPeople, be sure to read Notes=20 about ldap_cachemgr.=20
NOTE: you can also specify things such as = "group,"=20 "hosts," "ipnodes," and almost any other type = of NIS=20 information found in the nsswitch.conf file. = This=20 configuration is beyond the scope of this = document.=20
NS_LDAP_SEARCH_SCOPE=3D=20 NS_LDAP_SCOPE_SUBTREE: This tells Solaris = to use=20 an LDAP search scope of "subtree." Available = options=20 are:
- NS_LDAP_SCOPE_BASE=20
- NS_LDAP_SCOPE_ONELEVEL=20
- NS_LDAP_SCOPE_SUBTREE
NS_LDAP_SEARCH_TIME=3D 30: This is = the=20 maximum amount of time that Solaris will wait = for a=20 search to return. I haven't fully tested the=20 redundancy in Solaris' nss_ldap, but so far it = seems=20 to work as expected. There will be more on = redundancy=20 later.=20

The next file to create and = edit is the=20 /var/ldap/ldap_client_cred file. Again, Sun = warns us not=20 to edit this file manually, and yet again, we're = not=20 going to heed their warnings (for now).=20

Here is a sample ldap_client_cred file: =

#
# Do not edit this file manually; your changes will be lost.Please use =
ldapclient (1M) instead.
#
NS_LDAP_BINDDN=3D cn=3Dsolaris,ou=3Dldapusers,dc=3Dviawest,dc=3Dnet
NS_LDAP_BINDPASSWD=3D {NS1}a1ee08dc7d61

The NS_LDAP_BINDDN is the DN that Solaris will use=20 to bind to the directory sever. = NS_LDAP_BINDPASSWD is an=20 ENCRYPTED password that Solaris uses when = binding. To generate this password, issue the = following=20 command:

# ldap_gen_profile -P profile -b =
dc=3Dviawest,dc=3Dnet -w abc123 127.0.0.1

That will print out:

dn: =
cn=3Dprofile,ou=3Dprofile,dc=3Dviawest,dc=3Dnet
        SolarisBindPassword: {NS1}a1ee08dc7d61
        SolarisLDAPServers: 127.0.0.1
        SolarisSearchBaseDN: dc=3Dviawest,dc=3Dnet
        SolarisAuthMethod: NS_LDAP_AUTH_NONE
        SolarisTransportSecurity: NS_LDAP_SEC_NONE
        SolarisSearchReferral: NS_LDAP_FOLLOWREF
        SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
        SolarisSearchTimeLimit: 30
        SolarisCacheTTL: 43200
        cn: profile
        ObjectClass: top
        ObjectClass: SolarisNamingProfile

All you need is the "SolarisBindPassword" value=20 for now. This is the "encrypted" version of = "abc123"=20 which we used in our previous example.=20

Finally, we need to add ldap to the=20 /etc/nsswitch.conf file. Open up = /etc/nsswitch.conf, and=20 modify the line for passwd to:

passwd:     =
files ldap

Now, restart nscd:

# /etc/init.d/nscd =
stop
# /etc/init.d/nscd start

Ok, now you should be able to look up POSIX=20 accounts from your LDAP directory. To test this, = try to=20 id a user that is not in your local = passwd file.=20 Another way to test this is with the Solaris=20 listusers. Just type:

# =
/usr/bin/listusers

And you should see a full list of users from the=20 passwd and the ldap directory.=20

Previous: Populatin= g=20 OpenLDAP | Next: LDAP=20 Cache Manager=20 =

------=_NextPart_000_000C_01C2CE97.3EB3CEB0 Content-Type: image/png Content-Transfer-Encoding: base64 Content-Location: http://www.ypass.net/images/ypass.question.png iVBORw0KGgoAAAANSUhEUgAAAJAAAAA6CAIAAADQo0dnAAAAK3RFWHRDcmVhdGlvbiBUaW1lAFdl ZCAxIE1heSAyMDAyIDIzOjQ2OjQzIC0wNzAwDQB8TAAAAAd0SU1FB9IFAg81D8gZyGUAAAAJcEhZ cwAACxIAAAsSAdLdfvwAAAAEZ0FNQQAAsY8L/GEFAAAVf0lEQVR42u2ce1CU1xnGj3dEQkCEKqIg XiBe8I4g2E4VrTZabKz31knU2hj9I5o4Jn9kHNMkY0ZNykxnosZoNFUbx1tslSRGwaJtFRsvKEqM IooFLxgjokJA+zt7lm/Pnt3FdfHa8M7OzvLtdznnfd73eZ/3fN9S786dO6LOHrTh5Fu3xKVL4upV ceGCaNZM9OsnGjTw4UwNH/VUfgQGWt9+K9atE2fPiu++k6+UFNGnTx1gj6vdvi3mzxfnzzu2BASI khLRqpUPJ6v/qGfzI7CqKkmDumVlic8+8+1kdRl2n4w0+v57SXc//CD8/MRPfiLfsbIy8Ze/iMpK p50vXxbXrvl2nTrA7oeRQJ9/Lo4eFcXFUlzAeD16iKlTpbg4dkxs3+7mkMhI3y5VB5jXRpaUloqG DSUe9erZN5aXiy+/lDlE0pBkyviMvmjcWGKGMjSSicNTU8Xgwb6Nog4w7+zUKZlDBQUShgkTROfO 9u0bN0q0bt409we8I0ckWnBjTIzIy3N8FREhRo4UzZv7NpA6wFwMFY6E41VYKHGC5aCvzZtloqie FXjeeks0aSIyM8Vf/+pAKzhY1jDLVKHq2VMipAP21FM+oyVqA1hJScnOnTtDQ0MTEhKaNm36SH18 Xw2c0tLEiRNSL2B0SxCgrhrIG14w27ZtkiSVkXmw3Pr1jt1IMgBGgyBGdEOM1PddnPt45J07dy5f vlxZWZmbm3uKMHxSjJJz5YpMGsIfV7q13bvF11/b0RI2UW5oPPDD4/n5kvQsI72M3UjBRo1kklmn svashfmeYfXr1we2srKy+rWIl4dnOO7f/xaHD4uiIvnZ31907y6ee86N+8gwfbkuNFTCozdS0AlH 7djhhBChcOCA03mCgqRKJAUNwMLDazOPuwAGJKRRcXFxaWlpZGSkv79/PZtAKi8vP3DgAGj17ds3 Kirq4fr+Hg1XHjokli0T//2v1NyWHT8u3ydNknlgGRhAd7p16mQCBqeB98mTTrtdvSpfuiE3wIwD DcA6dqzNbO4CWFVV1d69e9977z0IcO7cuSNGjFCAQYOJiYkRERENGz4esoWcwNFkDxH99NNSmFFU lP3tb+KTT9w0qmBDk3T9ulOSuSYEzGZsAS2cAPyejG+Bqls3CS0n5BK6RUfXZqKmu43F+wsXLmzY sGHAgAGxsbEXL15MT09v165dTExMUFBQcHBwrdCiJhP7N27IqKecMEnkE76+1yVRzkAtoTkl5DkV MJAxOGvaNEk+QLJ6tUMawFG69612yjIEgqHRERfGwlJIiMTAgAGE2E6UoAltjpNzwdCNTNMyxqZW QLw2AFFr/TiJsTh5vKKigky6du0aXAfp3bp1a82aNWwcPnz4ypUrV6xYceXKlfj4eDZGR0fXc52t N4a/zp2TK6G8kxA0mEgAyISz0dy89JKjxbEMd9MAXbwowSAbunYVliglzNetE+npUhrolpUl2rcX o0eLLVscaBFe48aJjz5y7NaypTD0LYARAQY8MKpubdvKbNYLGDDQnIHE8uV2piXskpOlpxm2Ab/X flM4AT0ByVnh5mefrQYM6svLy1u1atWhQ4dAgtRBqQcGBhYVFXXu3BmolixZct0WU8eOHcvOzibP fAEMYJYulcUZpxDIejbzmWz4+98dgLEFLDMyxK5d8kD2JykhqJ/+VPz+9zIdUXp/+pNUdAZaovqO BgGhK1gcir9wJf6F1jgDuoMT1gxY69ZmMlGEuLQOGCchd1WvpoyrkGoM2ACMFERetmkj9/cAEidm COCEP/btk4GNsGWwv/mNHLgdsJs3by5btmzdunUTJkwYPXo0+iIgIADYyDa2p6WlXa8eNAlXWFjo 421PoEI0u64LWGY1mEz14EHx5z+LM2ecdiDk6H5+9jPRq5d0UHa2w0F4lny1LDBQTlT3F8mNUCTw 4+NlWOA1g36ZlIoMywhKYDbqHxfiunpXoGSIjivAPPOMPKFBp/z5xz+KefNkvjgbM4Y+CbDcXJGT Iz9YnTo4/eIXsvYxHDtgSPMmTZqEhYVNmzbtGa5UbQcPHly7du13WgNPYvndIws73MF5KiqcNjIE HXsra/Es2WMINmtmoEj87t3r2Ni8uRgyRDKSdR4okeKhe58LETFQHN9Chq1amYBxZjDWxwMMbNGT CSTwX0mJU1rjELbrEhRQqWGA6ip2SMdqHuaCahfggSlIKTge3I2OjqkMGmT3jR2wRo0aderUaevW rdecL0B6ffPNN/oWlH3Xrl196b2Yoes8ExKk361oVYKNtFi8WHpKGS6mDulIM1FGxdl0pPEX/qVt ioyUr759JZswTv2KfObkvP75T1l1fvc7p0UH9a1uLVpIWtZNySLGo58WCoO3rWIJJJRP5WDXNSDO GRbGEVzqxAm5xA9O1HRPfTzh8atfSTpQZgcM9ouLi6Pl2rNnT69evfLz86FBEmu7860BcEpOTgaw u8NDnDIlvMxA1F0iIlpfarOBL8kNnrYGS9oDxtatTnsOHy5rmw4Pkozp6tnDt5yHmVHhEIdKoXF1 kDt92s3w+OrLLyXRkGo6YEZOkygUQt3ortRilW7EFoCp1OQrxgDr2twqJk4Ua9YwvDv+zao6dKro 3KM4+Jm8XY1hEGoZozZKuavBnUlJDi6wAwbRdevWDe2+dOnSQYMGITdSUlKQIdsoGNXGPj169Jgz Z05ISIhHxYEj8DX+Iqs//1wyG/TFfEaOFOPHOzld2CQTUamr3g4d5D6HDztNgiEb4Qcf/uc/Zuog 63n961+SG1NTZVVv107MmiVWrJBh7BrAUA/i0wDMKDn0c+SiblFREgYCizTSR64GTL4mJorp06VI UH8mJd1OTKIyUl6Z1vF9skRxZS81AI4cO1aWY8scsp7KNGrUqJdffvm11157++23U1NTUYO0zPb9 GjZMSEhge79+/Uy0uDiqCQ5mLLAQ36LiIOOVK+2Kiy3UGFUhdIMA9dtIRBEEAmB6mEObkJLFNsoL 7EZ24jiD7DEw4LrEjaK72Fgxe7bUxWvXyqTUYWNU0A1nYGfolEwicRmPERkGSZJzXLd/f5mgaAN1 QnUqvDtihBg2jHkpsUf2EEI0BVwffxDJrnq2BuOs8HpcnNNGpz5s2LBhu3btQiueO3fu/fff79ix Y2hoKFUN0Th48OBXXnklKirKTW4xOkoOjKSM4GJohJOlj3EuM2duhjsAg0TRw4lYUms8XIUU4VRM cckSp4AELaDt00fKMFzmariKzIbukIU7dkjlSZYDBnVlwwZHLWRUlBPauMxMGWdcbuZMJ5pVywI6 OXNdRkgcMDDE3p49spRyOaiCwfTsKc9ZPQQutXOnjB/XoPLSCPJf/9opvUzAgGf69OlZWVm5ubnz 5s1btGjRG2+8cebMmd69e0OGHpkQb5JbhsHQluEsaM11dQB36w6i3oArW/7wB8qyrD0QsiHShE2v E87UEuhu/XrpNYAxKIYLkZQLFjiGQQXFp2BgAYbTCXs6a5X3gGEUMOJJhY5U0w3lDnRg1sIS2MC9 vNwZmCKVONpntLgm5IrbDJc7AYam6NOnz4svvvjuu+8i6N955x0a6oKCgoyMDPqzxMTEDh06uNeH alnaMhiG0NJDBX9lZZlu1VtUPPLLX9rv7A0cKD7+WKJlEY5+IKfClXgCl3EIHEXBR9zqBZKvOLk+ BnCyGExZv372tUdlZJueTFyCthpxhmpgdrR9VER9mbhGA9yf/1yyA6INWlHtzD31rgTGc88J17U/ cwP6fsqUKSUlJR988EF6erpqkE+cOJGZmTlkyJAlS5aEh4e7yTNDvBoqlalyiKGPdcM7sD/iStjW Gj76SMpCNT/OzEsvfohAHAeciBq2E8Y9eshjV61yChHOqXsI8AoLHaMCHgTqP/7h2EJOwwRkIV0P 5EYeEwpspIz4ZIwxJUUCzQChZK5PJSNCmJ+6tVnzsQQt13c1N6u3LVq0gA9JrPXa/dOKioovvvhi 4cKF8+fPf1qJZssAwyBaxeyW4RqFonEU1A8HorugavShigOgstDCxoyRfzqPT847Lc2xhd7LuK3F XNlNT02i3ar4KMOXXpLAw6WMAXTZH8hxElL2/plibvVUhxoC+fztt3K5DclSA1vChEOHOu433AUw YdOEFzV1xJ+Iw6KiorVr1/bv33/06NFmkhkrY2hYazhcVj3i6trivPCCXCLC3fqKAzXJ8jLHUmn0 ZIWQ0dNGe4AP9BUsxpacLGHo0sVUJRzOxuefl3SHPfusLBSADYTVeuHBGbNkNpAC8VyDXGTSoOXp vrR7wGifqWHWn/TUQFVYWPjqq68uWLAA9YgGccJMny1jgbMtp5M6fMtGowOFeeguCXDdwEZfWCEO 1B0TfTbkt7G+pR8CJFQPOA176y2pEhFEnEHFDV+R0NbI4WpeD8XwB2H82Wfy9hzDATwgATyrqVGm tMaAAR7X9N0AhtDYsWNHqSYiQCgiIqJ169aIkblz57755pv0Z04SXwcMb+ouJqL5FlGgL7UJWxPm GtR6WyZszyft3u3Un+J3UkfdpHCtA2xMShKTJ9v/hKhHjZKvR23EIalOf0iLoXxDV4Lo+fBDcyWc FCS9VNvt1twAVlZWlp+ff1tzXPv27ZU4TEpKSktLmz179pw5cxYvXtymTRu53ahhJJN1LCqHKsU7 fKinBYcgJVwFp3EbF4yNO/FA1batnFBqql0ciur2CF1FAtF++fSrkAdhRBR4nDghNm2S9x6UKKYC ILBGjpQJZzhArWr17l3TU1VuALt169b3zk9mPVWNOPBAhvTUSI/ly5cDW6CCSl+/V7dIq4+UtYqB qOVEyxiRQYbKDK4Tzpqez+hsZkwETJkilxvU4jrFnXylSbqX24MP2pgunWR6umzi1YIXw6Q+jB0r c8u4DacMnTRs2F16BzeAIQhvOidqcXHxjRs3Ll++zHtlZWV5eTmw7d27d+LEiXbA3Hpf2MIpNlZ+ gOt0MBiUvohnGb0zmWddnX1gVFKW86DdOZW8Sd7QfkVfBfeDM5VS9C/IILgcHa96enIeTfrb38r6 RF12m0CQPV0llb1mcwNYPZvpW3bv3r1s2bLs7OywsLCmTZs2a9asZcuWtNWO56U8SSxiRglIUkHP MABz+7QXumDWLHnXihRn7AkJ9uWJx94IKmLy8GG5cojKIaWskk13N2SIbG2Itxq4Du6grXAr5XVz 44vGjRs3c5bpR44cef311wcOHIhEpAlrZLMGVqkAXTKcP121KnwsbOyAENfVBPu7/fkGp6LbZHLs DKiqQD5ORrowNIQDSojsuX5dtpdQH0JV3ZbgK/ZRS6FUWzQQBMhciboapgJO6qbXXafrBjAqFoyH UPyhOicQIFSv3Nzc7du3jx071s/Pz+zD1H1YAzD2odEXticDrWf2wJVOknl4erqbo+4aZg8FGCWe eIfleKFvmATdKeWY/CefePEBkHQZK2zLLMwbnGAHeMSbkKMdhS292dMNYE2aNJk5c+ZXX321f/9+ a2P37t3Hjx9PN0bpmjp1anJystOiIhnDyxDuBJhaG2RPUo0/qUO8g4dvDxn46nrld97Vo3XEoWo9 VIHhM2Dwrp6sARskrXq8A13HFtKIbzlQrZao81hKiMlREHgRhyAUEyOVBZ/xh1o39mQWfdBYkl5e /kDCfQ1r0aJFZGSkBRjsl5iYOHnyZN63bNlSUlJyx3jgiWkZHSBG+6dqG+8o2Ydiiq/UU3zQMLUE d6uc4IP6ZQI48eKzunmg7ogpUL0xOIIJQRAhIZLEwIYgRB6RTGhV73sK6jtHIU/o8uPjvT3QfT0H MxKIQpWampqRkXH9+vXo6Gh/f//evXvHxcXVt5l9V+aakSEfXjNunRBmdEUPpiWyCokiK1IBSMgG VU74zFjAjK9ICyu99Hajepr2HzbwosaQ9krfkBxsUcCwESGsFiZQpngZYMgGShRfqUP41odnXDjV tGny12V09t6vi3kUYGAWHh4+Y8aMs2fP5uXlWYv0jY0CQ/u3Zo35sAZij7GoRfr7BxIIqbso6GZe RUXynaJCFQEtfXXXMB0PMgMA8D41lw/4XT2iqNaiVXuCrmNP9VtLpqvIzTdUajDOSYkgQfGW937y CBjpFRsb27x5c0oaKqO127V+YbsbUlpqVwqQMS/6WfRpRERt0LIe4SFLKC0wW36+fPpVPQWm6pDS YzokYKAeHuAFGPAVHg8Ls48LVNhBAcDOKrHUAzUKiZpLzoMwxgOd3pN5pMSgoCDkYnBwcEhICJhR 1dyfgFilO8cxfOjUSTqpdhpP/YIrL0/etQce9Uy366N6arZgQCGhEvBSv9tX91UYDqjw52PWFNwH 8wgYUIFTQEAA1SsnJ8fjo770zi+84P2tWMPUTxRJI1QAfQw48QInpZVJMuvRMfVwLXkDQqBCYKj7 i2whqwgSVX6eiN+q1cY8UiJkeOPGDSpWly5dNm/efPTo0Xbt2rl5PkAxyz2aEtOoZ/rNkyftvySG 94z1YWAAEkKCpOGdBOYDWcX2/7/U8dI8ZhhMeP78eT4MHjx45cqVn376aVJSkkdi9MIAiaRRSwPq cdfCQplJyDklFsBd6S4uQh3u2lWqFrgOCaD68v/77PHGPALWqlWrTZs2IejbtGkzZsyYpUuXnj59 2jfAwEk95r9vn7zXAE7G7w2gNYABofbt5SoOXGet8daZYR69Ak7FxcWXLl0KCwsjyVavXp2Zmdmr Vy8vf8RH0qgFqZwciVNBgZTjyEnVXqvVR8gNouvWTb6sTKpLo5rNo/dRHBUVFSdPnqSGoTtGjRoF K44bN67t3XQoOEF6X38tby5QnyhUVnukntbjBKRRly6yJoHTY7Bw+CSZe8Bu375dWloKYOpRHLJq wIABGzduPHbsWM2AUZM+/NB+f0EtiSrtAE4gRCZFR0uQlOz+0QqH2pgTYJWVlRStgoKC7OxslOGZ M2fUugYlLSYmJioqCsCG0XV5NmCgSqnf1XFoeLjEKS5OQkWfVEd3tTc7YLRZJSUlK1as2LVrF+IQ 5Hr27Llw4cKUlBRhAwyV37179x88/Yip2miV4uNla9WnjwQJEYEup0+qS6b7ZXbA4EA6LQArKyub NGnS+PHjO3furP51CiCBHztERERcu9t/+QOY55+X98I93Qivs1paPbWEwXt5eXlOTg7woDICAgL4 8/jx4/v37z916hSVDKpE1ickJCxatCjA0xMcdfbgzfGDPj8/v77Vj7WcPXt21qxZ27ZtA5v4+Hiq V2hoKE1YgwYNrl69WgfYIzT3KjEwMBCJGBsbO2PGjKFDhwYFBQEVyVdVVRVoPEZfZw/X6tX93/on y+qEwRNm/wNI2wRN/2OpGQAAAABJRU5ErkJggg== ------=_NextPart_000_000C_01C2CE97.3EB3CEB0 Content-Type: text/css; charset="iso-8859-2" Content-Transfer-Encoding: 7bit Content-Location: http://www.ypass.net/ypass.css TD { FONT-SIZE: smaller; FONT-FAMILY: sans-serif } TD.tiny { FONT-SIZE: 9pt; FONT-FAMILY: sans-serif } TD.white { FONT-SIZE: smaller; COLOR: #fefefe; FONT-FAMILY: sans-serif } A.blacklink { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:visited { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:active { COLOR: #446600; FONT-FAMILY: sans-serif; TEXT-DECORATION: none } A.blacklink:hover { COLOR: #000000; FONT-FAMILY: sans-serif; TEXT-DECORATION: underline } .whitelink { COLOR: #fefefe; FONT-FAMILY: sans-serif } A.whitelink { COLOR: #fefefe; TEXT-DECORATION: none } A.whitelink:visited { COLOR: #fefefe; TEXT-DECORATION: none } A.whitelink:hover { COLOR: #fefefe; TEXT-DECORATION: underline } A.whitelink:active { COLOR: #a9a9a9; TEXT-DECORATION: none } .bluelink { COLOR: #0000ff; FONT-FAMILY: sans-serif } A.bluelink { COLOR: #0000ff; TEXT-DECORATION: none } A.bluelink:visited { COLOR: #0000ff; TEXT-DECORATION: none } A.bluelink:hover { COLOR: #0000ff; TEXT-DECORATION: underline } A.bluelink:active { COLOR: #a9a9a9; TEXT-DECORATION: none } A { COLOR: #ff0000; TEXT-DECORATION: none } A:visited { COLOR: #ff0000; TEXT-DECORATION: none } A:hover { COLOR: #ff0000; TEXT-DECORATION: underline } A:active { COLOR: #a9a9a9; TEXT-DECORATION: none } ------=_NextPart_000_000C_01C2CE97.3EB3CEB0--